If you have a domain name and hosting service, you can create a corporate email based on your domain name and use this email for correspondence.
Many users face a problem after creating an email account—the letters sent to the recipient are often filtered and identified as spam. As a result, the letters can either be totally rejected by the recipient’s server or can be sent to the spam section.
To mitigate the risks of emails being spammed or even exclude this problem altogether, you, as the owner of the domain name, must raise the level of trust among the servers-recipients of emails that come from your domain name.
This can be done by setting special DNS records in the TXT record format.
SPF record or Sender Policy Framework
This record is generally created with two objectives in mind:
- to identify the structure of letter sending policy from your domain name;
- restriction of sending emails from your domain name from suspicious servers.
In other words, in the given record you identify the servers (IP or hostname), from which you allow letters to be sent from the name of your domain name.
This record doesn’t require additional setup on the server and only carries the information about the trusted servers of the sender using your domain name. For the SPF record to work, you need to have it in DNS.
Example of a record:
@.example.ltd TXT "v=spf1 +mx +ip4:192.168.0.1 +a:domain.ltd include:mail.domain.ltd ~all"
Let’s decipher the given record according to the tags:
v – current version of SPF;
mx – contains all addresses of servers, which are specified in MX records of the domain;
ip4 – gives the opportunity to specify the exact IP address or the network of addresses;
a – indicate the behavior in the case when a letter is received from a specific domain;
include – includes hosts allowed by the SPF record of the specified domain;
all – all other servers that are not listed in SPF records;
+ – if no other parameters are set, then it’s Pass;
- – Decline (Fail)
~ – mild rejection (SoftFail). The letter will be received but it will be marked as spam;
? – neutral attitude.
To generate SPF records, you need to use the control panel you are using on the hosting. You can learn how to generate and add a record correctly if you read thе article "How to Generate SPF Record with the Help of a Control Panel"
DKIM record or Domain Keys Identified Mail
This record is created with an aim to increase the quality of classification and identification of letters sent from the domain name.
When using the DKIM record, in the heading of the letter, a digital signature is added which is connected to the domain name. The ideology of this method lies in the server-recipient which has a possibility to additionally check whether the key corresponds to the domain name that is used to send letters.
The setup of the DKIM record is somewhat complicated. You need to generate two unique keys (private and public) for the domain name. The private key is kept on the server. The public key is added in the form of the DNS record. When the letter is received, the server of the recipient checks whether the keys correspond.
Example of a record:
default._domainkey.example.ltd TXT “v=DKIM1; k=rsa; t=s; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzUfmyTiGh/EJmUBaeFz9JD6C4YVMd4dr5i4o//FMoqmP/gLmtelJLfY3RYyLeZhUIXyibGUoZlzQG5CqjuabZEkIzsRLic1OYm7o3Al0J/wZuVQ076G0zXzE5u1DPzBAkjgVWM5ANkNz89WAD7y9mzQH4++g/bPy6fvXojUTDjLTmW1IJ+ieo/TdjrKFaAtunrtqOeu2v8tgzqzrOwJW+fC2P4Olad1VAuGrU68akNDkYx3pQf/v/GGniMOmB6IHeKC1F935OnkTI3rq4/kk3KSpbeBXfBBKU71avOx4fx74GVCdxpQpUvxR+3gVb14wb5fzTr2FPVKAhm9A02Wk8wIDAQAB;”
Let’s decipher the record using tags:
default – selector. You can indicate several records with different selectors. Each record will contain its own key;
v – DKIM version, which always has the v=DKIM1 value;
k – type of key, always k=rsa;
p – public key coded in base64;
t – flags:
t=y – testing mode;
t=s – means that the record will be used only for the domain which the record refers to.
You can generate DKIM keys in the control panel, which you use on the hosting. You can read how to generate and add the record correctly in thе article "How to Generate a DKIM Record with the Help of a Control Panel" ?
DMARC record or Domain-based Message Authentication, Reporting and Conformance
The DMARC record is created to set up the standard for the identification of emails by the servers of the recipient using the method of SPF and DKIM records.
In other words, it’s something like settings over the SPF and DKIM records. The DMARC record allows you to check the authenticity of messages and identify what servers-recipients should do with suspicious inbox messages, which didn’t pass the check-up of SPF and DKIM.
DMARC record doesn’t require additional tuning on the server, but it requires there be SPF and DKIM records for the domain name. For the DMARC records to work, it must be in DNS. And there should be SPF and DKIM for the domain name.
In control panels, there isn’t a generator of the DMARC record since this record looks like this in 95% of cases (based on the example.ltd domain name example):
_dmarc.example.ltd TXT "v=DMARC1; p=none; sp=none;"
Let’s decipher the DMARC record according to tags:
v - technology version, acquires the v=DMARC1 value;
p - can acquire the none, quarantine or reject values;
p=none - only report preparation;
p=quarantine - define the letter into quarantine on the mail server of the recipient (roughly - place into spam);
p=reject - reject the letter;
sp - is responsible for subdomains and also accepts values just like the p tag.
In fact, you can use many more parameters in the DMARC record. You can find a more detailed list of all parameters and the principle of their work on the internet.
PTR record or Pointer
The PTR record is created to connect the IP address and canonical domain name of the server, where the given IP is located.
In other words, reverse mapping of IP addresses in the hosts’ names or the name of the IP address in the DNS system.
PTR record is considered one of the prioritized and compulsory records when the check-up is performed on the servers-recipients side. The main condition for a successful email check-up is the PTR check-up.
Roughly, there’s a check-up whether the letter was really sent from the server the IP of which is specified in the header of the letter.
This is how it should work:
- there is a letter from [email protected] from the server with IP 192.168.0.1;
- the PTR is checked for IP 192.168.0.1 to define whether it corresponds to the example.ltd name;
- The IP for example.ltd is checked to define whether it corresponds to 192.168.0.1.
In the given case, the check-up is successful and the check-up of other DNS records such as SPF | DKIM | DMARC starts.
If there is a mismatch in the IP or domain name, the letter will be rejected in 65% of cases without additional check-ups.
The PTR record is tuned on the network owner’s side (the IP owner).
If you have a service of dedicated IP or the VPS | VDS service, you can set up PTR according to these instructions.
