SPF & DKIM records

Hi all

Sorry for the noob question, but as I’m a noob, here goes.

I’ve been asked to implement DMARC for our company.

I’ve created the DMARC record with p=none to get the reporting started.

We use a couple of 3rd party email services (Sparkpost & Taguchimail). I can see on our DNS that there are already SPF and DKIM records for these providers.

Do I still need to create my own SPF and DKIM records listing their sending IP’s or will the existing records suffice?

Cheers

Hi Steinlager and welcome to the forums!

When deploying DMARC, the goal is to make sure the 3rd party sending on your behalf are DMARC compliant. Not all 3rd parties are created equal, and you should deploy SPF or DKIM based on what they support. The goal is to achieve a passing DKIM and SPF check and that the domain identifiers for each be aligned.

For instance, by default Sparkpost does not utilize their customer’s domain as part of the return-path address, which makes adding them your SPF record irrelevant. However, you can configure a custom return-path by following their in-app instructions.

They also support a custom DKIM signature as per the below.

The steps for each vendor will vary. I strongly recommend you review the capabilities of DMARC compliance with your domain with each vendor. Wherever possible, deploy both DKIM and SPF, but sometimes a vendor will only support alignment with 1, and that’s ok! DMARC requires at least one of the two between SPF and DKIM to be aligned.

As a beginner these concepts can take time to grasp, so review our alignment article closely, and never stop researching!

1 Like

Sorry for the late reply.

Thank you for the information - much appreciated.

Cheers