Search
Recent Posts

Email Server Authentication Guide

March 8, 2024

Introduction

This guide provides step-by-step instructions on how to authenticate your email server using SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail). These authentication methods are crucial for improving email deliverability and protecting your domain from spoofing and phishing attacks. This guide is an alternative to our SMTP Email Authentication Guide to ensure that our customer have the best option to serve their unique needs

Who Should Use this Guide

If you are using ClientTether’s mg3 server to send email on your behalf, this guide is for you. However, this is highly technical in nature and you might need to contact your email support team to have them complete these authentication instructions, especially when combining with other previously implemented authentications.

Preparing for Setup

First, before adding SPF and DKIM records, check if any existing records are set up for your domain. You can use online tools like MXToolBox to check your current SPF and DKIM records.
Second, gaining access to your domain’s DNS management interface is required, typically available in your domain hosting service’s dashboard. If you do not have access to your domain’s DNS management, contact your email support team.

Adding an SPF Record

What is SPF?

SPF allows email servers to verify that incoming mail from a domain was sent from an email server authorized to do so by you. It’s a way to prevent email spoofing.

Format of an SPF Record

An SPF record is added as a TXT record in your DNS settings. For using our email service, the format will look like this:

v=spf1 include:mailgun.org ~all

If you have an existing SPF record, just add include:mailgun.org to it instead of creating a new SPF record. Ensure not to exceed ten DNS lookups in your SPF record ~all

Step-by-Step Instructions

  1. Log into your domain hosting service.
  2. Navigate to the DNS management page.
  3. Look for an option to add a new TXT record.
  4. In the TXT record, enter @ in the Host field (if applicable) and the following value:
    v=spf1 include:mailgun.org ~all
  5. Save your changes.

Adding a DKIM Record

What is DKIM?

DKIM adds a digital signature to email messages. This signature allows the recipient to verify that the email was not altered after it was sent and confirms the sender’s domain.

Obtaining Your DKIM Key

For our email service, the DKIM key is already provided below. You need to add it to your DNS as a separate TXT record.

Step-by-Step Instructions

  1. Log into your domain hosting service.
  2. Go to the DNS management section.
  3. Choose to add a new TXT record.
  4. For the Host, enter: pic._domainkey.mg3.clienttether.com
  5. And for the Value, enter the following:
    k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlgB1xR40xdzrPaAsYUzes27TgeTrAgTXdjngNAcGgzziBuBNIxeyEZbV36dOgurgvYFytszBnWDdWgDzGkYihjkEGAOeg7E48WhYSADWVirl+59EAxb/Llu+GGPlOu2zvIFl8rUCbOUKYVeqfV4FxOsrDV9jGAXztypwR5wZ6+C+FoL4VJUmplPL648tJ2viW8NcFTdh4VLyv34xaHrWrwvHrLGa1AHBDt0q9FTUrqTfk7ohM++rpS0MiuZopHyf/W4AEmzC/ZzueuJVXwzTwriSGsabt4i5LMIYZEgT5lvCblB7FBb8vtm2A3XMCyZRT6CxGKUSyI+QDNKlsF4aFQIDAQAB
  6. Save your changes.

Testing and Verification

After adding SPF and DKIM records and giving those records time to propagate, use online tools to verify your setup:

  • MXToolBox: Can be used to verify both SPF and DKIM records.
  • Google Admin Toolbox: Another useful resource for checking your domain’s authentication settings.

If you encounter any issues, ensure the records are correctly entered and propagated, which can take up to 48 hours.

FAQ

Q: How long does it take for the records to propagate?
A: DNS propagation can take up to 48 hours, but it can be quicker depending on your DNS host.

Q: What if I already have an SPF record?
A: If you have an existing SPF record, add include:mailgun.org to it instead of creating a new SPF record. Ensure not to exceed ten DNS lookups in your SPF record.

Additional Support

Here is a video link that gives examples on how to do the steps listed above.  These examples are from a GoDaddy DNS management perspective.  Your particular DNS provider will be slightly different.

If you need further assistance, you must contact your own email support team and provide them with this document. ClientTether Support can not implement nor validate your implementation.

Remember there is an alternative option in or SMTP Authentication Guide.