These are my notes on DKIM (Domain Keys) and SPF DNS records. These help prevent sending of spam from your server and allows the remote end to verify that the email you sent is from you. There is also DMARC to help prevent spam.
DKIM and SPF
- DKIM (this says this is the authoritative domain) and SPF (rules which says who can send emails form this domain) – you should enable these to prevent emails being sent from outlook being lists as spam. It is not manadatory. I fyou have this enabled then you really should add a rule in for outlook.com (details to follow)
- Enabling DKIM and SPF should reduce the number of failed delivery notifications you receive when spammers forge messages from your domain(s). These features also work to prevent spammers from forging messages that claim to be from your domain(s).
From http://webx.net/dkim-spf-email-authentication-cpanel/
DKIM
- DKIM (DomainKeys Identified Mail) is a means of verifying incoming email. It ensures that incoming messages are unmodified and from the sender from whom they claim to be. Technically DKIM provides a method for validating a domain name identity that is associated with a message through cryptographic authentication. For more information please visit http://www.dkim.org
From http://webx.net/dkim-spf-email-authentication-cpanel/
SPF
- SPF (Sender Policy Framework) system allows you to specify servers and IP addresses that are authorized to send mail from your domain(s). This feature works to prevent outgoing spam messages using your domain from other computers and servers. If someone tries to send emails spoofing your domain in their email address, the receiving servers will check if you authorized them to send email – failing which such spam will be rejected.
From http://webx.net/dkim-spf-email-authentication-cpanel/ - Needed to help prevent emails getting tagged as spam
- oThere is a possibility if you set your spf to be restrictive you cannot send emails from outlook.com I think it is check-auth@verifier.port25.com that does not like to many emails in a short period rather that outlook checking spf before sending
- Port25.com also caches the DNS response so it is not great for quick updates.
- The failed error messages do not come from outlook when sending via an alias but from your own server.
- ~ALL
- This setting allows emails to soft fail a spam test and some servers allow these sorts of email through because even thought it has not come from a explicitly name server or IP it will let it through. Not sure of the use of this.
- Allows emails to be sent from outlook.com (not sure about this).
- –ALL
- This setting ensures that only authorised domainds or IPs are allowed to send your emails.
- Prevents emails to be sent from outlook.com (not sure about this).
- on my server if you do not have spf.mfilter.dimenoc.com added into ‘Include List (INCLUDE) and the –ALL setting on SPF validation will fail (check this). the ~ALL will do a softfail which is not as bad
- my current SPF record is below and set to use hardfail for best results.
v=spf1 +a +mx +ip4:185.38.45.194 +include:spf.mfilter.dimenoc.com -all
- Outlook.com
- v=spf1 include:spf.protection.outlook.com –all / spf.protection.outlook.com - not tried yet
- When sending emails from a 3rd party email address from outlook.com (ie.e you own server) outlook.com uses your own server to send emails, does not act as a spoofing proxy your SPF records should be setup as normal on your server.