Setting up email authentication for your domain name is important. It helps ensure that your emails reach their intended recipients, reduces the likelihood of them being flagged as spam and mitigates against spoofing attacks (people sending emails that look like they’re from you when they’re not).
The setup process is quick and fairly easy. It simply consists of adding a few DNS records to your domain name which tell a recipient’s email service provider where you will send emails from, if and how your sending email server will sign these messages and provides them with a hint on what to do with emails that don’t comply with these policies.
There are two different DNS records to setup, the examples below explain how to configure SPF and DKIM to authenticate emails sent from your Public Internet email server or your website that we host (for example through a Contact Us form).
Sender Policy Framework (SPF)
Adding an SPF DNS record allows receiving email servers to lookup a list of IP addresses that are allowed to send emails from your domain name. The DNS record should be installed at the root of your domain name.
If your domain name does not already have an SPF record configured and you are also sending emails from services not provided by Public Internet then your should add the following record:
@ IN TXT "v=spf1 include:_spf.pblin.net ?all"
This identifies a list of Public Internet servers (include:_spf.pblin.net) which are allowed to send email from your domain and sets a neutral policy (?all) for emails that do not comply. The neutral policy is advisable if you do not already have an SPF record setup as it will prevent emails sent from other services you may be using from being blocked.
If your domain name does not already have an SPF record configured and you are certain that you are not sending emails from services not provided by Public Internet then you should add the following record:
@ IN TXT "v=spf1 include:_spf.pblin.net -all"
This record identifies the same list of Public Internet servers but sets a fail policy (-all) for emails that don’t comply. This instructs recipient email servers that they should block non-compliant messages.
You may already have an SPF record setup on your domain. If this is the case, you should just add the include:_spf.pblin.net section to the existing record. Your domain name should only ever contain a single SPF record:
@ IN TXT "v=spf1 include:_spf.pblin.net include:spf.protection.outlook.com -all"
This record identifies Public Internet’s servers and Microsoft’s Office 365 servers as valid senders and sets a fail policy (-all) for emails that don’t comply.
DomainKeys Identified Mail (DKIM)
DKIM is an alternative authentication strategy to SPF. Where SPF identifies servers that you expect to send emails from based on their IP addresses, DKIM publishes public keys that allow receiving email servers to verify that messages carry a cryptographic signature from the sending server and have not been modified in transit.
Creating and adding DKIM records is complex and error prone. To simplify the setup for your Public Internet email or web hosting service, you only need to add two CNAME DNS records to your domain name:
pblin1._domainkey IN CNAME pblin1.dkim.mail.pblin.net.
pblin2._domainkey IN CNAME pblin2.dkim.mail.pblin.net.
These records can co-exist with any other DKIM records that are already setup on your domain name and other email providers’ DKIM records should not be removed or modified. All emails sent via Public Internet’s servers are automatically signed with these keys on your behalf.