Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) are email authentication methods to prevent email spoofing. For this reason, some email hosts are beginning to require one or both be added to avoid mail rejection.
Sender Policy Framework
A SPF is defined by adding a TXT record to the domain's DNS. The SPF for sending mail through Winhost is:
v=spf1 mx ip4:220.127.116.11/29 ip4:18.104.22.168/29 -all
If hosting DNS through Winhost, the SPF record would be added through the DNS Manager: Winhost Control Panel > Domains > Manage (DNS) > Manage TXT Record > Add
Domain Name: Field is left blank
Data: v=spf1 mx ip4:22.214.171.124/29 ip4:126.96.36.199/29 -all
Like with other DNS record updates, it will take some time for propagation to complete. To monitor DNS propagation https://www.whatsmydns.net/
may be used.
To test the SPF record, see the Testing SPF and DKIM section below.
DKIM is a combination of a SmarterMail setting and TXT record.
First log into the SmarterMail web interface as the domain administrator (default is postmaster). If the web interface address or password isn't known, log in automatically at: Winhost Control Panel > Sites > the applicable domain name > Email > SmarterMail Manager
Once logged into the webmail interface, click Domain Settings (gear icon with globe), General, and then the Enable button in the Email Signing pane.
After clicking Enable, a pop-up with a TXT record will be displayed. Add the TXT record to the domain's DNS, allow time for DNS propagation, then click the Enable button once more.
If hosting DNS through Winhost, in a separate window navigate to the DNS Manager: Winhost Control Panel > Domains > Manage (DNS) > Manage TXT Record > Add
Domain Name: Everything preceding ".domain.com" should be copied and pasted into the field. In the example below, it would be: textBlock._domainKey
Data: The Text Record Value is copied and pasted here. Due to the length of the record, verify that the Data field ends with the same text as the Text Record Value field.
DNS propagation can be reviewed at https://www.whatsmydns.net/
. If checking propagation of the TXT record for DKIM, make sure to enter the entire Text Record Name
(textBlock._domainKey.domain.com in the example above) into the domain field on whatsmydns. Then select TXT
from the drop-down and Search
After the DNS record has propagated, clicking the Enable
button for Email Signing
will update the pane with a message that DKIM is running on the domain. If after an hour the Enable
button still shows the pop up with the TXT record value, double check that the complete TXT record has been added to the domain's DNS. Or open a ticket with the Support Department
for assistance in reviewing the DKIM.
Testing SPF and DKIM
A simple test of the SPF and DKIM can be performed by sending an email to a Gmail recipient and checking the email header. After the email is received, view it, click the three vertical dots for more options then Show Original.
If set up properly, there should now be two PASS notifications on the Original Message page.