Albert Widjaja
asked on
Steps to add SPF, DKIM and DMARC entries on Windows Public DNS server ?
People,
I’d like to reduce the Spoofing SPAM by enabling DKIM and DMARC, so I need your assistance in how to implement this to all of my Exchange Server accepted email domains ?
Note: I am managing my Public DNS server On Premise running on the Windows Server box, so I can have access to the records myself.
From my understanding, I can just add the below entry:
But I need further detailed steps if any.
Thanks,
I’d like to reduce the Spoofing SPAM by enabling DKIM and DMARC, so I need your assistance in how to implement this to all of my Exchange Server accepted email domains ?
Note: I am managing my Public DNS server On Premise running on the Windows Server box, so I can have access to the records myself.
From my understanding, I can just add the below entry:
DKIM: Create a CNAME record for k1._domainkey.mydomain.com with this value: dkim.mcsv.net
SPF: Create a TXT record for domain.com with: v=spf1 include:servers.mcsv.net ?all
DMARC: … not sure
But I need further detailed steps if any.
Thanks,
ASKER
Arnold,
As at the moment I have 2x MX records and also 3x Mailbox server (Exchange 2013 DAG).
Do I just add something on my 2x production Public DNS servers ?
As at the moment I have 2x MX records and also 3x Mailbox server (Exchange 2013 DAG).
Do I just add something on my 2x production Public DNS servers ?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
You have to specify which component, feature you mean in that comment.
All these are enforced by the receiving entity, some might lable them as possibly a bogus mailing and roure it to spam folder.
Others might reject the message during the SMTP session.
SPF is a recipient enforcing mechanism. Without any additional software on the sending side.
Dkim as noted earlier has to have software on your exchange that would sign all outgoing emails.
Depending on your setup, for dkim, any mailserver system from which emails are sent would need the component.
The verification part need only be installed on the incoming servers.
All these are enforced by the receiving entity, some might lable them as possibly a bogus mailing and roure it to spam folder.
Others might reject the message during the SMTP session.
SPF is a recipient enforcing mechanism. Without any additional software on the sending side.
Dkim as noted earlier has to have software on your exchange that would sign all outgoing emails.
Depending on your setup, for dkim, any mailserver system from which emails are sent would need the component.
The verification part need only be installed on the incoming servers.
ASKER
OK, since I have no plan to install additional software, I just concentrate on SPF and DMARC as easy implementation.
is it just by adding certain entries on my 2x Windows Public DNS servers ?
is it just by adding certain entries on my 2x Windows Public DNS servers ?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
No comment has been added to this question in more than 21 days, so it is now classified as abandoned.
I have recommended this question be closed as follows:
Split:
-- arnold (https:#a42290065)
-- Vincent (https:#a42288961)
If you feel this question should be closed differently, post an objection and the moderators will review all objections and close it as they feel fit. If no one objects, this question will be closed automatically the way described above.
Pber
Experts-Exchange Cleanup Volunteer
I have recommended this question be closed as follows:
Split:
-- arnold (https:#a42290065)
-- Vincent (https:#a42288961)
If you feel this question should be closed differently, post an objection and the moderators will review all objections and close it as they feel fit. If no one objects, this question will be closed automatically the way described above.
Pber
Experts-Exchange Cleanup Volunteer
Dkim is more complex since your server has to add auth information as part of the header data.
Which exchange server is in use.
Domainkey manager from email archive
To implement it on ...