Since you are using the iService servers to send outgoing mail with a reply
address matching your domain, it is important to configure SPF (Sender Policy
Framework) and DKIM (DomainKeys Identified Mail) to ensure delivery success.
This article provides a brief description of SPF and DKIM and explains how to
make the configuration changes required.
Normal SMTP allows any computer to send an e-mail claiming to be from anyone.
Thus, it is easy for spammers to send e-mail from forged addresses. SPF allows
the owner of an Internet domain to use a special format of DNS records ("SPF",
type 99) to specify which machines are authorized to send e-mail for that
domain. For example, the owner of the example.com domain can designate which
machines are authorized to send e-mail with the sender e-mail address ending in
"@example.com". Receivers checking SPF can reject messages from unauthorized
machines before receiving the body of the message.
Therefore, to ensure that recipients of messages sent from iService do not
reject them, we require that all hosted customers configure SPF when sending
from their domain but using iService hosted servers. The configuration is simple and can be done by the person
that manages your DNS (Domain Name Server) configuration.
The following defines the SPF record for the domain. It should appear after the
domain definition but before individual host records (this means it should apply
to the entire domain and does not have a specific host record associated with
TXT "v=spf1 mx ip4:18.104.22.168/27 ~all"
This record indicates that you are officially stating that the defined MX (mail)
servers are approved, as well as any mail server in the IP block from
22.214.171.124 - 126.96.36.199 (the iServiceCRM Mail and Web servers). The ~all
indicates that you make no claims pro or against any other server which may send
mail under this domain name. If you already have an SPF record for your domain,
you only have to add "ip4:188.8.131.52/27" to the existing list, but before the
terminating "all" clause.
For more information about SPF, we recommend the following page.
DomainKeys Identified Mail (DKIM) is a method for associating a domain name to
an email, thereby allowing an organization to take responsibility for a message
in a way that can be validated by a recipient. The validation technique is based
on public-key cryptography: Responsibility is claimed by the signer by adding a
domain name to the message and then also affixing a digital signature of it and
the message. The value is placed in the DKIM-Signature: header field. The
verifier recovers the signer's public key using the DNS, and then verifies the
signature. The iService email servers are configured to support DKIM and insert
these keys into all of the messages sent via our iService OnDemand system.
The following should be added to the DNS records for your domain. As opposed to
SPF, these records DO have a host identifier, which is used by servers which
check DKIM records. The first entry identifies a selector (1to1service) and a
DKIM Domain Key as part of the domain. By using this selector, you can use other
domain keys for other servers used by yourselves or by other vendors without
compromising security -- each set of servers under separate administration will
have a separate selector, and thus a separate key used for signing.
Note that in the data portion of this first record, everything between the quote marks (") should be included as one line without spaces or breaks, other than the spaces after each semi-colon. You will
obtain the key that replaces "Your_Key" from the iServiceCRM support staff.
1to1service._domainkey IN TXT "v=DKIM1; g=*; k=rsa; p=Your_Key" where Your_Key is supplied by the iServiceCRM support staff.
If you are already using DKIM for other services or for your own mail server,
this next line is not required. This entry indicates that any mail which is NOT
signed by DKIM is to be treated neutrally and DKIM is not specifically required
by your domain. If you are using DKIM already, you may have a similar line, or
you may have a line that specifies that DKIM is required, but since DKIM outside
of the 1to1service selector is not under our jurisdiction, this default leaves
your existing mail servers as "official" or "unofficial" as your current
_ssp._domainkey IN TXT "t=y; dkim=unknown"