Continuing the topic of DNS, in addition to the basic A and MX records, there are three other critically important records that are responsible for the security of your mail and its deliverability — that is, ensuring your emails don’t end up in spam. These are SPF, DKIM, and DMARC. They act as unique digital seals and verification rules for your correspondence, confirming its authenticity.

• SPF Record (Sender Policy Framework): Authorizing Sending

  What it is: An SPF record is a text record (TXT) that lists all mail servers authorized to send emails on behalf of your domain.

  Why it’s needed: This is powerful protection against spoofing (faking the sender’s address). If an email claims to be from your domain but comes from a server not listed in the SPF record, other mail services may consider it spam or malicious. Correct SPF significantly improves the deliverability of your emails.

  Configuration Example:

  vashbiznes.ru. IN TXT "v=spf1 include:_spf.google.com include:mail.vashbiznes.ru -all"

  Here, v=spf1 indicates the SPF version. include: adds other authorized domains (e.g., if you use G Suite for mail). -all means that all other servers are not allowed to send mail on your behalf.

• DKIM Record (DomainKeys Identified Mail): Digital Signature for Emails

  What it is: DKIM adds a digital signature to every outgoing email. The recipient can verify this signature using a public key that you publish in your DNS.

  Why it’s needed: A DKIM signature confirms that the email was indeed sent from an authorized server (and was not altered during delivery), which greatly increases trust in your emails and reduces the likelihood of them ending up in spam.

  Configuration Example:

  First, you need to generate DKIM keys (this is usually done by your mail service or server).

  selector._domainkey.vashbiznes.ru. IN TXT "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQ..."

  selector is a unique name generated for your key. p= is your public DKIM key, which will be very long.

• DMARC Record (Domain-based Message Authentication, Reporting & Conformance): Policy for Handling Suspicious Emails

  What it is: DMARC is a text record (TXT) that tells mail providers what to do with emails that fail SPF and/or DKIM checks. It also allows you to receive reports on such emails.

  Why it’s needed: DMARC unifies SPF and DKIM, giving you control over how emails supposedly sent from your domain are handled if they fail authentication checks. This is another powerful tool for combating spam and phishing.

  Configuration Example:

  _dmarc.vashbiznes.ru. IN TXT "v=DMARC1; p=quarantine; rua=mailto:[email protected]"

  v=DMARC1 indicates the version. p=quarantine means that emails failing the check should be sent to the “Spam” folder. Other options include p=none (monitoring only) or p=reject (rejecting). rua=mailto: specifies the address where you will receive reports on authentication checks.