I'm Kristina, an email marketing specialist at ispmanager. One of my responsibilities at my company is to monitor email deliverability. Many factors affect deliverability, but one of the most important is the correct configuration of email domain authentication. Incorrect configuration can lead to spam, domain and IP blacklisting, and a high percentage of SMTP servers refusing to accept your emails. In this article I will give a step-by-step guide on how to configure DNS records in ispmanager, give tips on how to control email deliverability and troubleshoot common problems. This article is intended for ispmanager users and anyone interested in how to configure domain authentication.
Setting DNS records and configuring email authentication for domain
In order to successfully deliver emails to clients, it is important to configure four DNS records: SPF, DKIM, DMARC, and rDNS. These records ensure that emails coming from the domain to the recipient's server are legitimate and not spam or spoofed.
Important: Make sure that the domain is pointed to the panel server at the domain name registrar. Otherwise, the created records will not work and you will have to create or migrate them to the correct name servers.
SPF (Sender Policy Framework) — is a DNS record that indicates which IP addresses are authorized to send emails on behalf of your domain. Multiple servers and IP addresses can be specified in one SPF record. For example, when emails are sent from your IP and from the mailing service (ESP), as we do in ispmanager.
To create an SPF record in ispmanager:
1. From ispmanager Main menu navigate to Domain names (DNS).
2. Select a domain → Manage DNS records.
Click Create record and select the TXT type as the record type.
4. In the Name field, type @, which stands for root domain.
In the Value field, enter an SPF record in the following format:
v=spf1 include:_spf.yourdomain.com ~all
TTL - leave 3600 sec. — this interval is recommended by Google. You can change it if necessary. For more information about TTL see the Google Workspace documentation.
v=spf1 include:_spf.yourdomain.com ~all is not the only valid option. The record
ip4, ip6, a, mx, include, redirect, ptr, exists и exp and exp parameters, because you can check SPF records by IP, A record, MX record and so on. I will discuss those included in the above example.
The v=spf1 part shows that the entry is of type SPF version 1. Only spf1 is currently supported.
The include part lists the servers that are allowed to send mail from the domain.
~all qualifier indicates that an email that fails the SPF check is treated as a soft failure. This means that it will probably be delivered, but will be marked as suspicious.
DKIM (DomainKeys Identified Mail) is another technical standard that helps identify fake email addresses, fight spam and prevent spoofing and identity theft. DKIM adds a digital signature to the email headers. Mail servers check the headers to find out if the message has changed during transmission and if it was sent from a reliable source.
To configure a DKIM-record:
1. In ispmanager navigate to Settings → Software configuration section.
2. Select Mail server (SMTP/POP3/IMAP) → Edit..
3. Check the box next to OpenDKIM.
Navigate to Mail → Mail domains..
5. Click Edit for the selected domain.
6. Check the Enable DKIM for domain checkbox, specify the DKIM selector and select the desired DKIM key length..
A DKIM record in the following format will be automatically created:
v=DKIM1; k=rsa; p=public keycode>
v=DKIM1 part indicates that the entry is of type DKIM version 1.
k=rsa part, k is the key type. The k value is always rsa.
Part p specifies the public key that is generated by OpenDKIM.
Example of a public key:
DMARC (Domain-based Message Authentication, Reporting & Conformance) — is a DNS record that specifies how email providers should handle emails that failed SPF or DKIM validation.
To configure a DMARC record:
- In ispmanager navigate to Mail → Mail domains.
- Click Edit for the selected domain..
- Check the box next to Enable DMARC for domain.
Ispmanager automatically generates DMARC records in the following format:
v=DMARC1; p=none; rua=mailto:firstname.lastname@example.org; adkim=r; aspf=r; pct=100; sp=none
pnotes the policy for handling the email if the email fails authentication. There are three policy types:
- None — emails are delivered to the recipient, but you receive reports on authenticated and unauthenticated emails.
- Reject — unauthenticated emails are rejected by the recipient's server. Emails are not delivered, but you receive “undelivered” reports.
- Quarantine — unauthenticated e-mails are moved to the "Spam" folder.
The Google Workspace Admin Help recommends starting with none if you have not sent emails from the domain yet. It is recommended that you do not set reject or quarantine until you understand how emails are being validated on the recipients' servers. You can track this by receiving reports to the address specified in rua. Learn more about the DMARC record in the Google Workspace Admin Help.
rDNS, или обратная DNS-запись is a DNS record that maps an IP address to a domain name. This check also helps combat spam and phishing, as attackers may have difficulty setting up correct rDNS records for their IP addresses.
To configure a rDNS record:
1. From ispmanager Main menu navigate to Domain names (DNS) - select a domain - Manage DNS records.
2. For a domain, click Create Record and select PTR (reverse record) as the record type.
3. In the Name field, specify the IP in reverse order and add the suffix in-addr.arpa. For example, if your IP is 10.20.30.40, in the Name field you need to write: 188.8.131.52.in-addr.arpa
In the Domain field, specify the domain name for which you are configuring the PTR record.
Email delivery monitoring and troubleshooting
After configuring DNS and email authentication settings, it's important to monitor email deliverability and troubleshoot any issues that arise.
You can monitor emails from email providers and use tools such as Mail Tester, GlockApps or MXtoolbox to monitor the deliverability of your emails. These tools can help you identify the following issues:
- failed email authentication;
- poor sender reputation;
- content that triggers spam filters;
- blacklisted domain or IP.
You can also see if the technical settings are correct in the header of the test email. In Gmail, click "Show original" on the email you have sent.
It is better to perform such checks for emails sent from multiple sources: manually through a mail provider, from mailing services (ESP), and from an SMTP server.
Very often developers face the following difficulties:
- Untimely updating of email authentication records when changing IP or mail provider. When changing the IP or mail provider, it is important to update the SPF, DKIM and DMARC records to reflect the changes.
- Incorrect configuration of the SPF record, for example, the use of incorrect syntax or the inclusion of incorrect IP addresses. It is important to make sure that your SPF record is configured correctly: with correct syntax; includes authorized IP addresses of your mail servers.
- Incorrect DMARC configuration. It is important to configure DMARC policies correctly so that messages are not marked as spam. You can check the DMARC record using the Google MX Check Tool..
If you have problems with the delivery of letters, use ispmanager to solve them. The panel contains logs of Exim and Dovecot mail servers to help determine the cause of the problem and take action to fix it.
But setting up your email domain correctly is not the only requirement for high deliverability and spam-free mailing. It is important to constantly check the database for invalid email addresses, send emails only to contacts who have explicitly subscribed through a double opt-in subscription, and monitor the content of the emails.
Wishing you 100% deliverability!
Try ispmanager for free
Ispmanager is a Linux-based VPS/VDS control panel. Install it on your hosting to manage the mail server, sites, web applications. Free access for two weeks.
More than 35 000 people are already reading us
Save 10% on ispmanager purchase and select your newsletter!
Choose from Ispmanager news, beginner web dev, advanced web dev, or suggest your option. Subscribe for exclusive discounts and knowledge!
Thank you for your interest in ispmanager newsletter!
An email has been sent to your email address: asking you to verify your subscription.
Right after confirming the mailing address, we will send you the promised discount.
*If you did not receive the email, please check that you have entered your mailing address correctly and try filling out the form again.