Shared Hosting for Everyone, imagined by developers, for developers.Discovering the Public Cloud
Here are three methods for authenticating your e-mails and thereby reducing abusive e-mail use (spam, phishing, etc.).
SPF makes a TXT type DNS request to the sender’s domain ("MAIL FROM” in the message headers) to find out the list of servers allowed to send e-mails and compare it with the IP address of the sender’s server.
|A||An IN A (or AAAA) record that can be resolved as the sender’s address|
|MX||A Mail eXchanger record pointing to the sender’s address|
|EXISTS||The domain is resolved at any address|
|INCLUDE||An included rule passes the test|
|PTR||The IP address domain corresponds to the specified domain and the latter points to the IP in return|
|~||Slight “SOFTMAIL” failure (e-mail accepted but marked)|
|-||Total failure (e-mail normally rejected)|
|exp=some.example.com||To get the reason for the failure results|
|redirect=some.example.com||To link to a rule record in another domain|
An SPF record is created by default and can be found in the DNS records tab for the domain:
This explicitly allows our servers to send e-mails and sends a neutral result for the other sender servers.
This technology may have an impact on e-mail redirects: as the sender server is not necessarily the e-mail server belonging to the original e-mail sender.
DKIM is used to authenticate the domain name by adding a signature to all of the outgoing e-mails.
To generate a pair of keys, go to Domains > Details for the relevant domain name > Configuration.
A TXT record will then be created and can be found in the DNS records tab:
DMARC is a protocol that standardizes authentication by telling the addressees what actions to take should one of the authentication methods fails. It will check that:
To use DMARC, DKIM and SPF must already be implemented.
|v||Protocol version: v=DMARC1 (required)|
|pct||Percentage of messages to filter (default: 100)|
|adkim||Coherency with DKIM|
|s = strict mode - the DKIM signature domain must precisely match the FROM|
|r = relax mode (default)|
|aspf||Coherency with SPF (s or r)|
|p||Procedure in case of failure - main domain (required)|
|none = delivers the e-mail normally|
|quarantine = treats the e-mail as suspect (spam score, flag, etc.)|
|reject = rejects the e-mail|
|sp||Procedure in case of failure - subdomain (none, quarantine or reject)|
|ruf||Addressee for the detailed failure reports|
|fo||Conditions for sending a detailed report|
|1 = DKIM and/or SPF failure|
|d = DKIM failure|
|s = SPF failure|
|0 = DKIM and SPF failure (default)|
|rua||Destination for aggregated failure reports|
To implement it, a TXT record needs to be created in the DNS records tab for the domain:
Explanatory diagrams reused from Global Cyber Alliance