HOW TO SETUP SPF AND DOMAIN KEY RECORDS TO PREVENT SPAM
Spam and phishing have been an age-long problem to the internet and its users. However, significant solutions such as SPF and DKIM have been introduced to tackle this mail impersonation problem.
The SPF (Sender Policy Framework) record is a DNS TXT entry that allows email admins to specify authorized mail senders, simply by creating rules with IPs, domains or MX records.
The DKIM (DomainKeys Identified Mail) record is another DNS TXT entry that is used to provide a digital cryptographic signature on outgoing mails headers and supply the public key via the authorized domain DNS.
These DNS records are very helpful in preventing spam, spoofing or phishing because, they help receiving mail servers to verify the authenticity of incoming mails and control blacklisting as well as, manage delivery to Spam box.
How to Setup SPF record
An SPF record value is made up of strings which represents the following
• Record Identifier: TXT records can be used to setup numerous rules and entries. Hence, for the DNS to identify the entry as an SPF record, the value must begin with “v=spf1”.
• Mechanism(s): This specifies the set of hosts or outbound mailers that are designated as authorized. The SPF record mechanism commands are
• Qualifiers: This is a special character that determines what action should be taken if the mechanism is matched. There are four Qualifiers for SPF records that can be used as prefixes to Mechanisms and they include:
• Modifiers: This are optional commands that can be used to establish SPF rules such as redirections and lots more.
Here is a sample of an SPF record value
The sample record sets an SPF rule that will allow mails sent from the hosts specified in the domain MX records while the Qualifier (~), known as a “Soft Fail”, specifies that if the address failed the test, but the result is not definitive; the mail should be accepted and tagged as non-compliant mail.
Multiple mechanisms can be used on a single SPF record based on your desired rule. This online tool can help you to automatically generate an SPF record for your domain.
Once you’ve gotten an SPF record, follow the steps below to add it to your domain DNS:
1. Sign in to your Z.COM account using your username and password
2. Click on “DNS” from the top navigation bar:
3. Click the “ + Domain” button (a) to add the domain name to the DNS list
4. Enter the domain name (b) whose DNS zone you wish to add the TXT record, then, click “Save” (c):
5. Click on the newly added domain (d) from the list to open its DNS record section
6. Click the pencil icon (e) to make the record editable:
7. You can now add the SPF record, using the following details after clicking the “+” icon beneath the NS records:
Type: TXT (SPFs are added as TXT records)
Name: @ (@ is an alias of the primary domain, using zmydomain.com for an example)
TTL: 3600 (This is the default Time-to-Live before connection time-out)
Value: v=spf1 mx ~all (This is a sample SPF record value as shown above)
8. Kindly allow about 30 minutes for automatic DNS propagation and that’s all for SPF records.
How to Setup DKIM record
The DKIM record is a bit more technical as it requires a selector or key, private key and a public key which are used in setting up the DNS and Mail server records.
To avoid improper configuration, Z.COM helps its customers to setup DKIM for their domains upon requests. However, if you intend to use a custom DKIM record, then, navigate to your domain DNS records as shown in the steps above and put in the following details:
• Type: TXT
• Name: yourSelector._domainkey (Ensure you put in the dot. Also, “_domainkey” is a fixed component, so don’t modify, change or remove it.)
• TTL: 3600
• Value: =DKIM1; k=rsa; p=yourPublicKey (There are different encryption methods which may have you modify “k=rsa”)
Here is an example of a DKIM record on our DNS:
Feel free to contact our support team to assist you with setting up the private key for your DKIM record.
It is also important to note that DNS propagation takes about 30 minutes and in few cases, it can take up to 48 hours. If this duration is exceeded, then, you can contact our support team for further assistance.