SPF DKIM DMARC – Explained

https://www.smartertools.com/blog/2019/04/09-understanding-spf-dkim-dmarc

https://knowledge.ondmarc.redsift.com/en/articles/1739840-all-you-need-to-know-about-spf-dkim-and-dmarc

 

DKIM records

reference:
What is DKIM Record:
https://www.sonicwall.com/support/knowledge-base/what-is-dkim-record-and-how-to-create-it/170504710515852/

To generate:
https://www.socketlabs.com/domainkey-dkim-generation-wizard/

 

SPF records

SPF (Sender Policy Framework) records

---

Sender Policy Framework is a record that is used to help prevent email spoofing. It allows you to specify all of the IP addresses that you would send mail from in one simple TXT record, and to tell the receiving server to only allow the outbound servers you listed.

The following is an example of a TXT record, with definitions for each portion of it.

SYNTAX FORMAT:

Format of TXT: “v=spf1 mx ip4:{any server you may also send from IP} include:spf.messaging.microsoft.com ~all”

V=spf1	This is the version of SPF that is being used.
MX	This indicates that you are sending also from everything listed on your MX record.
IP4	This is for any server IP address that you also allow for (not needed for FOPE servers if you included the FOPE SPF record and send only through FOPE).
Include	This parameter includes additional records to allow sending for your domain.
all	all has three switches that it can use: –: Do not accept any mail from anyone other than listed above; hard-fail. ~: Do not accept any email that does not come from one of the above; allow but soft-fail the email. ?: Indicates that there are more servers that may be sending from our domain.

EXAMPLE:

A normal TXT for a client who sends only through FOPE might look like the following example:

“v=spf1 include:spf.messaging.microsoft.com ip4:192.168.254.254 -all”

reference: http://technet.microsoft.com/en-us/library/ff714972.aspx