SPF / Domain Keys


We are going to use a 3rd party for marketing emails, they have requested we put a couple of txt files associated with our DNS domain name for SPF.

We use a another 3rd party for email filtering and all mail is channelled through them and our MX records point to them, we dont use SPF with them currently.

This marketing company will be sending mails on our behalf to clients and i just want to make sure by implementing these SPF records to our domain it wont disrupt our normal mail flow.

They have requested one text file be put up as a domain key.

The other is the normal spf txt file containing their domain as below

v=spf1 mx include:domain.com ~all

1) Our 3rd party filtering company say we should also include their mail servers in the txt file, does anyone know the format for this and can it all be in the same txt file.

2) What is a domain key txt file, it looks like something the marketing company have generated, but do i then have to get one from our 3rd party filtering company too?

3) Do you see any potential problems with us publishing these records, we dont do SPF checks on our gateway.
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

shauncroucherConnect With a Mentor Commented:
For SPF, you will need to make sure that the SPF record includes EVERY mail server that will send mail using your domain name. If you send through your 3rd party filtering company, they should be included.

See here for how to set one up http://old.openspf.org/wizard.html

As for domain keys, I haven't had too much to do with their setup, but it is based on a private/public key mechanism to ensure the message is coming from an authorised sender.

"DomainKeys uses a public/private key pair to verify the origin of an email through DNS. The private key is kept on the mail server while the public key is stored in a DNS TXT record. The originating mail server inserts a special header into the outgoing email signed with its private key and a selector which indicates to the receiving mail server where to find its public key contained in the DNS TXT record.
By convention, all DomainKeys DNS TXT records are in the format of selector._domainkey.example.domain eg, dktest._domainkey.erikberg.com. By using selectors that are completely in the control of the organization, one can easily create new public keys to use at any time by adding a new DNS TXT record with the new key, telling sendmail to start signing with the new key, and keeping the old record in DNS until it is certain that no emails are still floating around that are signed with the old key.
DomainKeys is released under a liberal license that ensures it will remain royalty-free. The source code is freely available and may be modified and sublicensed." - http://erikberg.com/notes/milters.html

he_who_daresAuthor Commented:
Just to that all mail servers should be included in the one TXT file.

Not a problem if other mail servers dont use the Domain Keys
All Courses

From novice to tech pro — start learning today.