2.5.5.2 Setup DKIM & SPF

The DKIM (DomainKeys Identified Mail) & SPF (Sender Policy Framework) Setup feature in AgencyHandy allows agencies to generate and set up DKIM and SPF records for their workspace. These records help prevent email spoofing and enhance email deliverability by verifying the authenticity of the sender's domain.

Purpose:

Setting up DKIM and SPF records is essential for the following reasons:

  • Email Security: DKIM and SPF records add an extra layer of security to email communications, reducing the risk of email spoofing and phishing attacks.

  • Improved Deliverability: Authenticating emails with DKIM and SPF records improves deliverability by helping service providers identify legitimate emails, reducing the likelihood of emails being marked as spam.

  • Brand Trust: By implementing DKIM and SPF, agencies can build trust with their clients by ensuring that emails from their domain are genuine and trustworthy.

Pre-condition to Use the Feature:

  • Users must have access to the domain's DNS settings to configure DKIM and SPF records.

Here's how to set them up:

DKIM (DomainKeys Identified Mail):

DKIM involves adding cryptographic signatures to your outgoing emails, allowing receiving servers to verify the authenticity of the messages.

  • Generate DKIM keys: Start by generating DKIM keys provided by AgencyHadny. These keys typically consist of a public key and a private key pair. Steps to Use: Workspace Config => Emails => DKIM & SPF Setup => Generate DKIM and SPF records.

  • Log In: Log in to your Cloudflare account and navigate to the DNS settings for your domain.

  • Add SPF Records: Add a new TXT record with the following values: - Type: Write down the type as TXT - Record Name/Name: Copy the name from your SPF Records. - Value/ Content: Copy the value & Paste it to the DNS. - TTL (Time To Live): Set as your provider recommends (2 min)

  • Add DKIM records: AgencyHandy provides 3 DKIM Records. To add them to DNS, follow this step: - Type: Write down the type as CNAME - Record Name/Name: Copy the name from your SPF Records & paste it. - Value/ Content: Copy the value & Paste it to the DNS. - TTL (Time To Live): Set as your provider recommends (2 min)

  • Verify DKIM configuration: Once DKIM records are added, verify the configuration using tools like DKIMValidator or MXToolbox. These tools confirm if your DKIM records are correctly set up for email authentication.

DMARC (Domain-based Message Authentication, Reporting, and Conformance):

DMARC complements DKIM and SPF by providing a policy framework for email authentication and reporting.

  • Create DMARC policy: Define a DMARC policy for your domain. This policy instructs email providers on how to handle emails that fail authentication checks (DKIM and SPF). You can create a DMARC record by adding a TXT record in your domain's DNS settings.

  • The TXT record's value should include your DMARC policy, specifying actions to be taken for emails that fail authentication. Example DMARC record: "v=DMARC1; p=none; rua=mailto:dmarc@example.com; ruf=mailto:dmarc@example.com;" In this example: "v=DMARC1" indicates that this is a DMARC record version 1. "p=none" specifies that emails failing authentication should not be treated differently (you can change "none" to "quarantine" or "reject" depending on your policy). "rua=mailto:dmarc@example.com" specifies where to send aggregate reports (reports on overall email authentication). "ruf=mailto:dmarc@example.com" specifies where to send forensic reports (reports on individual email failures).

  • Add DMARC Records: Add a new TXT record with the following values: - Type: Write down the type as TXT - Record Name/Name: Copy the name from your SPF Records. - Value/ Content: Copy the value & Paste it to the DNS. - TTL (Time To Live): Set as your provider recommends (2 min)

  • Verify DMARC configuration: After adding the DMARC record, verify its configuration using DMARC record checkers like DMARC Analyzer or DMARC Inspector. These tools ensure that your DMARC policy is correctly defined and ready for enforcement.

  • Test Email Deliverability: Send test emails to verify that the DKIM and SPF setup is correctly configured and that emails are delivered without issues.

Once DKIM and DMARC records are properly set up in Cloudflare, regularly monitor their performance and adjust policies as needed to ensure effective email authentication and security for your domain.

Last updated