SPAM emails. Setup dkim,dmarc and spf

We have 2 domains one of which is a google domain. domain b goes to my exchange server.We are authoritative of domain A which is the google domain.  All emails from this domain is coming to my exchange server. What i have noticed that some of them end up in SPAM. To be exact most of them are google docs. What do i need to do to solve this problem permanently. i have already told my ISP to setup (v=spf1 include:_spf.google.com ~all). Is this correct as i think it is flagging them as spam as we are authoritative for google domain.
Do i also need to add another spf for my domain?

What can i do to get DMARC, DKIM and SPF. I currently have SPF at my internal DNS, is this the same one required at public dns. I was told for google to be able to send emails i needed to add (v=spf1 include:_spf.google.com ~all).

Thanking in advance
Member_2_6474242Senior Systems AdministratorAsked:
Who is Participating?
 
nociSoftware EngineerCommented:
Background:
https://www.endpoint.com/blog/2014/04/15/spf-dkim-and-dmarc-brief-explanation

For SPF only DNS settings are relevant.

For DKIM there are DNS settings as well as enabling signing on the server. AFIAK Exchange cannot do that, you will need some extra tools, or a mailgateway that can handle this eithet system based on exim, postfix or a tool like trustwave SEG.

DMARC is more about reporting by others and requires you to process some mails that can be sent to you .  http://www.trusteddomain.org/opendmarc/  is a toolkit that can help here.
0
 
nociSoftware EngineerCommented:
You were told right. the include must be added to an existing domain.
The SPF tells other systems who is allowed to send on your behalf. (All Ip addresses).
if -all is used then all other mail servers are excluded.

DKIM  is more involved, for DKIM you need to create one or more private/public RSA key-pairs, where the private key is exported to the mail server and the public key is added to DNS.  The public key is stored in a DS key identified by a selector, this selector also needs to be configured on the sender. It is wise to let every independant mailer have it's own selector. (this reduces the amount of work in case one of the current service providers needs to be dropped).

DMARC is about reporting options, where you solicit for reports about mail that others received on behalf of you....
so you more or less get insight in what spammer abuse your addresses.
1
 
Member_2_6474242Senior Systems AdministratorAuthor Commented:
can i get some links to setup the above please
0
 
Member_2_6474242Senior Systems AdministratorAuthor Commented:
thanks
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.