Avoiding spamming and spoofing issues with emails.

Mail SPF (Sender Policy Framework) & DKIM (Domain Keys Identified Mail) Domain Records

If you are finding your domain emails are being treated as spam or being blocked its most likely due to you sending emails that are not being identified with an authorised domain senders IP address.  In effect, it's being treated as suspect SPAM. To overcome this problem, an SPF message must be saved as a TXT (text) record in your domain's DNS Records, authorising the sending domain to send mail on your behalf. 

If you wish to read on, you will gain a better understanding of how the internet works and discover the meanings of some internet terms.  You should also gain the knowledge to resolve email issues but if you feel it's for someone else to do, that's OK too.  Click to request support from the AHBC.

Understanding the role of the "Domain Name System" (DNS)

If you own a domain for your business and it's on the internet with a website and / or email service, it has a service called "Domain Name System" (DNS). The DNS is the internet's road map or phone book that takes a website address or email address request and redirects the request a host server to process. 

In other words, when someone enters your domain names via web browser, such as www.adelaidehillsbc.com.au, domains.adelaidehillsbc.com.au or sends an email to you, your domain's DNS is responsible for finding the correct computer using an IP address to process the request. Computer that hold your website or emails are normally referred to as "Hosting Servers" and their role is to store data and process request. The request may result in the return of a web page or to view or send emails.  

An "Internet Protocol" (IP address) is a unique identifier for every device that connects to the internet. Just as you would address a letter to send in the mail, computers use the unique identifier to send request and data to specific computers or hosting servers on the internet.  There are also two standards for IP addresses: IP Version 4 (IPv4) and more recently IP Version 6 (IPv6). 

DNS records look something like this. 

• "www.myDomainName.com.au" is hosted from a server with IP Address that looks like 111.222.1.11 (This IP address in your DNS is known as a "A" Record)

• Emails to my domain are hosted by a server with IP address that looks like 200.234.1.230 or a DNS "MX" record address that looks like "ALT1.ASPMX.L.GOOGLE.COM".

• Information about my domain "v=spf1 include:_spf.google.com ~all" is retaining as a "TXT" DNS record.

Sometimes, IP addresses are replaced by a Canonical Name (CNAME) or Mail exchange (MX) addresses that appears like a web address Eg. alt1.aspmx.l.google.com There are a number of reason why IP addresses are not used. For example, visualise the size of the server to process millions of GMAIL  / minute at Google. To deal with the demand, Google allocates each email's processing task to one of its hundreds of mail hosting servers, all with unique IP addresses. In effect one IP would not work so Googles uses a web like address to get all emails and then Google assigns an IP address internally.

Other DNS records:

• MX stand for Mail eXchange address Eg. ALT1.ASPMX.L.GOOGLE.COM  These addresses also have a priority number order so a mail hosting server provider may have a couple of backup mail servers with different MX addresses. Google has 5 MX mail server addresses to ensure mail is processed.

• CNAME (Canonical Name) records point to another domain address rather than an IP address.  That other domain address may point to another CNAME address until it reaches an IP address attached to an A or AAAA record.

• A records - IP Address as shown above and also known as IPv4. The version with 4 bytes of data.  The A record are typically a root address of the physical hosting server.

• AAAA records - The newer version of the IP address also known as IPv6. This version has been introduced to deal with the rapidly expanding number of internet connected devices Eg. 2100:ca02:2049:8::a29f:1503. It like the time for those of us that remember 6-digit phone number and the move to 8 digits + 2 digits for the area code or 04 for mobiles.

• TXT records are simply text look up information. In many cases a "Software as a service" (SaaS) providers will supply a TXT message to be copy and paste into your domains DNS records to ensure you are authorised to use your domain name.  The same goes for an SPF text message to validate emails sent by you are from your domain IP address and not from a spammers IP Address. 

Additional Protection with DKIM

There is just one more step to really avoid email issues and that is to create another DNS TXT record for DKIM.

By establishing a DomainKeys Identified Mail (DKIM) TXT record it helps to prevent "spoofing" on outgoing messages sent from your domain.

Email spoofing is when email content is changed to make the message appear from someone or somewhere other than the actual source. Spoofing is a common unauthorised use of email, so some email servers require DKIM to prevent email spoofing.

Basically, DKIM adds an encrypted signature to the header of all outgoing messages. Inbound email servers that get signed messages use your DKIM key to decrypt the message header to verify the message was not changed after it was sent from your email sending server.

DIY or just not sure it for you!

Below are the DIY step by step instruction for our domain and Google G Suite clients. If your domain is not with us or you need assistance, consult your IT specialist, domain registration agent or the AHBC to assist.