Enabling DKIM, SPF, and DMARC Records for Rackspace Email

Enabling DKIM, SPF, and DMARC Records for Rackspace Email

With Zebra Cloud Mail and Zebra Exchange mail, we can enable DKIM on your account.

If you are not familiar with setting up DNS records for your domain, we recommend contacting your DNS host and providing them the following information so that they can either assist you or set the records up for you.

Please partner with your domain’s DNS host to setup the following DNS records. They will all be TXT (short for TEXT) records:

  • SPF
  • DKIM

Step 1: Setup Your SPF Record

To have an SPF record implemented, contact your DNS hosting provider and have them add the following TXT record to your DNS:

Hostname: YOURDOMAIN.com (some DNS providers require just the “@” here)

Time to live (TTL): lowest possible

Record type: TXT

Value: v=spf1 include: emailsrvr.com ~all

If you utilize other authorized sending servers (.e.g. specialized bulk mailing services (such as Sendgrid, Mailchimp, Constant Contact, etc.), a web server that send email from your domain, or some other non-Rackspace email provider) you will need to contact that provider for the additional information (their UIP addresses(es) or host names) needed to add in to complete your SP record. This will help mitigate any potential errors with your email delivery.

This means only Rackspace is authorized to send mail for YOURDOMAIN.com. All others would be neutral simply because there is was no current SPF for the domain. Any other servers sending for YOURDOMAIN.com should be semantically the same as the current settings.

Step 2: Setup Your DMARC Record

We highly advise setting up a ‘reporting-only’ DMARC policy prior to setting up any enforcement that will reject or quarantine messages that fail the DMARC policy. It instructs anyone who receives an email for YOURDOMAIN.com to send reports the specified addresses. In the Value field, please specify an email address to receive the daily DMARC reporting. You can set up your DMARC signature as follows:

Hostname: _dmarc.YOURDOMAIN.com

Time to live (TTL): lowest possible

Record type: TXT

Value: v=DMARC1; p=none; rua=mailto:[email protected]

(Please use an administrator email address that you choose to receive DMARC reports to.)

We also recommend using an aggregator to help filter the content of these emails that will be returned. The top reporting aggregators we have found are:

  1. dmarcian (http://dmarcian.com)
  2. 250OK (http://250OK.com)
  3. Agari (http://agari.com)

This is based on our experience and based on suggestions from https://dmarc.org/resources/products-and-services/

Also, you’ll want to read this helpful post about how to read the DMARC aggregate reports so that you can understand what is happening to your email:


Step 3 must be completed by ZebraHost**

Step 3: Setup DKIM

Step 1

a. Once your SPF and DMARC records are setup on your DNS record host and have finished propagation, please proceed to the Cloud Office Control Panel and enable DKIM. Navigate to Domains -> click on: Sender Authentication (DKIM). Once there, you will see your domains listed with a red padlock icon. Click on the domain that you want to enable -> click on the Enable DKIM for--- button. (Note: this process may take several minutes to complete.)

b. Once the control panel provides you with the DKIM DNS record and you have set it up and it has finished propagation, make sure to go back into this section in the control panel and click on the domain again (there should be an orange padlock now). Once there, you will see the following:

Step 2: Verify

Note: DNS changes may take up to 30 minutes to propagate.

Click the Verify TXT Record button.

Once this completes successfully, DKIM signing will be set up on the outbound mail for your domain.

You can use website tools such as whatsmydns.net or network-tools.com to check your domain’s DNS records to propagation. Typically, it can take between 24 to 48 hours for changes to DNS records to fully propagate on the internet. However, some DNS hosts can update changes very rapidly. Please ask your DNS host what their update or propagation time is.