Send mail from your own domain / SPF / DKIM

From Catglobe Wiki
Revision as of 09:28, 19 October 2021 by Administrator (talk | contribs) (Administrator moved page SPF to Send mail from your own domain / SPF / DKIM)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

SPF record and What is it?

Sender Policy Framework (SPF) is an email validation system designed to prevent email spam. It detects email spoofing, a common vulnerability, by verifying sender IP addresses. This validation lets email providers know that your messages are legitimate and helps them make it into your subscriber’s inbox. Setting up your SPF Record properly is one of the easiest things you can do to ensure your email program’s success.

In order to use a custom domain (not *.catglobe.com), Catglobe requires that you add a Sender Policy Framework (SPF) TXT record to your DNS record to help prevent spoofing. SPF identifies which mail servers are allowed to send mail on your behalf. Basically, SPF, along with DKIM, and other technologies supported by Catglobe help prevent spoofing and phishing. SPF is added as a TXT record that is used by DNS to identify which mail servers can send mail on behalf of your custom domain. Recipient mailsystems refer to the SPF TXT record to determine whether a message from your custom domain comes from an authorized messaging server.

For example, let's say that your custom domain example.com uses Catglobe. You add an SPF TXT record that lists the Catglobe messaging servers as legitimate mail servers for your domain. When the receiving messaging server gets a message from john.doe@example.com, the server looks up the SPF TXT record for example.com and finds out whether the message is valid. If the receiving server finds out that the message comes from a server other than the Catglobe messaging servers listed in the SPF record, the receiving mail server can choose to reject the message as spam.

Also, if your custom domain does not have an SPF TXT record, some receiving servers may reject the message outright. This is because the receiving server cannot validate that the message comes from an authorized messaging server.

Updating your SPF TXT record for Catglobe

Determine what enforcement rule you want to use for your SPF TXT record. We recommend -all

For example, if you are only using Catglobe, that is, you have no on-premises mail servers or hosted mail servers and your domain is example.com, your SPF TXT record for example.com would look like this:

v=spf1 include:spf.catglobe.com -all

For example, if you are using an Office365 solution for Corporate emailing (example.com), and also would like to send out emails from emails behind same domain in Catglobe, your SPF TXT record for example.com would look like this:

v=spf1 include:spf.protection.outlook.com include:spf.catglobe.com -all

If you are using a subdomain under catglobe.com, like example.catglobe.com, you don’t need to add a SPF TXT record for that domain, as that is something we take care of. The SPF TXT record for example.catglobe.com looks like this:

v=spf1 include:spf.catglobe.com -all

Once you have formed your SPF TXT record, you need to update the record in DNS. You can only have one SPF TXT record for a domain. If an SPF TXT record exists, instead of adding a new record, you need to update the existing record.

To validate your SPF record is set up properly. There are lots of tools to check your SPF Record.For example, the Kitterman SPF Validation Tool which can be found at: http://www.kitterman.com/spf/validate.html 

If needed, contact your DNS host provider for help with adding a record in your DNS.

To learn more about SPF records see this page: https://www.openspf.org/FAQ/Examples

DKIM and what is it?

DKIM is a way of 'signing' emails to prove they came from you. It is a form of email authentication that works via a digital signature and makes it easier to identify spoofed emails. The sending mail server signs the email with the private key, and the receiving mail server uses the public key in the domain's DNS information to verify the signature. One domain can have several DKIM keys publicly listed in DNS, but each matching private key is only on one mail server.

In order to set this up, it is necessary to create a CNAME DNS record like this:

zeroone._domainkey.example.com dkim01.catglobe.com


If you want to have your own custom signature: Contact support to know exactly which "key" and value to use for your domain. This requires a TXT record like this

key._domainkey.example.com k=rsa; p=T11SDrr7676GSDFDSFsfIIBCgKCAQEA5+M3HMz75NwSTgEzxV+ZgGvmadskfjTUOSF334+5YygQbgSbSRRltGpkFqeGICtzBzfXhpVvuCFXWDVWRFG1h83i5hdWtlLygCInU4yjm7gy7KjVSrFEMaTsgH4Qza8SBizb1SlFlvwaL2DSDSFS776asfsaDASDASDASdsa


Finishing / It still doesn't work?

After you have setup your DNS, support still needs to validate and configure the final step, so please contact them to finalize!