How to Set Up DKIM and DMARC
DomainKeys Identified Mail (DKIM) focuses on authenticating the sender and ensuring message integrity, while Domain-based Message Authentication, Reporting & Conformance (DMARC) establishes policies for email handling and provides reporting to improve email security and deliverability. To safeguard email communication and enhance email and domain security, you need to set up DKIM and DMARC for your domain.
In this article, we will discuss:
What is DKIM?
DomainKeys Identified Mail (DKIM) is an email authentication protocol that incorporates a digital signature to the email header. It verifies that the email was sent from an authorized sender and has not been tampered with during transit.
DKIM uses public-key cryptography to create a signature that can be verified by the recipient's email server. Using security standards, like DKIM, DMARC, and SPF, can protect your domain from having malicious emails that appear to have been sent on your behalf.
DKIM plays a significant role in email security. It provides three key benefits:
- Prevents email spoofing – DKIM prevents email spoofing by verifying the legitimacy of the sender's email address.
- Protects email integrity – DKIM protects email integrity by making sure that the email has not been tampered with during transit.
- Improves email deliverability – Emails that fail DKIM verification are more likely to be marked as spam or rejected by the recipient's email server, thereby improving the deliverability of your emails and reducing the chance of them being marked as spam.
What is DMARC?
Domain-based Message Authentication, Reporting & Conformance (DMARC) uses both Sender Policy Framework (SPF) and DKIM. DMARC assesses email messages for authenticity. Internet Service Providers (ISPs) can easily prevent spoofing and phishing scams via DMARC.
Upon receiving an email, the mail server performs a check of the DNS records for the DMARC policy associated with the domain in the "From" address. The server then performs SPF and DKIM checks. If either of these fails, the email is evaluated against the DMARC policy.
Below are the benefits of using DMARC.
- Security: DMARC helps establish consistent standards for the entire email community.
- Visibility: DMARC can alert you if someone is spoofing email from your domain.
- Reputation: Protect and enhance your online brand reputation.
DMARC Policy
The DMARC policy indicates to your receivers that your messages are DKIM-protected. It also tells them what to do if messages do not pass, are flagged as junk, or are rejected.
It is recommended that DMARC policies be introduced gradually. Begin with a setting of None, move to Quarantine, and finally to Reject. Monitor your DMARC reports at each stage to ensure messages are signed and not spoofed.
Please take note of the following DMARC options:
- None – No action needed, useful for monitoring
- Quarantine – Message should be set aside
- Reject – Message should be rejected
Setting Up DKIM and DMARC
For DMARC, your DNS records must contain:
- SPF record
- A record
- CNAME
- DKIM (optional)
Please select an option below to view the instructions on how to set up DKIM and DMARC.
- Cloud Mail
- Google Workspace
- Microsoft 365
- Standard Email
- Edge Desk, ProMail, and Webmail version 7.10.2
Cloud Mail
Double-check if you have set up your DNS records before. If yes, no actions need to be taken on your account. If not, you will need to log in to your Account Manager and add the DNS records. Please see the Cloud Mail DNS Settings article to get the correct DNS records.
To create a DMARC record, please follow the standard format: v=DMARC1; p=none; rua=mailto:[user email]. Replace the "user email" field with the email address to which you want to receive DMARC reports. The email address must be under the domain you are managing.
For instructions on how to add the DMARC record, please refer to the Text (TXT) Records or Sender Policy Framework (SPF) Records section of the How to Manage DNS and Advanced DNS Records article.
Google Workspace
Double-check if you have set up your DNS records before. If yes, no actions need to be taken on your account. If not, you will need to log in to your Account Manager and enter v=spf1 include:_spf.google.com -all using the instructions outlined in the Text (TXT) Records or Sender Policy Framework (SPF) Records section of the How to Manage DNS and Advanced DNS Records article.
For instructions on how to set up DKIM, please visit Google Workspace Admin Help.
To create a DMARC record, please follow the standard format: v=DMARC1; p=none; rua=mailto:[user email]. Replace the "user email" field with the email address to which you want to receive DMARC reports. The email address must be under the domain you are managing.
For instructions on how to add the DMARC record, please refer to the Text (TXT) Records or Sender Policy Framework (SPF) Records section of the How to Manage DNS and Advanced DNS Records article.
Microsoft 365
Double-check if you have set up your DNS records before. If yes, no actions need to be taken on your account. If not, you will need to log in to your Account Manager and add the DNS records. Please see the Required DNS Settings for Microsoft 365 Email article to get the correct DNS records.
For instructions on how to set up DKIM, please visit the Microsoft Knowledge Base.
To create a DMARC record, please follow the standard format: v=DMARC1; p=none; rua=mailto:[user email]. Replace the "user email" field with the email address to which you want to receive DMARC reports. The email address must be under the domain you are managing.
For instructions on how to add the DMARC record, please refer to the Text (TXT) Records or Sender Policy Framework (SPF) Records section of the How to Manage DNS and Advanced DNS Records article.
Standard Email
To create a DMARC record, please follow the standard format: v=DMARC1; p=none; rua=mailto:[user email]. Replace the "user email" field with the email address to which you want to receive DMARC reports. The email address must be under the domain you are managing.
For instructions on how to add the DMARC record, please refer to the Text (TXT) Records or Sender Policy Framework (SPF) Records section of the How to Manage DNS and Advanced DNS Records article.
Edge Desk, ProMail, and Webmail version 7.10.2
Double-check if you have set up your DNS records before. If yes, no actions need to be taken on your account. If not, you will need to log in to your Account Manager and add the DNS records. Please see the What Are My Email DNS Settings? article to get the correct DNS records.
Follow the steps below to enable and adjust the DKIM Settings.
- Log in to your Account Manager via https://www.networksolutions.com/my-account/login.
- Click Professional Email on the left navigation menu. If you have Google Workspace or Microsoft 365 in your account, you will see the Email & Office option in the left navigation menu, and then you can select Professional Email from the drop-down.
- Select the mailbox on the Email page where you wish to adjust the DKIM settings, then click Manage.
- Click DKIM Manager to launch the DKIM Control Panel.
- Select Configure with auto-generated keys to enable DKIM.
- Select the DMARC policy.
- Type in the email address where you would like to receive the DMARC reports in the Send Reports to field. The email address must be under the domain that you are managing.
You have enabled DKIM, and your DNS settings will be automatically updated as long as your domain name is on our nameservers.
If your domain is not on our nameservers, click the link that says View DNS TXT Record Information after you have enabled DKIM and provide these records to your nameserver host.
Review
This article outlines two domain security protocols aimed at improving the security of your domain and email communications: DKIM and DMARC. By implementing these protocols, you can greatly minimize the risk of your domain being exploited for malicious activities, thus improving the overall security of your email communications.