Reputation: 501
Sending mail from Gmail via another SMTP server issues
I have an email address forwarding to a gmail account. I then use SMTP to send a response from gmail via the domains SMTP server. This is all set up fine. However some recipients are not receiving the emails? Is there further configuration I need to do on the domain side?
I am told I need to configure the SPF, DKIM and DMARC records but I have no idea what the configuration/values should be?
Upvotes: 1
Views: 627
Answers (1)
Reputation: 1069
Having SPF, DKIM and DMARC set up is seldom a prerequisite for having your email delivered. If your email domain and servers have a decent reputation, you won't, generally, run into to much trouble.
However, it is best practice to set up all three, to start authenticating your emails and making it harder for others to impersonate your email domain without authorization. I'll outline the basics for you:
Why Authenticate
- Phishing: Email Authentication will make it harder to impersonate your email domain, without authorization. It (somewhat) protects your colleagues, partners and customers against phishing.
- Brand Reputation Protection: Phishing from your domain can harm the reputation of your brand.
- Deliverability: Authentication improves deliverability because it's weighed heavily in determining whether or not the email is legit.
DMARC
DMARC will try to find successful authentication for servers sending on your behalf. Specifically, it will look for a Pass on SPF or DKIM, in alignment with the email address (domain) that is being showed to the recipient in his email client. This is known as the Header.From field. (Not to be mistaken with the Sender field, the Reply-To field or Return-Path).
SPF
SPF is basically a list of IP addresses, published as a TXT DNS resource record, listing all servers that are authorized to send email for the domain the record lives in. This does not include subdomains, those require additional SPF records. One of the (many) problems with SPF: Receiving servers need to check the Return-Path email address to lookup the SPF record, instead of the Header.From domain. There is no need for the Header.From email address and the Return-Path address to share any of the domain part, according to the SMTP RFC. Thus where DMARC comes in.
DKIM
Signing an email message with a DKIM private key, requires you to publish a matching public key in the subdomain _domainkey for the domain your signing for. The receiving server will look for d= value and the s= value in the DKIM signature to construct the correct DNS TXT resource record to query, holding the public key. Example d=stackexchange.email s=s1 will result in a DNS query for the TXT record s1._domainkey.stackexchange.email. The same applies here as with SPF: The d= value does not have to match with the domain portion of the Header.From email address.
Unfortunately the configuration and values are very specific, depending on which parties are allowed to send on behalf of your domains, the subdomains you use and how you use them, etc. Especially SPF has a few limits that will make the setup harder.
Upvotes: 1
Related Questions
- Postmaster SPF FAILing/Email headers show PASS
- Why SPF fail and DKIM passed in DMARC reports?
- how to explain this DMARC SPF failure?
- DMARC Anti-Spoofing Error When Sending Email with Sender Yahoo Domain Other Than Server Domain
- Gmail rejects emails, although PTR and SPF are set
- Recipient address rejected: Message rejected due to: SPF fail - not authorized
- How can I fix the problem with Gmail? Gmail marked email with passed SPF, DKIM and DMARC as spam
- SPF + DKIM + DMARC = Passed yet message ends in spam
- DMARC behaviour on Gmail
- SPF = Hotmail : Pass / Gmail : Fail