Help with SPF and DKIM records

dash-dns
#1

Hi,

I know enough to get myself in trouble and prefer to avoid trial by error with my issue hence why I am seeking help.

I use my domain mainly for email, I have had it forever. of late people have been telling me that they do not receive my emails or they get flagged as spam. upon further investigation, I looked into authenticating my domain. It looks like I have old SPF and DKIM records from mandril which I no longer use anymore (maybe that is part of the issue?)

please advise ways to authenticate my domain? also, how do I properly set up DKIM and SPF, generate new appropriate records and am I even barking up the right tree?

thanks

#2

It’s a good idea to start off with relaxed or none policies as opposed to quarantine or reject to verify everything is working as intended.

A great tool to get you started is located here. https://www.mail-tester.com/ simply send an email using the address they provide and read their recommendations.

Once you have that information, create a DMARC record. Here is a tool for that. https://dmarcian.com/dmarc-record-wizard/

Now for DKIM, it’s a bit trickier. It needs to be installed on the server or provided by the hosting company. If you have cPanel, it may be located under Email > Security. You may also find a suggested SPF record there too. Once you have all this, be sure to add it to your Cloudflare DNS records.

#3

I would also recommend dmarcian’s monitoring service for your “report email”. The emails themselves are pretty unreadable without using a service like that to parse and aggregate the reports.

1 Like
#4

Nothing worse then the smell of XML in the morning. :slight_smile: Also, Report URI https://report-uri.com/products/dmarc_monitoring has a shiny new DMARC reporting tool.

#6

I have legacy mandril records for SPF and DKIM would you recommend I delete them?

#7

There is also this tool, which does a weekly report. Then there is Report URI’s version that @Withheld mentioned.

#8

Are you still using Mandrill and do you use any other mail services?

#9

godaddy

not using mandril

#10

Then remove the Mandrill records, you don’t need them anymore.

Mandrill isn’t hosting though, it’s for e-mail services.

#11

done, thxs.

will look at the other recommendations as well.

#12

I have gotten my score up on mail tester, thanks.

Godaddy does not support DKIM
We do not offer a feature for using DKIM email authentication

and my dns is hosted with cloudflare and I dont see any records for DKIM. it says my DKIM is not valid?

#13

correct and since you’re not using Mandrill, you can delete their DKIM record or other references to them in DMARC.

#14

While this doesn’t directly affect your email reputation, you may be blacklisted if someone is able to send mail from the same GoDaddy server as your email (since SPF would validate it).

If budget allows, I would highly recommend GSuite, which directly supports all email security practices and will likely increase your reputation.

#15

godaddy does offer exchange

I guess that is an option as well

#16

If considering O365 solutions, I’d get it directly from Microsoft or Rackspace if you’d like to pay a little more for even better support.

closed #17

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.