In this post, We will demonstrate how to set up SPF, DKIM, and DMARC records.
Targeted cyber assaults are most often carried out through email. It gives hackers the best chance of infiltrating your network and gaining a foothold. According to statistics, almost 90% of all cyber assaults begin with an email message. Since 2016, email spoofers have sent over 3.1 billion phishing emails, costing the globe over $29 billion.
According to the FBI, about 467,000 cyber-assaults were effective in 2019, with emails serving as a launchpad for 24% of them. Email-based cyber attacks frequently begin with simple and seemingly harmless email communications.
However, by setting SPF, DKIM, and DMARC records and combining them, you can defend yourself and your business from these assaults. What exactly are they, and how do you set them up?
Acquaintance with SPF, DKIM, and DMARC Records
To protect email accounts from spoofing and phishing, SPF, DKIM, and DMARC are commonly used DNS entries.
They collaborate to identify fake sender addresses and to verify emails delivered. Let us briefly define these concepts.
What exactly is SPF?
The Sender Policy Framework (SPF) record is a DNS record that aids email authentication by identifying the permitted server to send mail for a domain to mail exchanges.
It allows your mail server to verify that a message claiming to originate from a particular domain really comes from that domain. Here’s how it all works.
SPF records are used by domain owners to indicate which IP addresses are allowed to send mail from their domains, such as domain.com. The receiving mail server checks whether you allowed the IP address in TXT records to send emails when someone sends an email claiming to originate from that domain.
If the result is green, the mail server accepts the messages but rejects those from illegal IP addresses.
What exactly is DKIM?
DKIM (Domain Key Identified Mail) is a method of email security that ensures your messages aren’t tampered with while in transit. This is how things work.
When you send an email, the protocol uses public-key cryptography to sign it with a private key when it leaves your outgoing (SMTP) server.
The public key released to your domain’s DNS is used by your recipient’s incoming mail server to authenticate the source of the mail and ensure that the content of the messages hasn’t been altered during transit. The message passes DKIM and is delivered if the recipient’s server confirms the signature as genuine.
What exactly is DMARC?
DMARC (Domain-based Mail Authentication, Reporting, and Conformance) is an email security mechanism that authenticates emails using SPF and DKIM.
The record used by email senders indicates how non-SPF or DKIM authenticated emails should be handled.
These are the three DMARC policies:
- p=none (it monitors your email traffic but with no action taken).
- p=quarantine (sends authorized emails to spam)
- p=rejects (prevents unauthorized emails from getting delivered)
SPF, DKIM, and DMARC Records Configuration
Adding an SPF Record on cPanel:
- Log into your WHM as a root account.
If you signed in with admin access, Cpanel sends you to your admin dashboard, but if you signed in with user access, it takes you to the account’s control panel.On the control panel, you may add the SPF record to your DNS zone file.
- To access the control panel from the admin dashboard, go to the QUICK LINKS area of your cPanel admin dashboard and select List Accounts.
- Simply browse through the account list until you find the account you want to add an SPF record to.
- To open your DNS zone editor, go to the DOMAINS section.
- Select the domain you wish to add the record to from the menu.
- In the Name text box, type your domain name, such as domain.com.
- Enter a TTL (time to live) value, or use the default value
The TTL number indicates how long it will take for your modifications to travel over the internet; a lower value means faster propagation.
Reduce the TTL value before adding the SPF record, and following propagation, maintain it between 3600 and 86400 seconds. - Select TXT as your DNS Type in the following step.
If you don’t have your SPF record available, create one and paste it into the Value text box. - To save your modifications, click the Add Record button.
To create an SPF record for your domain, use one of these internet tools:
-
SPF Record Generator MxToolBox
-
SPF Record Generator DMARC Analyzer
-
SPF Record Generator by PowerDMARC
-
SPF Record Generator by MailWizz
-
SPF Generator ZeroBounce
-
Adding DKIM Record in cPanel
Adding a DKIM record to your domain zone file via Spanel follows the same steps as outlined above.
- To get started, log into the account’s control panel and click the Zone editor tool under the DOMAINS section to open your DNS zone manager
- From the menu, choose the domain to which you want to add the record.
- In the name text box, type the default name.
- Choose a TTL value, or use the default value.
- DKIM record is a TXT record, so select TXT as your DNS Type
- To add a DKIM record, copy it into the Value text box and click the Add Record button.
If you don’t know your DKIM value, you may get it using these free internet tools:
- DKIM Generator by Socketlabs
- DKIM Record Generator by PowerDMARC
- DKIM Record Generator (EasyDMARC)
Consider utilizing the 2048-bit key length to create the DKIM record since it is more secure.
If it’s not accessible for your domain hosting, contact assistance; otherwise, use the 1024-bit key length.
cPanel: Adding DMARC Records
Setting up SPF and DMARC records before adding a DMARC record to your domain required.
Log in to your cPanel, open the DNS editor, and pick your domain after you’ve sorted everything out.
In the Name text box of the editor, type _dmarc.domain.com, substituting domain.com with your domain name.
- Enter the TTL value you want to use.
- TXT is the DNS Type you should use.
- In the Value text box, paste your DMARC record.
- To save the record, click the Add Record button.
- Auto-generate your DMARC record using these free internet tools.
DMARC Record Generator by Dmarcian
MXToolbox DMARC Generator is a program that generates a list of
Analyzer for DMARC Elastic Mail DMARC Record Generator DMARC Record Generator
Putting It All Together
SPF, DKIM, and DMARC records used in conjunction to secure email accounts, enhance email delivery, and prevent spam and phishing.
Each record is an important component of email security.
It may be difficult to configure the records. If you need help adding any of the records to your domain’s DNS zone, please contact our bodHOST support team, and we’ll gladly assist you.
You can read more guide on How to Configure DMARC Records in cPanel