Preparing to configure SPF and DMARC message authentication for outgoing messages

In order for the remote mail server to be able to perform message authentication when the message sender is Kaspersky Secure Mail Gateway (authentication of the sender of outgoing messages), you have to add the SPF and DMARC records to the settings of your DNS server.

To add SPF and DMARC records to the settings of your DNS server:

  1. Sign in to your DNS server under the administrator account.
  2. Locate the page with information on updating DNS records of the domain for whose addresses you want to configure authentication of senders of outgoing messages.

    For example, this page can be named "DNS Management", "Name Server Management", or "Advanced Settings".

  3. Find records in TXT format for the domain for whose addresses you want to configure authentication of senders of outgoing messages.
  4. In the list of records in TXT format, add the SPF record for a certain domain with the following contents:

    <name of the domain for whose addresses you want to configure SPF authentication of the sender of outgoing messages> IN TXT "v=<SPF version> +all>"

    For example, you can add the following string:

    example.com IN TXT "v=spf1 +all"

    See Document RFC 4408 for details on configuring settings of the SPF record.

  5. In the list of records in TXT format, add the DMARC record for a certain domain with the following contents:

    _dmarc.<name of the domain for whose addresses you want to configure DMARC authentication of the sender of outgoing messages>. IN TXT "v=<DMARC version>; p=<action that the remote mail server will perform on all email messages that do not satisfy the DMARC requirements>;"

    For example, you can add the following string:

    _dmarc.example.com. IN TXT "v=DMARC1; p=quarantine;"

    See DMARC documentation for details on configuring settings of the DMARC record.

  6. Save changes.

The syntax of the sample SPF and DMARC records is provided for purposes of adding it to the settings of a BIND DNS server. The syntax of the SPF and DMARC records to be added to other DNS servers may differ slightly from the examples provided.

See also

Message authentication

Connecting to a DNS to perform message authentication

Enabling and disabling SPF message authentication

Enabling and disabling DKIM message authentication

Enabling and disabling DMARC message authentication

Enabling and disabling message authentication for a rule

Configuring detection of TempError and PermError during message authentication

Configuring additional DMARC message authentication settings for a rule

Configuring additional SPF message authentication settings for a rule

Configuring additional DKIM message authentication settings for a rule

Configuring tags added to message subjects after SPF message authentication

Configuring tags added to message subjects after DKIM message authentication

Configuring tags added to message subjects after DMARC message authentication

Configuring actions on messages during DMARC, SPF and DKIM message authentication

Page top