I'm trying to setup DKIM and SPF for a vendor to be able to send email on behalf of one of our domains. We do use a 3rd party (Mcafee, formely mxlogic) to scann all our incoming and outgoing email. i do have a ticket in to them but im trying to understand the process a little better:
SPF lists authorized domains/IPs that can send emails on behalf of a domain
DKIM adds a signature key to each email that is verified by the receiving server
My questions are:
When i ask my DNS provider to add these and they are all setup, does my vendor need to send emails that are on our behalf through Mcafee or are they connecting to each receipts servers?
For DKIM how does the receipt server know to check for a signature key in the email?
I do have the DKIM key and value that our vendor gave me. I'm guessing I just add this to our DNS?
Creating an SPF record i am getting a little confused. i have been to several websites and im thinking it goes something like this:
v=spf1 mx ip4:[corpIP] include:firstdomain.com include:seconddomain.com ~all
I'm confused on two things with SPF:
1. ip4:[corpip], im not sure if this is the sending Ip or something else. If its the sending IP and im using a 3rd party, they may have multiple IP's going out. if so im not sure how to add more ips.
2. for each domain i want to add to be able to send emails, am i just adding another include:thirddomain.com entry?