Email Authentication & Spam Protection
DMARC-SPF-DKIM
How to setup Email Authentication, Security, Spam & Phishing Protection
Email Protection
Is your email secured with all the correct deliverability policies?
DKIM, DMARC & SPF are the three requirements.
Check your business email domain using: dmarcian.com/domain-checker/
DKIM DMARC SPF
Ensure email deliverability and security for your business by implementing DKIM, DMARC and SPF in your server configuration. Since April 2024 these policies are now a requirement to ensure compliance with companies like Google, Microsoft and Yahoo. This also helps to prevent abuse of your business domain and users accounts.
In addition you can add a email filtering service like Microsoft Defender for exchange, Mimecast, FortiMail or Proofpoint for the highest level of protection.
From the 1st of April 2024 all companies will need to comply.
Otherwise there will be a loss of emails to/from various domains.
DKIM DMARC SPF
Email Authentication
IMPORTANT: As we end 2024 – So many companies have not complied with this regulation and it causes emails to be silently deleted. So if a compliant email address sends to a non complaint address – these emails will not be delivered when the sender has 100% compliance setup.
It is a daily problem and everyone needs to take action!
Email authentication settings ensures that your emails get delivered into inboxes and not spam boxes. It also helps to protect your domain from being used for outbound spam by scammers or spammers.
Did you know that all email addresses that have their own domain name need to be configured and authenticated for SPF, DKIM and DMARC to ensure validated delivery for the new 2024 global compliance requirements.
If you wonder why your emails are frequently going to other peoples spam boxes, not being delivered or being marked as a ‘risk to view’ or have ‘warning’ alerts – then you need to get your email authentication setup correctly.
A simple configuration reduces the risk of hackers spoofing your email address and ruining your business reputation which can be difficult to recover from.
If you need to get your domains email secured, then give IT Pro Expert a call and we can will gladly assist you with this process.
Following the requirements will help to reduce and block Spam, Spoofing, Fraud and Phishing.
Never bulk email from your domain name if you want to ensure deliverability in the future. Always use a different domain or sub domain to do this.
When enough people in a larger receiving group like Gmail tag your emails as spam, you will continue to have deliverability issues.
Check if your email is DMARC, SPF and DKIM compliant: dmarcian.com/domain-checker/
Also read our article on the 2024 Email Authentication Requirements for all businesses: https://itproexpert.com/new-email-sending-requirements-2024/
DKIM, SPF and DMARC allow internet mail services to verify that a sender is authorized to send email from your domain. It helps to block third parties from sending emails using your domain name and pretending to be you.
Domain Keys Identified Mail (DKIM)
DKIM sends an encryption key and digital signature which verifies emails are not faked or have been tampered with during its journey from sender to receiver.
Sender Policy Framework (SPF)
SPF provides the origin data behind an email message. This includes the IP address sender and the mail server that is connecting to the client. SPF allows domain owners to configure which email servers are authenticated to send their messages.
Domain-based Message Authentication, Reporting and Conformance (DMARC)
DMARC primary email authentication enforcement system. DMAC unifies SPF and DKIM components into a functional solution. It also allows you to set a permanent pass, quarantine or delete on any unauthenticated emails.
Configuring all of these components is a difficult task, requires complex DNS configuration, testing and can easily be misconfigured by an inexperienced users causing email outages or dropped emails.
A guide for IT companies that use Microsoft 365 Platforms – Please follow these instructions:
1: Open your DNS configuration website. Typically this is where the domain name was purchased and go to DNS configuration.
At the same time open your 365 Admin configuration (admin.microsoft.com) for the same domain and log in.
2: DKIM
Firstly it is helpful to use the 365 admin link below to get started:
https://admin.microsoft.com/AdminPortal/?searchSolutions=DKIM#/homepage
Run the diagnostic test or follow these instructions.
That should lead you to the following setup procedure or just follow along with this link:
https://security.microsoft.com/dkimv2
Now look at the list of ‘DomainKeys Identified Mail (DKIM)’ list of domain names and click the line with the domain you are trying to setup.
You should see a right side pop up appear and the option to enable.
If you have DKIM already Enabled on the 365 admin DKIM page side panel – Disable it for 5 minutes and then re-activate it otherwise it will fail to give you the right settings. (No need to rotate keys)
You will get 2 new DNS records which you will need to enter as ‘CNAME’ entries: (Use TTL 3600 if asked)
First entry example:
Host: selector1._domainkey
Value: selector1-THISISPROVIDEDBYMICROSOFT01e._domainkey.THISISPROVIDEDBYMICROSOFT.onmicrosoft.com.
Second entry example:
Host: selector2._domainkey
Value: selector2-THISISPROVIDEDBYMICROSOFT01e._domainkey.THISISPROVIDEDBYMICROSOFT.onmicrosoft.com.
3: DMARC
Add the following to DNS “TXT” records to get DMARC working but of course change the example email address to one of your own:
host: _dmarc
v=DMARC1; p=reject; pct=100; rua=mailto:email@mydomainname.com; ruf=mailto:email@mydomainname.com; fo=1
* Advanced user details on DMARC options: https://mxtoolbox.com/dmarc/details/dmarc-tags
4: SPF
To get your SPF working well you also need to insert a new “TXT” record in the DNS like this:
v=spf1 include:spf.protection.outlook.com -all
If you have multiple email engines like hubspot then do it like this:
host: @
value: v=spf1 include:spf.protection.outlook.com include:1234567.spf01.hubspotemail.net ~all
5: Finally run a check using: https://dmarcian.com/domain-checker/ and make sure all 3 DKIM, DMARC and SPF are working.
Your results should look like this:
Email Authentication
Please feel free to contact us for any additional services not listed on this page or if you have any queries that we can help with. Our sales lines are open 9:30 to 5:30 and critical support services are available 24/7