We use certain mechanisms in order to help emails sent from your domains to get delivered properly to other email providers: SPF and DKIM. Both of those mechanisms are configured in your domain name (DNS) so that other providers can use this information.
SPF
SPF (SenderPolicyFramework ) is used to identify a set of authorized servers for sending out emails for your domain name. This is used to identify Koumbit servers, and possibly others, as being authorized to send emails on your behalf. This means that other provides will give a somewhat better reception when emails come from those servers.
SPF can also be used to block unknown servers from sending out emails for your domain name. This gives you control over which services can be used to send email for your addresses and can block spam that is generally sent from unrecognized machines.
To use SPF with your hosting services at Koumbit, add the following TXT type record to the DNS zone of your domain:
By default, Koumbit uses the following rule which identifies Koumbit servers as being authorized, but doesn't block any other servers from sending out emails for you (this means that you can use services from other providers to send email but those other providers will not be getting the "preferential hint" to help out with delivery)
| v=spf1 mx include:spf.koumbit.net ~all |
DKIM
DomainKeys Identified Mail (DKIM ) is used for authenticating the origin of an email. By using this entry, it is possible to verify that the message was processed by Koumbit's email servers.
Koumbit's email server attaches a cryptographic signature (by using a private key that is known only to Koumbit's email server) on the contents of the message. This signature can then be verified by using the public key that can be found in the DNS entry corresponding to the DKIM information.
DKIM keys are generated automatically for domains hosted on Koumbit's server. In some cases however, they may require a final manual setup step. Contact us to get OpenDKIM configured on your domain.
If you are looking for your DKIM public key, you can go in your alternc account, on to your domain name management page, then click on the 'View' tab and search for en entry similar to this one.
|
alternc._domainkey. |
If either your domain name (DNS) or your emails are hosted with another provider, contact our support team and we will help you configuring DKIM.
DMARC
DMARC (Domain-based Message Authentication, Reporting and Conformance ) is not an authentication mechanism, but an information mechanism. Some servers will send DMARC reports at the email address specified in the TXT entry. These reports indicate whether some emails sent by your domain fail the SPF and/or the DKIM.
Usually, we use an email address in the style of "postmaster@yourdomain.org" (where yourdomain.org is the domain with the DMARC entry) but any email address will do. Note that this email address will be public and visible to all: it is recommended to not use a personal email address to avoid being flooded with spam.
Here is an example of a typical DMARC entry:
| _dmarc.yourdomain.org. 3600 IN TXT "v=DMARC1; p=none; rua=mailto:postmaster@yourdomain.org" |
While the presence of a DMARC entry was seen as optional, more and more services now require this entry to be present. It is therefore important to have one for every domain which sends emails.
How to read a DMARC report
If you have a DMARC entry which specifies an email address, then you will receive DMARC reports. A DMARC report is a ".zip" file" in which there is an ".xml" file. There are some online resources that can help you understand this report, but what matters is to see if the following lines are there:
- Is there a line like this:
<dkim>fail</dkim> - Is there a line like this:
<spf>fail</spf>
If you have one, or the other, or both, contact us with the DMARC report and it will be our pleasure to find the issue.
