Preparing to configure SPF and DMARC Mail Sender Authentication for outgoing messages
July 10, 2024
ID 102273
If you want the remote mail server to be able to perform message authentication when the message sender is KSMG (sender authentication of outgoing messages), you must add the SPF and DMARC records to the settings of your DNS server.
To add SPF and DMARC records to the settings of your DNS server:
- Sign in to your DNS server under the administrator account.
- Locate the page with information on updating DNS records of the domain for whose addresses you want to configure Mail Sender Authentication for outgoing messages.
For example, this page can be named "DNS Management", "Name Server Management", or "Advanced Settings".
- Find records in TXT format for the domain for whose addresses you want to configure Mail Sender Authentication for outgoing messages.
- In the list of records in TXT format, add the SPF record for a certain domain with the following contents:
<name of the domain for whose addresses you want to configure SPF Mail Sender Authentication for outgoing messages> IN TXT "v=<SPF version> +all>"
For example, you can add the following string:
example.com IN TXT "v=spf1 +all"
For details on configuring settings of the SPF record, see the RFC 7208 document.
- In the list of records in TXT format, add the DMARC record for a certain domain with the following contents:
_dmarc.<name of the domain for whose addresses you want to configure DMARC Mail Sender Authentication for outgoing messages>. IN TXT "v=<DMARC version>; p=<action that the remote mail server will perform on all email messages that do not satisfy the DMARC requirements>;"
For example, you can add the following string:
_dmarc.example.com. IN TXT "v=DMARC1; p=quarantine;"
See DMARC documentation for details on configuring settings of the DMARC record.
- Save changes.
The syntax of the sample SPF and DMARC records is provided for purposes of adding it to the settings of a BIND DNS server. The syntax of the SPF and DMARC records to be added to other DNS servers may differ slightly from the examples provided.