A Few Words About SPF, DKIM, and DMARC Records

23 May, 2024 | by B.Grabarczyk

We live in times where email correspondence is the primary communication channel, especially for business but also for personal use. Of course, we are not considering social media or messaging apps here – we recognize their importance, but for the purpose of this entry, we will focus on email security.

The development of electronic services and the increasing possibilities they bring have one task – to make our lives easier. The speed of this progress often leaves our lawmakers behind. Fortunately, not for long.

In addition to introducing the highly valued electronic signature (whether certified or qualified), whose task is (besides saving trees and printer ink) primarily to speed up the circulation of documents and accept their digital versions, we have also seen the implementation of the Act on Counteracting Abuses in Electronic Communications. When the document came into effect last July, some people's eyes opened wider. What abuses? Is that even possible? After all, my email address is protected by a password, what bad could happen?

As a hosting service provider, we are more than happy to see the growing awareness among internet users. With this somewhat lengthy introduction, we want to suggest ways you can counteract online abuses here and now. The Act will tell you what constitutes abuse and whom to contact if it occurs. We will describe 3 steps, or rather, introduce you to 3 records for your domain that will help prevent email abuses. Of course, all examples will be based on WEBD.pl servers, as you can configure all these records with us in just three, maybe four, clicks.

Important? Absolutely!


SPF Record (Sender Policy Framework)

Assigning such a record to your domain has two advantages. Firstly, as the sender of the message, you inform the recipient's server that only messages from our server and only from your domain can be sent. In other words, this record confirms the authenticity of your domain and your email. The second very important advantage is that it prevents your email from being marked as SPAM. Most hosting providers already have mechanisms in place to check for the existence of an SPF record, and the absence of such a record for your domain will likely result in the message being classified as SPAM. Yes, WEBD.pl also checks for the existence of an SPF record for the emails you receive.

Importantly, for some time now, WEBD.pl has been automatically adding an SPF record to domains added in cPanel. Make sure you see it – we recommend checking our Help section HERE to learn how to add an SPF record.


DKIM Record (Domain Keys Identified Mail)

In short? Encryption.

This entry in your domain is designed to encrypt the message you send. Here, we are talking about a more thorough method of security – if the recipient's server correctly decodes your message using the key indicated in the domain's DKIM record, the recipient can be sure that the email was sent by you. Of course, we do not delve into the content of the sent email – if you make a blunder, the blunder will be decoded 😉

Take a look at how to set up this record – details, as always, are in our HELP section.


DMARC Record (Domain-based Message Authentication Reporting and Conformance)

Alright, let's assume everything is perfect, and you, dear User, have set up both the SPF and DKIM records. It can be confidently assumed that you have taken readily accessible and somewhat basic steps to secure your outgoing mail.

But we can take it a step further! Though it might be hard to imagine, with a DMARC record, you can inform the recipient's server what to do with a message that looks like it was sent from your domain. This only works on the assumption that you have set up the records we mentioned above.

The DMARC record provides the option to convey three types of instructions to the recipient's server.

The first option, let's call it ‘do nothing’, will result in no action being taken by the recipient's server. But! We already know that the lack of an SPF record will very likely cause the email to be classified as SPAM.

The second option – quarantine – instructs the recipient's server to definitely classify the email that appears to be from your domain as SPAM.

The third option – reject the message – ensures that the 'fake' email never reaches the recipient.

What we think is a cool additional bonus – with this record, you can specify an email address where you want to receive reports of attempts to spoof your domain. An excellent way to keep an eye on things.

As you can see, this record has the most options to choose from, so we recommend checking out how to set up a DMARC record on WEBD.pl servers HERE.

We trust that now we will see an increased number of logins to cPanel to set up all three records. At WEBD.pl, we provide you with all the tools to secure your email. Included in the price. 😉

Our partners.

Monitoring 24/7.

Round the clock server monitoring
allows you to easily use
WEBD.pl services!