There are three kinds of rules for DNS that help us prevent email forgery and spam:
- SPF: allows us to appoint the IP addresses (servers) that are allowed to send email for our domain. If a third-party server sends an email claiming to be from our domain, its IP address won't be on the list of authorized senders, so the destination servers can reject it.
- DKIM: uses public-key cryptography to enable recipients to test whether it was actually you who actually sent a message. The servers receiving email from your domain will check the DNS entries and if they find a DKIM public key, they'll verify that the messages are signed with your key.
- DMARC: this standard allows us to say what we want the recipient servers to do in case that the SPF and DKIM validation fails. The three options are to just collect the information, to quarantine mail or just reject it.
SPF and DMARC rules are the same for most of our users and you may find them in this related article. They don't change because they depend mostly on the servers and hosting. However, the keys for DKIM are unique for each email domain, so the DNS records will vary.
When you sign up for email at Libnamic Hosting, we generate a private and public key pairs for DKIM. Our team configures it for you when you purchase the domain with us, but some manual action will be required to do it with an external domain.
Related: DNS settings for external domains
Check this article on how to configure the DNS records to make external domains work with Libnamic Hosting. You'll find the data for MX, SPF and DMARC rules and examples of how to configure them with other providers.
How to obtain my DKIM rule?
The DKIM key and DNS rule can be found in the email administration panel. To see this information, log in with the email account that is the administrator of your domain and then navigate to domains and click on the details button.
If it's the first time, you'll have to click on the "Generate keys" button, at the top right corner:
Then you'll find the DNS record, ready to copy and paste into your domain provider's DNS control panel.
You'll have to set up a TXT record with the values:
- Subdomain/host: dkim._domainkey
- Time to live (TTL): you can live the standard value that your provider uses by default. Otherwise, we recommend using a long enough time, like 6 hours.
- Value: The content between the double quotes. Something like:
v=DKIM1; k=rsa; p=MIGXXXXXXXXXXXXXXXXXX...