Differences

This shows you the differences between two versions of the page.

--- email [2019/08/25 08:49] – neil
+++ email [2019/08/25 09:05] – neil
@@ Line 81: / Line 81: @@
 An example of an SPF record, for domain example.com, is:
-  example.com.  IN TXT "v=spf1 mx ip4:203.0.113.7/32"
+  example.com.  IN TXT "v=spf1 mx ip4:203.0.113.7/32 ip6:2001:db8::/32"
-There are a number of tools to help you generate your domain's SPF record. For example, [[https://www.spfwizard.net|here]].
+There are a number of tools to help you generate your domain's SPF record. For example, [[https://mxtoolbox.com/SPFRecordGenerator.aspx?|here]].
 ===DKIM ===
+DKIM — DomainKeys Identified Mail — is a mechanism for signing and verifying messages.
+As with [[#spf|SPF]], you need to add a text record to your domain's DNS, but you also need to make changes to your mail server's configuration.
+What you will need to do will depend on your email server or service provider, so either check the manual or help pages, or get someone who knows what they are doing to help.
 ===DMARC ===
+DMARC — Domain-based Message Authentication, Reporting & Conformance — is an authentication and reporting mechanism. It builds on [[#spf|SPF]] and [[#DKIM|DKIM]], and lets a sender state whether their email are protected by either or both of these things, and what a recipient should do if those tests fail.
+Because it builds on SPF and DKIM, get those in place first, before you look at implementing DMARC.
+As with [[#spf|SPF]] and [[#DKIM|DKIM]], this is another text record for your domain's DNS.
+From a security point of view, setting your DMARC reject to suggest to recipients that they should reject messages from your domain which fail SPF and/or DKIM checks offers the best security. It requires you to make sure that your SPF and DKIM records are correct and up to date as, otherwise, "genuine" email might be rejected.
 ====Enable two-factor authentication if you use webmail ====