×
Created with ZedIndex

Sending secure e-mails with SPF and DKIM

Last updated: July 18, 2023

Sending secure and legitimate e-mails requires additional settings when e-mail and application are not on the same domain. You should at least add SPF records, and in addition, you can use DKIM.

What is SPF?

SPF (Sender Policy Framework – Wikipedia) is an e-mail authentication standard that protects you from spam, spoofing, and phishing. You can provide a public list of trusted senders that are allowed to send e-mail from your domain. Receiving servers use this list to cross-check that the server that originated the e-mail has permission to send on your domains’ behalf.

By adding an SPF record to your Domain Name System (DNS), you can provide a public list of senders that are approved to send e-mail from your domain. Receiving servers can then cross-check that e-mail originated from a server with permission to send on your domains’ behalf.

Without adding the SPF records, there is a good chance that a large part of the e-mails will be marked as SPAM.

What is DKIM?

DKIM DomainKeys Identified Mail – Wikipedia) is an e-mail security standard for signing e-mails. It is used for detecting if an e-mail is altered in transit between the sending and receiving e-mail servers.

The sending server uses public-key cryptography for signing e-mails with a private key. The receiving server then uses a public key published to the DKIM’s domain to verify the source of the message, and that the received e-mail didn’t change since it was signed. Once the signature is verified with the public key by the recipient server, the message passes DKIM and is considered authentic.

Setting up SPF and DKIM

Customers relying on CE-iT to host MA!N should set up SPF, and preferably also DKIM. To do this you can follow these steps:

  1. Provide CE-iT with the domain (e.g., companyname.com) that you want to use for sending e-mails.
  2. CE-iT sends you an e-mail with IP addresses and 2 DKIM keys for each domain.
  3. Your company adds the IP addresses and DKIM keys to your companies DNS (Domain Name System – Wikipedia).
  4. Inform CE-iT that step 3 is completed.
  5. CE-iT verifies step 3 and sets up the cloud for e-mail.

We recommend that you test the setup by sending an e-mail to an internal and personal e-mail address. Please contact our support in case the e-mails are still marked spam.