adding dmarc and or spf

can anyone help in providing detail step by step instructions on how to setup dmarc and or spf for our domain?

we have never done this before and don’t really know where to start? and advice much appreciated.

many thanks
LVL 1
nigelbeatsonAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Tom CieslikIT EngineerCommented:
Here you can find SPF generator.
This page can tell you how to create SPF and it will create for you if you'll put all informations

https://mxtoolbox.com/SPFRecordGenerator.aspx

another good website

https://www.spfwizard.net/

Also for DMARC, you can generate record automatically

https://www.agari.com/resources/tools/dmarc/?utm_source=dmarc.org&utm_campaign=dmarc_checker&utm_medium=referral
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
nigelbeatsonAuthor Commented:
Many thanks.

I see that the agari option is offering a free trial. Can I presume this is a service that we then pay for? If so, what is it that they actually do? They only asked for a domain name, so was wondering exactly what it is that this service did to filter out phishing mail etc.

Is it essential to have a 3rd party to handle this or can we configure our own dmarc?

Do we need both dmarc and spf configuring?

Any advice appreciated.
0
Tom CieslikIT EngineerCommented:
Good SPF is a KEY for mail phishing but not enough
You should implement also DMARC or DKIM
unfortunately you must pay, I believe ONCE to generate DKIM or DMARK key.

I use DKIM. It was simple installation. THis is an plugin to our Exchange and this plugin have generated DKIM code. I've placed this code in our external DNS, do now if someone trying to send email pretending is from my domain, then server compare DKIM key in DNS with DKIM generated by our server, simple.. all phishing emails are rejected.

https://www.emailarchitect.net/domainkeys/
0
David FavorLinux/LXD/WordPress/Hosting SavantCommented:
1) You asked, "can anyone help in providing detail step by step instructions on how to setup dmarc and or spf for our domain".

Yes, and better to first extend your question a bit, so...

"Can anyone help in providing detail step by step instructions on how to setup dmarc and or spf for our domain, running Ubuntu latest, with EXIM4 as incoming + outgoing SMTP, along with Dovecot as the IMAP4 server".

This question is easy to answer, just search for - ubuntu dkim spf dmarc exim - which will return only 30K results.

2) You said, "we have never done this before and don’t really know where to start? and advice much appreciated."

My advice, after doing this many times since 1994...

Don't do it.

Instead use a relay service like MailGun. You'll relay all your out going mail through MailGun for delivery + run a local MTA like exim to receive mail + drop into Dovecot or whatever IMAP server  you choose.

MailGun gives you nearly 100% deliverability + first 10K email free each month, so most projects will have free email every month. Additional email costs are so low, likely much lower than hours of time for setup + maintenance of your own internal infrastructure... because...

Even after you do your setup, 100% correctly, your deliverability will be low to zero, because you'll have to warmup your sending IP.

3) What you didn't ask. If you're doing low volume mail, like password resets along with handling sales/support tickets, using MailGun with no further consideration will work.

If you'll be working with very large list, open another EE question, as large lists must go through Sender + Offer Warmup. A bit complex + if you have no large list, no reason to discuss how to do this level of Warmup.
0
nigelbeatsonAuthor Commented:
many thanks. used the mxtoolbox tools to generate the dmarc record.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
DNS

From novice to tech pro — start learning today.