DNS Records (DMARC, SPF, DKIM)
Posted by Wes Zulu, Last modified by Dave Zulu on 14 January 2017 12:08 PM
Setting up DNS for DMARC and using your own brand. We recommend that the Return Path = email@example.com. So you will need an MX DNS entry:
1. Set-up a new MX record
edm.yourdomain.com MX 10 pmta.zululabs.com
2.) Then you will need an SPF Record:
yourdomain.com TXT "v=spf1 ip4:220.127.116.11/24 ~all"
*Note if you have an existing SPF record simply add in ip4:18.104.22.168/24
3.) Then we need to issue you with a custom edm DKIM / domain
Your DKIM key must be generated by Zulu eDM.
To have your own DKIM key created for your account please send a request to firstname.lastname@example.org with your account details and "Sender" domain name (e.g. if sending from email@example.com the domain name would be "theedmfactory.com").
Hostname = key1._domainkey.theedmfactory.com (note we have updated clients to use edm._domainkey not key1.)
This needs to be added to your DNS as per the image below. Once complete your DNS settings should look like the following (please click the image to enlarge)
If you would like us to confirm if your DKIM is working correctly - please email us at firstname.lastname@example.org with the domain name you have set up with the DKIM and we will check this for you. It can take 48 hours to update on your DNS so please take note of this when sending a request through.
4.) We recommend a Google Postmaster DNS entry. We will issue you this record.
5.) Finally (and when we tell you to) implement your DMARC entry:
yourdomain.com TXT "v=DMARC1\; p=none\; rua=mailto:email@example.com\; adkim=r\; aspf=r\;"
A finished DNS would look like this:
Some registrar's do not allow certain elements in the host part of the TXT record which can cause some issues (e.g. underscores and character limits). This issue is on the registrars side and we suggest that you set up a secondary custom domain for your email sending using a DNS provider that allows what your current registrar does not. Or you can switch DNS providers completely or contact them to see if they have a possible solution for you.
Some registrars automatically add quotation marks around the key which can cause errors as there is duplicate quotation marks in the saved file. All you need to do is update the file and remove the quotation marks from the key above and save the key again. This should resolve the issue.
Each domain entry i.e. domain.com or edm.domain.com must only have one SPF record per domain.
We have seen:
"v=spf1 a mx ip4:22.214.171.124 ip4:126.96.36.199 ip4:188.8.131.52/24 include:sharepointonline.com include:spf.protection.outlook.com -all"
What you should have:
"v=spf1 ip4:184.108.40.206 ip4:220.127.116.11 ip4:18.104.22.168/24 include:sharepointonline.com include:spf.protection.outlook.com -all"
CPANEL DNS NOTES
The TXT Record should read (and it does on the cPanel):
In every lookup I perform it shows up without the \