General information
What is it?
In simple terms, SPF is one of the types of records in your domain’s DNS. The entry implements a mechanism for authenticating the message, by checking the sender’s server. The setting will be effective when DKIM is configured and will allow you to configure the DMARC, which is described below.
DMARC is an entire specification created by a group of organizations. Like other records and signatures, it is designed to reduce the amount of spam and phishing emails. Thanks to other records, DMARC helps to exclude the situation when the letter comes from a supposedly familiar sender, but in fact from a foreign (fraudulent?) server.
Can you please be more precise?
Of course. Sender Policy Framework (SPF) is an extension for the protocol for sending email through SMTP. SPF is defined in RFC 7208. With SPF, you can check whether the sender’s domain is tampered with. SPF allows the domain owner, in the TXT record corresponding to the domain name, to specify the list of servers that have the right to send email messages with return addresses in this domain. Mail transfer agents that receive email messages can request SPF information using a simple DNS query, thereby verifying the sender’s server.
Domain-based Message Authentication, Reporting and Conformance (DMARC) is a technical specification created by a group of organizations designed to reduce the number of spam and phishing emails based on the identification of the sender’s email domains based on the rules and attributes specified on the recipient’s mail server. That is, the mail server itself decides whether a message is good or bad (say, based on the policies above) and acts according to the DMARC records.
For SPF, a special entry is registered in the DNS of the X domain, which lists the servers that have the right to send return-path messages to the X domain. Thus, to send messages from your servers, a person must have access to the DNS domain of X , to register the necessary servers.
DMARC checks the correspondence of the sender’s domain (FROM), as well as the return-path domain and DKIM. In order to pass the DMARC test, you must at least match the sender’s domain (FROM) and (return-path). That is, you must correctly configure the SPF.
Pros of using SPF and DMARC
The record data is a logical continuation of the vector you took when setting up the DKIM signature. Together with it, they provide deeper protection from forgery of your emails.
In addition to the advantages that DKIM provides, with these entries you can choose what to do with the emails when there is a mismatch: deliver to inbox, deliver to spam or reject at the reception stage. Thus, DMARC helps to eliminate the situation when the email comes from a supposedly familiar sender, but actually from someone else’s (not authorized by you) server.
To whom is the setting available?
All letters have SPF, but the entry is common for all users of the service. This allows you to get a good basic level of protection against forgery of the letter.
How to connect?
If this happens to you, contact our support team.
Create mail and write to support
Create a new email address on your domain. This should be a separate address that will not be used for mailing. It will receive messages about non-existent subscribers (addresses entered erroneously, abandoned boxes, etc.). To configure and operate the system we need access to this box: IMAP server, login and password.
Write to us. The easiest way to do this is directly from your private office.
In the query subject, specify: “Configure SPF and DMARC“. In the message itself, you must specify:
- Your login
- Your domain for which you want to set up records
- Mail address for spf (the address must be on the domain from the previous item)
- IMAP server
- Login and password from this mail
In our case it will look like this:
“Please configure SPF and DMARC for the domain -” my_domain “
login: my_login
domain: my_site.com
e-mail for SPF: spf@my_site.com
IMAP: imap.my_hoster.com
login / password: my_login / my_password »
Get a response and add one entry
Records are configured primarily on the side of our service, but some actions should be performed by you. And so, having received your message with the initial data, our programmers will make the necessary settings. In the response message we will ask you to make some settings on your hosting, for example:
“Write the following entry in the DNS editor on your hosting for the domain my_site.com:
your.site in TXT “v = spf1 a mx ~ all”
After that you need to go to your hosting and add this record.
On the hosting it will look something like the screenshot below. Approximately, because the control panels of different hosting sites may differ, but the meaning of where and what to write will be clear to you from this screenshot.
Report that the records are ready
After you make the settings described above, let us know by return email. We will activate the necessary settings from our side. And we will ask you to register one more final record in DNS.
Wait for the answer and finish setting
After we activate the necessary settings for our part, we shall ask you to register one more final record in the DNS.
It will look something like this:
The settings are almost complete. We did our part for everything that was required. Remained the last entry. In the DNS editor on your hosting for the domain my_site.com, write the following entry:
_dmarc.my_site.com IN TXT «v = DMARC1; p = reject; sp = reject; adkim = relaxed; aspf = relaxed »
What should I do next?
Connect “Postmaster Tools” from Gmail.