SPF/DKIM for dummies

simon66 · August 23, 2023, 5:24pm

Hi,

I use my domain for personal email only. A few emails have been rejected recently because I don’t have SPF/DKIM. I’ve done some searching but would appreciate an idiots guide to set this up simply/least cost please! TIA.

DarkDeviL · August 23, 2023, 6:02pm

What you can / cannot do in regards to e.g. DKIM and SPF highly depends on how you are sending your emails, such as for example which email provider you use and the capabilities they provide.

It would be more wise to talk to your email provider, ask them if they do DKIM signing, and have them help you enable it, if they do, and then add the DKIM (as a TXT record ending in ._domainkey.example.com, if you send from email addresses ending in @example.com).

For SPF, you would normally add an include in your SPF record, for example “include:_spf.google.com” if you use Google Workspace, or “include:spf.protection.outlook.com”, if you use Microsoft Office 365.

You would for example use “v=spf1 include:_spf.google.com -all” as the SPF record, if you send solely through Google Workspace.

If we should be able to dig in to it, together with you, … what can you explain to us?

Can we start with:

Domain name?
Which email provider do you use?
Regarding the email rejection, what exact rejection error code / message did you receive?

simon66 · August 30, 2023, 3:37pm

Hi,

Thank you! I’m with 1and1, the domain in st16 co uk

Here is the error…

SMTP error from remote server for TEXT command, host: gmail-smtp-in.l.google com (108.177.15.27) reason: 550-5.7.26 This mail is unauthenticated, which poses a security risk to th
e
550-5.7.26 sender and Gmail users, and has been blocked. The sender must
550-5.7.26 authenticate with at least one of SPF or DKIM. For this message
,
550-5.7.26 DKIM checks did not pass and SPF check for [st16 co uk] did not
pass
550-5.7.26 with ip: [212.227.17.13]. The sender should visit
550-5.7.26 for
550 5.7.26 instructions on setting up authentication. l18-20020a5d52720000
00b0031411c0b42esi2941286wrc.458 - gsmtp

DarkDeviL · August 30, 2023, 6:49pm

Add a TXT record, with this information:

Type: TXT
Name: @
Content: v=spf1 include:_spf-eu.ionos.com -all
TTL: Preferably set it to something like 12-24 hours, as mail related records likely do not change that often.

→ https://dash.cloudflare.com/?to=/:account/:zone/dns/records

If the magic link above is not enough for you, there’s a tutorial for adding DNS records over here:

simon66 · August 30, 2023, 7:05pm

Thanks. Appreciate it. I’ll give it a go.