22 August 2023 Reading time: 6 minutes

Kristina Preis

e-mail marketer

Configuring mail domain authentication in ispmanager. Email marketer's guide for administrators

Ispmanager

I'm Kristina, an email marketing specialist at ispmanager. One of my responsibilities at my company is to monitor email deliverability. Many factors affect deliverability, but one of the most important is the correct configuration of email domain authentication. Incorrect configuration can lead to spam, domain and IP blacklisting, and a high percentage of SMTP servers refusing to accept your emails. In this article I will give a step-by-step guide on how to configure DNS records in ispmanager, give tips on how to control email deliverability and troubleshoot common problems. This article is intended for ispmanager users and anyone interested in how to configure domain authentication.

Content

Configuring DNS records and mail domain authentication

Configuring SPF

Configuring DKIM

Configuring DMARC

Configuring rDNS

Email delivery monitoring and troubleshooting

Setting DNS records and configuring email authentication for domain

In order to successfully deliver emails to clients, it is important to configure four DNS records: SPF, DKIM, DMARC, and rDNS. These records ensure that emails coming from the domain to the recipient's server are legitimate and not spam or spoofed.

Important: Make sure that the domain is pointed to the panel server at the domain name registrar. Otherwise, the created records will not work and you will have to create or migrate them to the correct name servers.

Configuring SPF

SPF (Sender Policy Framework) — is a DNS record that indicates which IP addresses are authorized to send emails on behalf of your domain. Multiple servers and IP addresses can be specified in one SPF record. For example, when emails are sent from your IP and from the mailing service (ESP), as we do in ispmanager.

To create an SPF record in ispmanager:

1. From ispmanager Main menu navigate to Domain names (DNS).

Вход в раздел Управление DNS
How to find Domain names (DNS)

2. Select a domain → Manage DNS records.

Управление DNS
DNS management

Click Create record and select the TXT type as the record type.

Управление DNS
Creating a TXT record

4. In the Name field, type @, which stands for root domain.

In the Value field, enter an SPF record in the following format: v=spf1 include:_spf.yourdomain.com ~all

TTL - leave 3600 sec. — this interval is recommended by Google. You can change it if necessary. For more information about TTL see the Google Workspace documentation.

The format v=spf1 include:_spf.yourdomain.com ~all is not the only valid option. The record ip4, ip6, a, mx, include, redirect, ptr, exists и exp and exp parameters, because you can check SPF records by IP, A record, MX record and so on. I will discuss those included in the above example.

The v=spf1 part shows that the entry is of type SPF version 1. Only spf1 is currently supported.

The include part lists the servers that are allowed to send mail from the domain.

The ~all qualifier indicates that an email that fails the SPF check is treated as a soft failure. This means that it will probably be delivered, but will be marked as suspicious.

Configuring DKIM

DKIM (DomainKeys Identified Mail) is another technical standard that helps identify fake email addresses, fight spam and prevent spoofing and identity theft. DKIM adds a digital signature to the email headers. Mail servers check the headers to find out if the message has changed during transmission and if it was sent from a reliable source.

To configure a DKIM-record:

1. In ispmanager navigate to SettingsSoftware configuration section.

Управление DNS
Navigate to Software configuration

2. Select Mail server (SMTP/POP3/IMAP) → Edit..

Управление DNS
Changing mail server configuration

3. Check the box next to OpenDKIM.

Управление DNS

Navigate to Mail → Mail domains..

Управление DNS
Navigating to Mail domains

5. Click Edit for the selected domain.

6. Check the Enable DKIM for domain checkbox, specify the DKIM selector and select the desired DKIM key length..

Управление DNS
Configuring DKIM

A DKIM record in the following format will be automatically created: 

v=DKIM1; k=rsa; p=public keycode>

The v=DKIM1 part indicates that the entry is of type DKIM version 1.

In the k=rsa part, k is the key type. The k value is always rsa.

Part p specifies the public key that is generated by OpenDKIM.

Example of a public key:

MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDwZ5t5LK5S5ybh9Y+5p0dLFL+8ZvPmDm6HfnU6n/S+q3rU6lX9QatmJPOaWxQ8+I7MDe/A1zTupTJWJ/8gyl7+X9YJfxsE+yPrTlC1ksAFwzW8nnLLbZ/D9XHDKmsbVdIu8pF+BK7dUEzkpUz/u6Ux8RvAkKMZDTPbg6Qtk63QIDAQAB

Configuring DMARC

DMARC (Domain-based Message Authentication, Reporting & Conformance) — is a DNS record that specifies how email providers should handle emails that failed SPF or DKIM validation.

To configure a DMARC record:

  1. In ispmanager navigate to Mail → Mail domains.
  2. Click Edit for the selected domain..
  3. Check the box next to Enable DMARC for domain.
    Управление DNS
    Enabling DMARC

Ispmanager automatically generates DMARC records in the following format: v=DMARC1; p=none; rua=mailto:youremail@example.com; adkim=r; aspf=r; pct=100; sp=none

Part p notes the policy for handling the email if the email fails authentication. There are three policy types:

  • None — emails are delivered to the recipient, but you receive reports on authenticated and unauthenticated emails.
  • Reject — unauthenticated emails are rejected by the recipient's server. Emails are not delivered, but you receive “undelivered” reports.
  • Quarantine — unauthenticated e-mails are moved to the "Spam" folder.

The Google Workspace Admin Help recommends starting with none if you have not sent emails from the domain yet. It is recommended that you do not set reject or quarantine until you understand how emails are being validated on the recipients' servers. You can track this by receiving reports to the address specified in rua. Learn more about the DMARC record in the Google Workspace Admin Help.

Configuring rDNS

rDNS, или обратная DNS-запись is a DNS record that maps an IP address to a domain name. This check also helps combat spam and phishing, as attackers may have difficulty setting up correct rDNS records for their IP addresses.

To configure a rDNS record:

1. From ispmanager Main menu navigate to Domain names (DNS) - select a domain - Manage DNS records.

Управление DNS
Navigating to DNS records management

2. For a domain, click Create Record and select PTR (reverse record) as the record type.

3. In the Name field, specify the IP in reverse order and add the suffix in-addr.arpa. For example, if your IP is 10.20.30.40, in the Name field you need to write: 40.30.20.10.in-addr.arpa

In the Domain field, specify the domain name for which you are configuring the PTR record.

In the

Email delivery monitoring and troubleshooting

After configuring DNS and email authentication settings, it's important to monitor email deliverability and troubleshoot any issues that arise.

You can monitor emails from email providers and use tools such as Mail Tester, GlockApps or MXtoolbox to monitor the deliverability of your emails. These tools can help you identify the following issues:

  • failed email authentication;
  • poor sender reputation;
  • content that triggers spam filters;
  • blacklisted domain or IP.

You can also see if the technical settings are correct in the header of the test email. In Gmail, click "Show original" on the email you have sent.

You can also see if the technical settings are correct in the header of the test email. In Gmail, click

It is better to perform such checks for emails sent from multiple sources: manually through a mail provider, from mailing services (ESP), and from an SMTP server.

Very often developers face the following difficulties:

  1. Untimely updating of email authentication records when changing IP or mail provider. When changing the IP or mail provider, it is important to update the SPF, DKIM and DMARC records to reflect the changes.
  2. Incorrect configuration of the SPF record, for example, the use of incorrect syntax or the inclusion of incorrect IP addresses. It is important to make sure that your SPF record is configured correctly: with correct syntax; includes authorized IP addresses of your mail servers.
  3. Incorrect DMARC configuration. It is important to configure DMARC policies correctly so that messages are not marked as spam. You can check the DMARC record using the Google MX Check Tool..

If you have problems with the delivery of letters, use ispmanager to solve them. The panel contains logs of Exim and Dovecot mail servers to help determine the cause of the problem and take action to fix it.

But setting up your email domain correctly is not the only requirement for high deliverability and spam-free mailing. It is important to constantly check the database for invalid email addresses, send emails only to contacts who have explicitly subscribed through a double opt-in subscription, and monitor the content of the emails.

Wishing you 100% deliverability!

Try ispmanager for free

Ispmanager is a Linux-based VPS/VDS control panel. Install it on your hosting to manage the mail server, sites, web applications. Free access for two weeks.

Try ispmanager for free