Tag Archives: dkim

Email infrastructure made right. Part 1: basic requirements.

If you send emails quite often like we do at ServerBeep.com (we send email notifications if something bad happen with our customers’ websites or services), you had better to prepare your email setup before you start. It’s better to do it before than to solve the issues after. There are few items described below which should be consider as required before you start.

Check you IP addresses history

Sender Score and Sender Base allow you to check your IP history. If you find any issues you’d better consider changing it.

MX and PTR DNS records

To send a mail you have to setup PTR and MX DNS records properly so your IP address should point to your domain. A lot of SMTP server would reject your mail if you don’t have correct PTR record.

[root@sb1 ~]# host 88.198.20.28
28.20.198.88.in-addr.arpa domain name pointer serverbeep.com.
[root@sb1 ~]#

SPF

SPF stands for Sender Policy Framework. It allows you to tell other SMTP servers which IP and/or domain are allowed to send a mail from your domain. And it’s quite easy to setup. There’re a lot of online services which could help you with it.

Here’s for instance, our SPF record:

serverbeep.com. 42008 IN SPF "v=spf1 ip4:88.198.20.28 ip6:2a01:4f8:130:32a4::28 ~all"

Besides, it would be better to have the same one in TXT record. Just in case.

If you check the headers from the mail you received to your Gmail account you can see how Google treats SPF:

Received-SPF: pass (google.com: domain of no-reply@serverbeep.com designates 2a01:4f8:130:32a4::28 as permitted sender) client-ip=2a01:4f8:130:32a4::28;
Authentication-Results: mx.google.com; spf=pass (google.com: domain of no-reply@serverbeep.com designates 2a01:4f8:130:32a4::28 as permitted sender) smtp.mail=no-reply@serverbeep.com; dkim=pass header.i=@serverbeep.com

Using Gmail is the simplest way to check if you set up SPF properly. Besides there are a lot of other ways to check online. Just google for ‘spf check’.

DomainKeys Identified Mail

To setup DKIM you need to generate public and private keys. Public should be added to your domain zone while private key should be securely stored on you server. SMTP server, Sendmail for instance, uses private key to add a digital signature which can be used for email validation.

Here’s an example of DKIM record:

default._domainkey.serverbeep.com. 41765 IN TXT "v=DKIM1\; k=rsa\; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDXFOEq2OCK1Bpp7YpId3nSgJX8fcfl5bx3a9aiDHm5nCAx0ZmAPacOoo+dmFlBfbcAIbi2BPons6w/uIW4rSeFAuybGw04/wMOkVit1OJPoiCsGW9BJLPeMnez+6m32zv3drVjgeywxtVDNbQphOIJdk4S88O2hlWOsusYv4sEdQIDAQAB"

The same as for SPF, you could check your DKIM by sending a mail to your Gmail account. Look for DKIM-Signature and Authentication-Results headers.

Necessary mail aliases: abuse@, postmaster@ and fbl@

If there are any issues other postmasters would send a mail to some of these aliases. So again, you should definitely have them set up.

Smart Network Data Services by Microsoft

Register on SNDS to be informed if there’re any issues with Hotmail.

Of course, it’s not all required steps. But probably the most important ones.