Preparing to configure SPF and DMARC Mail Sender Authentication for outgoing messages

In order for the remote mail server to be able to perform message authentication when the message sender is Kaspersky Secure Mail Gateway (authentication of the sender of outgoing messages), you have to add the SPF and DMARC records to the settings of your DNS server.

To add SPF and DMARC records to the settings of your DNS server:

  1. Sign in to your DNS server under the administrator account.
  2. Locate the page with information on updating DNS records of the domain for whose addresses you want to configure Mail Sender Authentication for outgoing messages.

    For example, this page can be named "DNS Management", "Name Server Management", or "Advanced Settings".

  3. Find records in TXT format for the domain for whose addresses you want to configure Mail Sender Authentication for outgoing messages.
  4. In the list of records in TXT format, add the SPF record for a certain domain with the following contents:

    <name of the domain for whose addresses you want to configure SPF Mail Sender Authentication for outgoing messages> IN TXT "v=<SPF version> +all>"

    For example, you can add the following string:

    example.com IN TXT "v=spf1 +all"

    For details on configuring settings of the SPF record, see the RFC 7208 document.

  5. In the list of records in TXT format, add the DMARC record for a certain domain with the following contents:

    _dmarc.<name of the domain for whose addresses you want to configure DMARC Mail Sender Authentication for outgoing messages>. IN TXT "v=<DMARC version>; p=<action that the remote mail server will perform on all email messages that do not satisfy the DMARC requirements>;"

    For example, you can add the following string:

    _dmarc.example.com. IN TXT "v=DMARC1; p=quarantine;"

    See DMARC documentation for details on configuring settings of the DMARC record.

  6. Save changes.

The syntax of the sample SPF and DMARC records is provided for purposes of adding it to the settings of a BIND DNS server. The syntax of the SPF and DMARC records to be added to other DNS servers may differ slightly from the examples provided.

See also

General protection settings

About computer protection against certain legitimate applications

Configuring the Anti-Virus module

Configuring URL Advisor

Configuring the Anti-Spam module

Configuring the Anti-Phishing module

Configuring Content Filtering

Configuring external services

Page top