We all know spam is a problem… especially when spammers use your email address to fake the “from” address in their spam emails. There are several tools to combat this problem.
- Send Policy Framework (SPF) – A setting you can make in your DNS records to specify which servers are authorized to send mail on your behalf.
- Domain Keys Identified Mail (DKIM) – A mail host-dependent feature which adds a signature to your outgoing mail, and goes along with a setting in your DNS records so that receivers can verify that an email is legitimate and that it has not been modified in transit.
- Domain Message Authentication Reporting & Conformance (DMARC) – Tells receivers what to do with unauthorized emails, as well as provides reports on email failures.
Sample SPF records:
v=spf1 include:emailsrvr.com include:sendgrid.net -all
spf2.0/pra a mx ptr include:emailsrvr.com include:sendgrid.net -all
The all setting is an important aspect of the record and has the following basic markers:
- -all – Any server not previously listed is not authorized to send email, no questions asked.
- ~all – If mail is received from a server that is not previously listed, it is marked as a soft fail, which allows the email to be scrutinized further.
- +all – Allow any server to send email from your domain. Naturally, you should never use this option.
Good article: Demystifying the DMARC Record
Another good one: Quick Start Guide
Check DMARC record: Proofpoint DMARC Check
Sample DMARC record: v=DMARC1; p=none;