Knowledge base article
An introduction to email authentication
View other domains and DNS articles
Other domains and DNS articles
A beginners guide to email spoofing
Accessing your site before changing DNS
Can I test out your services for free?
Cancel auto renewal on a domain registration
Complete a manual Change of Registrant (CoR) application for a .au domain
Configure spam filtering in cPanel
Domain options for shared hosting
Download or restore individual files, directories or database backups with JetBackup
Eligibility requirements for .au domains
Enabling PHP extensions, Changing PHP Version and Setting PHP Options
Finding your domain password/EPP code
Force HTTPS via .htaccess (cPanel)
Getting Started with Anycast DNS
Getting Started with the Content Delivery Network (CDN)
Hide .html extension using .htaccess
How to ensure website generated emails are delivered successfully
How to issue a Let’s Encrypt certificate
Manage DNS zones with the cPanel Zone Editor
Migrate remote staging website to local hosting server
Migrate remote transactional website to local server
My site and/or email service is down
Network Firewall (I can’t access my services on a non-standard port)
Pointing your domain to Serversaurus
Pointing your domain to Squarespace with cPanel
Reconfigure production website to subdomain
Subdomains for test sites & more
The SLA – Best effort versus 99.9% versus 100%
Transfer your domain to Serversaurus
Unable to renew certificate: The Let’s Encrypt HTTP challenge failed
Understanding CloudLinux resource limits
Update your domain contact information
Using Serversaurus’ nameservers but hosting your email elsewhere
Using the Serversaurus Cloud CDN with your WordPress website
What happens if my domain expires?
This article will guide you through the basics of email authentication
There are three primary authentication methods configurable for your email and web services to improve you email deliverability and secure your domain from unauthenticated use, like cyber crimes like impersonation attacks. This guide will walk you through the authentication methods available and some of the basic configuration options.
SPF Authentication (Sender Policy Framework)
An SPF record is a TXT record you can add to your domains DNS zone to authenticate which hosts are authorised to send mail on behalf of your domain.
For example, in a hypothetical context- you have an email service hosted with Google, however your website is hosted with Serversaurus, in this case you need to authenticated both Google and Serversaurus to send emails on behalf of your domain, in this circumstance the TXT record entry would be:
v=spf1 include:_spf.serversaurus.com.au include:_spf.google.com ~all
The above entry permits the following hosts and directives:
v=spf1 - The SPF version is specified
+a - Authorises the IP configured in the domains A record
+mx - Includes the sender configured in the MX records
include:_spf.serversaurus.com.au - Authorises Serversaurus' outgoing mail gateways
include:_spf.google.com - Authorises Google's outgoing mail gateways
~all - Directs SPF policies to be always applied, however the ~ symbol directs a Soft Fail (this can be specified to be more or less strict)
To create a SPF record, you can revise the available directives and tailor a record most suitable for your practice. DMARC Analyzer have a informative guide outlining the available mechanisms for SPF configuration: https://www.dmarcanalyzer.com/spf/spf-record/
DKIM Authentication (Domain Keys Identified Mail)
DKIM authentication is a practice implemented to detect and prevent forged sender address (otherwise known as spoofing). By implementing a DKIM signature, the receiver is able to verify the email has been sent and authorised by the owner, this is implemented by adding the DKIM signature as a header to sent emails, the receiving server is then able to check whether DKIM signature is valid or not, and decode the encrypted contents of the email, when the DKIM check has passed, the server ascertains the contents of the email has not been altered.
Generating a DKIM key can been completed within the management panel of your email provider (for example within cPanel you can use the Email Deliverability function to generate and install a DKIM record), if you have multiple providers sending mail on your behalf, you need to generate DKIM keys from each providers management console, a DKIM record is most commonly configured by a TXT record, however some providers (such as MailChimp and SendGrid) will provide a CNAME record for DKIM authentication.
DMARC (Domain-based Message Authentication, Reporting, and Conformance)
DMARC is an email validation system designed to protect your company's domain from being used for email spoofing, phishing scams and other cyber crimes, this practice combines the existing authentication methods configured using SPF and DKIM. Reporting is one of the major benefits of implementing a DMARC policy, the reports are used to track your mail environment and identify how your domain is being used.
By implementing a DMARC record you direct remote mail servers how to handle emails from your domain which have been sent without DKIM or SPF authentication, DMARC has three policies available:
None: This policy is used to simply monitor your email activity.
Quarantine: When the quarantine policy is instated, if mail is not authenticated using SPF or DKIM the remote mail server is directed to quarantine the mail. Quarantine usually results in emails being received to your spam folder however some mail servers will filter these emails before reaching your inbox.
Reject: The reject policy is the most strict, this directs remote server to refuse any emails being sent without SPF or DKIM authentication. Of course you only want to use this policy once you've thoroughly tested your mail environment using either the None or Quarantine policy.
Depending on whether you are using DKIM or SPF, you can configure DMARC to rely on either authentication method (or both) and adjust the level of strictness when it comes to identifying SPF/DKIM authentication practices.
You can also specify which email address should receive DMARC reports and which intervals notifications should be sent, be aware servers won't always honor intervals longer than 24 hours.
For cPanel users, you can generate a DMARC record within the Zone Editor function, by selecting Add Record, then create a DMARC record using the Advance Options tab to add additional rules.
To create a record without the assistance of the cPanel functions, you can revise the policies available by visiting the DMARC website: https://dmarc.org/overview/
As usual, if ever in need of assistance please contact our support team at support@serversaurus.com.au.
Last updated November 30, 2023