SPF / Domain Keys

Posted on 2010-01-11
Medium Priority
Last Modified: 2013-11-30

We are going to use a 3rd party for marketing emails, they have requested we put a couple of txt files associated with our DNS domain name for SPF.

We use a another 3rd party for email filtering and all mail is channelled through them and our MX records point to them, we dont use SPF with them currently.

This marketing company will be sending mails on our behalf to clients and i just want to make sure by implementing these SPF records to our domain it wont disrupt our normal mail flow.

They have requested one text file be put up as a domain key.

The other is the normal spf txt file containing their domain as below

v=spf1 mx include:domain.com ~all

1) Our 3rd party filtering company say we should also include their mail servers in the txt file, does anyone know the format for this and can it all be in the same txt file.

2) What is a domain key txt file, it looks like something the marketing company have generated, but do i then have to get one from our 3rd party filtering company too?

3) Do you see any potential problems with us publishing these records, we dont do SPF checks on our gateway.
Question by:he_who_dares
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 27

Accepted Solution

shauncroucher earned 1500 total points
ID: 26285007
For SPF, you will need to make sure that the SPF record includes EVERY mail server that will send mail using your domain name. If you send through your 3rd party filtering company, they should be included.

See here for how to set one up http://old.openspf.org/wizard.html

As for domain keys, I haven't had too much to do with their setup, but it is based on a private/public key mechanism to ensure the message is coming from an authorised sender.

"DomainKeys uses a public/private key pair to verify the origin of an email through DNS. The private key is kept on the mail server while the public key is stored in a DNS TXT record. The originating mail server inserts a special header into the outgoing email signed with its private key and a selector which indicates to the receiving mail server where to find its public key contained in the DNS TXT record.
By convention, all DomainKeys DNS TXT records are in the format of selector._domainkey.example.domain eg, dktest._domainkey.erikberg.com. By using selectors that are completely in the control of the organization, one can easily create new public keys to use at any time by adding a new DNS TXT record with the new key, telling sendmail to start signing with the new key, and keeping the old record in DNS until it is certain that no emails are still floating around that are signed with the old key.
DomainKeys is released under a liberal license that ensures it will remain royalty-free. The source code is freely available and may be modified and sublicensed." - http://erikberg.com/notes/milters.html


Author Closing Comment

ID: 31675542
Just to that all mail servers should be included in the one TXT file.

Not a problem if other mail servers dont use the Domain Keys

Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article aims to explain the working of CircularLogArchiver. This tool was designed to solve the buildup of log file in cases where systems do not support circular logging or where circular logging is not enabled
If you troubleshoot Outlook for clients, you may want to know a bit more about the OST file before doing your next job. IMAP can cause a lot of drama if removed in the accounts without backing up.
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…
Suggested Courses

801 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question