Koumbit.org

For freedom and solidarity online

Email Authentication (SPF, DKIM & DMARC)

We use certain mechanisms in order to help emails sent from your domains to get delivered properly to other email providers: SPF and DKIM. Both of those mechanisms are configured in your domain name (DNS) so that other providers can use this information.

SPF

SPF (SenderPolicyFramework ) is used to identify a set of authorized servers for sending out emails for your domain name. This is used to identify Koumbit servers, and possibly others, as being authorized to send emails on your behalf. This means that other provides will give a somewhat better reception when emails come from those servers.

SPF can also be used to block unknown servers from sending out emails for your domain name. This gives you control over which services can be used to send email for your addresses and can block spam that is generally sent from unrecognized machines.

To use SPF with your hosting services at Koumbit, add the following TXT type record to the DNS zone of your domain:

By default, Koumbit uses the following rule which identifies Koumbit servers as being authorized, but doesn't block any other servers from sending out emails for you (this means that you can use services from other providers to send email but those other providers will not be getting the "preferential hint" to help out with delivery)

v=spf1 mx include:spf.koumbit.net ~all

DKIM

DomainKeys Identified Mail (DKIM ) is used for authenticating the origin of an email. By using this entry, it is possible to verify that the message was processed by Koumbit's email servers.

Koumbit's email server attaches a cryptographic signature (by using a private key that is known only to Koumbit's email server) on the contents of the message. This signature can then be verified by using the public key that can be found in the DNS entry corresponding to the DKIM information.

DKIM keys are generated automatically for domains hosted on Koumbit's server. In some cases however, they may require a final manual setup step. Contact us to get OpenDKIM configured on your domain.

If you are looking for your DKIM public key, you can go in your alternc account, on to your domain name management page, then click on the 'View' tab and search for en entry similar to this one.

alternc._domainkey.. 3600 IN TXT "v=DKIM1\; k=rsa\;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GN....

If either your domain name (DNS) or your emails are hosted with another provider, contact our support team and we will help you configuring DKIM.

DMARC

DMARC (Domain-based Message Authentication, Reporting and Conformance ) is not an authentication mechanism, but an information mechanism. Some servers will send DMARC reports at the email address specified in the TXT entry. These reports indicate whether some emails sent by your domain fail the SPF and/or the DKIM.

Usually, we use an email address in the style of "postmaster@yourdomain.org" (where yourdomain.org is the domain with the DMARC entry) but any email address will do. Note that this email address will be public and visible to all: it is recommended to not use a personal email address to avoid being flooded with spam.

Here is an example of a typical DMARC entry:

_dmarc.yourdomain.org. 3600 IN TXT "v=DMARC1; p=none; rua=mailto:postmaster@yourdomain.org"

While the presence of a DMARC entry was seen as optional, more and more services now require this entry to be present. It is therefore important to have one for every domain which sends emails.

How to read a DMARC report

If you have a DMARC entry which specifies an email address, then you will receive DMARC reports. A DMARC report is a ".zip" file" in which there is an ".xml" file. There are some online resources that can help you understand this report, but what matters is to see if the following lines are there:

  • Is there a line like this: <dkim>fail</dkim>
  • Is there a line like this: <spf>fail</spf>

If you have one, or the other, or both, contact us with the DMARC report and it will be our pleasure to find the issue.

Call us

☏ +1 514 907 9494
Lun: 10h à 12h et 13h à 16h
Mar: 10h à 12h
Mer: 10h à 12h et 13h à 16h
Jeu: 10h à 12h
Mon: 10am to 12pm and 1pm to 4pm
Tue: 10am to 12pm
Wed: 10am to 12pm and 1pm to 4pm
Thu: 10am to 12pm

Come and See Us!

1883, rue Atateken,
Montréal (Québec) H2L 3L7, Canada
Veuillez noter que nos bureaux n'ont pas de stationnement attitré.
1883 Atateken Street,
Montreal, Quebec, H2L 3L7, Canada
Please note that you'll need to find on-street parking.

Write to Us

Informations générales

Support technique

Pour une demande de devis, voir le formulaire à la page contact.

Nos clefs PGP

Politique de confidentialité

General inquiries

Technical support

For a free estimate, see the form on our contact page.

Our PGP keys

Privacy Policy

Follow Us

ktweb_menu_social

Mouton