Emails will need to be sent from authenticated domains soon.

Major email inbox providers are asking for stronger authentication from February 2024.

Understanding DKIM

DKIM (DomainKeys Identified Mail) is an email authentication method designed to prevent email spoofing. This technique involves sending emails from forged sender addresses.

To implement DKIM, you need to set up two CNAME records with your DNS provider. This involves configuring DKIM records using a public key, allowing email servers (like Gmail) to verify the signature of your sent emails linked to your domain.

Instructions for adding these records can typically be found in the DNS management section of your domain provider's website.

Once you have added these DNS records and they have been verified, the DKIM signature will appear in the headers of your sent emails, corresponding to the configured CNAME entries.

Guide to SPF

SPF (Sender Policy Framework) is a protocol used to verify that an email server is authorized to send emails for a specific domain.

SPF requires configuration for the envelope return path domain, which is the address to which bounced emails are sent. This involves setting up a TXT record in your DNS settings, using a specific value that identifies authorized sending sources.

The process to add SPF records typically involves accessing the DNS management settings of your domain provider and adding a TXT record with the required value.

Once the SPF record is added and verified, email servers processing your sent emails can confirm that the sender is authorized, enhancing the legitimacy and deliverability of your emails.

Guide to DMARC

DMARC (Domain-based Message Authentication, Reporting, and Conformance) is a protocol that provides additional protection against unauthorized use of your email domain.

Configuring a DMARC record helps email providers decide how to handle emails from your domain that fail SPF and DKIM checks. It also offers a reporting mechanism to track the authenticity of emails sent from your domain.

To set up DMARC, add a TXT record in your DNS settings with properties like policy type (p), policy application percentage (pct), and reporting emails (rua, ruf), among others. These properties are typically separated by semicolons and include instructions on how email providers should handle authentication failures.

An example of a DMARC policy could be:

v=DMARC1; p=none;

For a stricter policy, it might look like:

v=DMARC1; p=reject; rua=mailto:report@example.com;

After adding and verifying your DMARC record, email servers can authenticate emails from your domain and handle failures according to your specified policy.