Setting Up SPF and DKIM
SPF and DKIM must be set up on each domain that has been added to EncryptTitan.
SPF
SPF (Sender Policy Framework) allows the owner of a domain to specify which mail servers they use to send mail from that domain. When an email is received, the SPF record is verified based on the EnvelopeFrom domain name in the DNS. If the IP address sending mail on behalf of this domain is not listed in the SPF record, the message fails SPF authentication.
Configuring an SPF record is required when using EncryptTitan. If an SPF record isn't configured for your domain, then receivers requiring some form of authentication verification may not accept your message or may automatically flag the message as SPAM. When you create an SPF record, you must include all legitimate mail systems that send email on behalf of your domain, otherwise the ones not listed could be treated as possible forgery sources.
The DNS record type for SPF is TXT (Text). If your DNS provider displays a record type SPF, it should be ignored as the DNS record type SPF has been depreciated, use a TXT type record.
Follow these steps to set up SPF for your domain:
Go to Configurations > Domain setup and select the domain that you want to configure for SPF. Select Verify domain and in the window that opens, copy the SPF by selecting the copy icon.
Locate your SPF record and add include:gateway.encrypttitan.io, which authorizes EncryptTitan to deliver mail for your domain. Be sure to place the include statement before the ending operand which is usually -all.
The following is an example:
v=spf1 include:spf.messaging.microsoft.com include:gateway.encrypttitan.io -allImportant
Ensure that there is no more than one white space between statements in your SPF record. For instance, if you have two spaces (rather than one) between include:gateway.encrypttitan.io and -all, the SPF record may fail validation.
The SPF Framework only supports a single DNS SFP record. You should not have multiple SPF records.
A valid SPF record can contain 10 or less DNS lookups. If you are unsure of how many lookups your SPF record current includes, you can use a verification tool by Kitterman Technical Services
to verify the structure of you SPF record.
DKIM
DKIM is a development of DomainKeys from Yahoo and Identified Internet Mail from Cisco, resulting in the name DKIM. It is a method of verifying the email sender and prevent email spoofing. DKIM provides a method for validating a domain name identity that is associated with a message through cryptographic authentication.
If you have implemented DKIM for your domain, you will need to create a CNAME record so that the messages signed and delivered by EncryptTitan pass DKIM checks for your domain. If you have not implemented DKIM for your domain, then creating the CNAME record is highly recommended and will likely increase the deliverability of your email. If you are not certain that DKIM has been implemented, then it is suggested that you add the CNAME record to ensure the delivery of your emails.
Follow the steps below to set up DKIM for your domain:
Go to Configurations > Domain setup and select the domain you want to configure for DKIM. Select Verify domain.
In the pop-up screen, you'll find the Label/Host value and the Destination/Target value in the DKIM section.
Copy those values and add them to your CNAME record.
