EmailDiscussions.com - View Single Post

n5bb · 6 Aug 2017, 03:26 PM

As BritTim said, if you have control over the domain you can change the SPF and DMARC settings to anything you like, but different email providers will interpret or ignore those settings in various ways.

SPF can be used to specify which SMTP servers are allowed to send for your domain. All that is required is that the proper SPF record be added to the DNS for the sending domain.
DKIM allows a recipient system to determine if a message was originated by a source authorized by the domain owner, and whether the message was altered during transmission. DKIM uses cryptographic signatures added to the email headers, and requires that both a DNS record is added and the sending server adds the signature.
DMARC is a way for domain owners to specify what happens if both SPF and DKIM fail for a message. DKIM forces alignment between the SMTP envelope-From and the header From. This means that message forwarding breaks SPF when DMARC rules are applied. But if DKIM passes the message may be accepted.
The common DMARC rules which may be specified are:
- p=none (no action is to be taken)
- p=quarantine (the message should be treated differently from normal messages, such by moving it to a spam folder)
- p=reject (the message should be rejected, which might mean discarded)
At this time, few email systems will reject (discard) messages only based on failing DMARC tests.

I can't tell if you meant to say that you use a Standard or higher Fastmail account and host your own domain DNS at Fastmail. If that is true, then (see the Fastmail Settings>Domains setup page for your domain):

By default, Fastmail will automatically publish the following DNS records related to this discussion:
- An SPF record which allows receivers to know that you send your mail via Fastmail servers, but that you may also send using non-Fastmail servers. So this default SPF record won't cause any receiver to block any messages claiming to be from your domain, no matter which server sends the messages. So SPF will be effectively disabled (no blocking of other senders).
- DKIM records which cause Fastmail to cryptographically sign your domain messages if they are sent through the Fastmail servers. So DKIM signing will be enabled.
- No DMARC records.
If you want to enable SPF to only allow messages from your domain to be sent by Fastmail servers, you can disable the default SPF record and add a DNS record for your domain which only allows the Fastmail outgoing server to by used. The DNS entry you need to add is:
Code:
```
v=spf1 include:spf.messagingengine.com -all
```
If you want to add a DMARC record I can later assist you with this. If you get this wrong, you can prevent messages you send from being received.

Bill

6 Aug 2017, 03:26 PM	#4
n5bb Intergalactic Postmaster Join Date: May 2004 Location: Irving, Texas Posts: 8,929	As BritTim said, if you have control over the domain you can change the SPF and DMARC settings to anything you like, but different email providers will interpret or ignore those settings in various ways. SPF can be used to specify which SMTP servers are allowed to send for your domain. All that is required is that the proper SPF record be added to the DNS for the sending domain. DKIM allows a recipient system to determine if a message was originated by a source authorized by the domain owner, and whether the message was altered during transmission. DKIM uses cryptographic signatures added to the email headers, and requires that both a DNS record is added and the sending server adds the signature. DMARC is a way for domain owners to specify what happens if both SPF and DKIM fail for a message. DKIM forces alignment between the SMTP envelope-From and the header From. This means that message forwarding breaks SPF when DMARC rules are applied. But if DKIM passes the message may be accepted. The common DMARC rules which may be specified are: p=none (no action is to be taken) p=quarantine (the message should be treated differently from normal messages, such by moving it to a spam folder) p=reject (the message should be rejected, which might mean discarded) At this time, few email systems will reject (discard) messages only based on failing DMARC tests. I can't tell if you meant to say that you use a Standard or higher Fastmail account and host your own domain DNS at Fastmail. If that is true, then (see the Fastmail Settings>Domains setup page for your domain): By default, Fastmail will automatically publish the following DNS records related to this discussion: An SPF record which allows receivers to know that you send your mail via Fastmail servers, but that you may also send using non-Fastmail servers. So this default SPF record won't cause any receiver to block any messages claiming to be from your domain, no matter which server sends the messages. So SPF will be effectively disabled (no blocking of other senders). DKIM records which cause Fastmail to cryptographically sign your domain messages if they are sent through the Fastmail servers. So DKIM signing will be enabled. No DMARC records. If you want to enable SPF to only allow messages from your domain to be sent by Fastmail servers, you can disable the default SPF record and add a DNS record for your domain which only allows the Fastmail outgoing server to by used. The DNS entry you need to add is: Code: v=spf1 include:spf.messagingengine.com -all If you want to add a DMARC record I can later assist you with this. If you get this wrong, you can prevent messages you send from being received. Bill