SPF, DKIM and DMARC – why these records matter
Fighting spam is a never-ending story for any mailhost and Servgate is no different. And it is a tale of two halves…
For incoming mail we take measures to identify and then either reject or quarantine spam messages according to severity (score) and the per-domain and per-mailbox configuration that our mail users have set in their control panel or via Roundcube You can read more about that here:
When it comes to outgoing mail there are some things we can do to broadly demonstrate that the mail originating from Servgate’s mail-server is legitimate, for example ensuring only our customers can use it to send mail (ie it is not an “open relay”). However, confirming the legitimacy of the sending domain (ie your mailbox@domain-name) requires a suite of DNS records with digital signatures and info that “proves” that each message sent from your domain is coming from the right server and that the domain owner is accountable for it at the links.
“Receivers who successfully validate a signature can use information about the signer as part of a program to limit spam, spoofing, phishing, or other undesirable behavior” – from http://dkim.org/info/dkim-faq.html
Improving deliverability for all
On 1 April 2019 we made a commitment to add SPF, DKIM and DMARC records for all our clients, without charge, where we also provide the domain and can control and create those DNS records. We are rolling this out over the course of the year and hope that this will improve each domain’s reputation, the rate of successful delivery and indeed the reputation of the sending mail-server itself.
Where we do not manage these records, we strongly encourage our customers to take the following steps:
Add a TXT record
"v=spf1 include:spf.servgate.jp ?all"
Note that if you also send mail via a third party such as Mailchimp, you need to adapt the SPF record to include their server IP as a legitimate source of mail from your domain name. See the help pages of the respective provider for further information.
Ask us to generate and send you a key for your domain and add a DNS TXT record.
mail._domainkey. 3600 TXT "v=DKIM1; t=s; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDkfTbs7llNbHSvFXPngV9/qK3OPzDSralzn3XnOg4RCWVpXTJSkj1yP/IsApBoaLGArlk5BuWguNe8B+a/ZR3b8X+9Fc5EfnU+NCqfFUBWqy5coMtE3OgUC01obNUOQpdKT1Z8PN6Kn7bserFr8QOPaYtOSpBx0+hc5IHonhlYZQIDAQAB"
_dmarc.<YOUR-DOMAIN> text = "v=DMARC1; p=reject; rua=mailto:email@example.com; ruf=mailto:firstname.lastname@example.org;fo=1"
NB there are various options, but this would be fine.
Why it matters
Failure to demonstrate a good reputation has an incremental impact on everyone, as recipient servers (eg Gmail, Yahoo!, etc) are more likely to downgrade the reputation of the mailserver itself, even blocking mail delivery completely.
Domain reputation matters!
If you are a Servgate customer who provides your own domain name and needs help to create the appropriate records, please contact us and we will try to assist.