This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
own-domain-sending [2016/10/26 10:00] ben [SPF Recommendations] |
own-domain-sending [2017/08/02 10:54] (current) benc [Use a domain already used for email (Recommended)] |
||
|---|---|---|---|
| Line 8: | Line 8: | ||
| //Failing to make these changes correctly will result in email delivery problems from Sentori and possibly your domain as a whole - so be careful!// | //Failing to make these changes correctly will result in email delivery problems from Sentori and possibly your domain as a whole - so be careful!// | ||
| - | ==== Use a domain that's already used for email ==== | + | ==== Use a domain already used for email (Recommended Solution) ==== |
| If you want to use a domain that is already being used for email, these are the DNS records you need (using an example of "mydomain.com"). | If you want to use a domain that is already being used for email, these are the DNS records you need (using an example of "mydomain.com"). | ||
| - | This enables all emails sent to the From Address of the Emails you send from Sentori to go back to you. | + | This also allows emails sent to the From Address of your Sentori Emails to come back to you, unlike the setup below ([[#spf-recommendations|Use a domain without a mail server]]) which discards them. |
| //If you're unsure about any of these records or your domain already includes some of them, check with the appropriate technical person within your organisation about how to proceed - modifying existing records may cause delivery issues throughout your domain!// | //If you're unsure about any of these records or your domain already includes some of them, check with the appropriate technical person within your organisation about how to proceed - modifying existing records may cause delivery issues throughout your domain!// | ||
| Line 18: | Line 18: | ||
| === DNS settings === | === DNS settings === | ||
| - | * Create a **TXT** SPF record for "**mydomain.com.**" with the value "**v=spf1 a mx include:mail.snt0.net ~all**". (see [[#spf-recommendations|SPF Recommendations]]) | + | All of these records should be created. |
| - | * Create a **TXT** record for "**_domainkey.mydomain.com.**" used for DKIM, with the value "**o=~**". | + | |
| - | * Create a **TXT** record for "**sentori1._domainkey.mydomain.com.**", also used for DKIM, with the following value (ensure it contains no spaces or carriage returns): <code>"k=rsa;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCS8aWsnuXoQ2RV7Yl6W/CirDtkDe5a9HVVXH47yaBjaENi11hBchEUykOzfaLNU7DsoL8c20XMz9su/AW4ooW2J8nYKk4T1bRKZYvyADCJ4Oddvxv0cjhoXvTkyjPPUjc5vrfXDVitx2oFr3a9LurJKmd/QZCssYU/rmGYb7+EBQIDAQAB;"</code> | + | - Create a **TXT** SPF record for "**mydomain.com.**" with the value "**v=spf1 a mx include:mail.snt0.net ~all**" or, if you already have an SPF record, add "**include:mail.snt0.net**" at the end before the existing "all" mechanism. (see [[#spf-recommendations|SPF Recommendations]] for checking tools and advice) |
| - | * Create a **TXT** record for "**_dmarc.mydomain.com.**" used for DMARC with the value "**v=DMARC1; p=none; rua=mailto:dmarc@mydomain.com**" setting "**dmarc@mydomain.com**" to the email address of someone technical that should be sent daily DMARC reports by ISPs. | + | - Create a **TXT** record for "**_domainkey.mydomain.com.**" used for DKIM, with the value "**o=~**". |
| + | - Create a **TXT** record for "**sentori1._domainkey.mydomain.com.**", also used for DKIM, with the following value (ensure it contains no spaces or carriage returns): <code>"k=rsa;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCS8aWsnuXoQ2RV7Yl6W/CirDtkDe5a9HVVXH47yaBjaENi11hBchEUykOzfaLNU7DsoL8c20XMz9su/AW4ooW2J8nYKk4T1bRKZYvyADCJ4Oddvxv0cjhoXvTkyjPPUjc5vrfXDVitx2oFr3a9LurJKmd/QZCssYU/rmGYb7+EBQIDAQAB;"</code> | ||
| + | - Create a **TXT** record for "**_dmarc.mydomain.com.**" used for DMARC with the value "**v=DMARC1; p=none; rua=mailto:dmarc@mydomain.com**" setting "**dmarc@mydomain.com**" to the email address of someone technical that should be sent daily DMARC reports by ISPs. | ||
| ==== Use a domain without a mail server ==== | ==== Use a domain without a mail server ==== | ||
| Line 28: | Line 30: | ||
| * Create an **MX record** for "**mydomain.com.**" with the value "**mail.snt0.net**". | * Create an **MX record** for "**mydomain.com.**" with the value "**mail.snt0.net**". | ||
| - | Any emails sent back to your From Address will be discarded. | + | Any emails sent back to your From Address will be discarded so this option is not recommended. |
| ==== Let us know about the changes ==== | ==== Let us know about the changes ==== | ||
| Line 48: | Line 50: | ||
| ==== SPF Recommendations ==== | ==== SPF Recommendations ==== | ||
| + | * Tools such as [[https://mxtoolbox.com|MXToolBox.com]] and [[https://dmarcian.com/spf-survey/|dmarcian's SPF Surveyor]] can be used to check your SPF record is correct and highlight any problems. | ||
| * Multiple SPF records are not advised. According to Google this "may cause delivery and spam classification issues" (https://support.google.com/a/answer/4568483). If you have more than one SPF record then they should combined into a single one. | * Multiple SPF records are not advised. According to Google this "may cause delivery and spam classification issues" (https://support.google.com/a/answer/4568483). If you have more than one SPF record then they should combined into a single one. | ||
| - | * You should also avoid having more than 10 lookups to fully resolve your SPF record. Tools such as [[https://mxtoolbox.com|MXToolBox.com]] and [[https://dmarcian.com/spf-survey/|dmarcian's SPF Surveyor]] can check this for you. If you're near or over that limit , remove any that are no longer needed and then convert "include" entries into their "ip4" equivalents where possible. For Sentori's "**include:mail.snt0.net**", this would be: | + | * You should avoid having more than 10 "lookups" to fully resolve your SPF record. [[https://mxtoolbox.com|MXToolBox.com]] and [[https://dmarcian.com/spf-survey/|dmarcian's SPF Surveyor]] can check this for you. If you're near or over that limit , remove any that are no longer needed and if you're still over the limit go on and convert "include" entries into their "ip4" equivalents where possible. For Sentori's "**include:mail.snt0.net**", this would be: |
| - | <code>ip4:83.222.233.164/30 ip4:83.222.233.168/30 ip4:83.222.235.232/29 ip4:134.213.146.5 ip4:173.203.67.79</code> | + | <code>ip4:83.222.233.164/30 ip4:83.222.233.168/30 ip4:83.222.235.232/29 ip4:134.213.146.5 |
| + | ip4:173.203.67.79</code> | ||
| Please note that while we have no plans to change Sentori's sending infrastructure, it's possible these values may be changed in the future. If you encounter delivery issues, confirm these values still match your SPF record and update if necessary. | Please note that while we have no plans to change Sentori's sending infrastructure, it's possible these values may be changed in the future. If you encounter delivery issues, confirm these values still match your SPF record and update if necessary. | ||