Answers
Subject Date - DESC Rating Viewed Topic
How do I configure IIS to forward all HTTP requests to HTTPS? 10/26/2016 11:29:17 AM None 1806 Site configuration
Updating the Message Queue page to the new version in 7.4 1/22/2016 5:24:29 PM None 2244 Site configuration
Updating agent count for on-premise installations 7/7/2014 11:59:40 AM 4.5 2754 Site configuration
Simple example for filtering messages to a new topic 12/18/2012 3:39:34 PM 5.0 3404 Site configuration
Sample auto response templates 6/24/2011 4:06:30 PM None 2358 Site configuration
w3wp.exe is using too much memory 6/2/2011 10:03:22 AM None 393031 Site configuration
Article Selected >> SPF and DKIM for mailings
Question:
How do I setup SPF and DKIM for my iService OnDemand site?
Answer:
Untitled Page

Since you are using the iService servers to send outgoing mail with a reply address matching your domain, it is important to configure SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail) to ensure delivery success. This article provides a brief description of SPF and DKIM and explains how to make the configuration changes required.

SPF

Normal SMTP allows any computer to send an e-mail claiming to be from anyone. Thus, it is easy for spammers to send e-mail from forged addresses. SPF allows the owner of an Internet domain to use a special format of DNS records ("SPF", type 99) to specify which machines are authorized to send e-mail for that domain. For example, the owner of the example.com domain can designate which machines are authorized to send e-mail with the sender e-mail address ending in "@example.com". Receivers checking SPF can reject messages from unauthorized machines before receiving the body of the message.

Therefore, to ensure that recipients of messages sent from iService do not reject them, we require that all hosted customers configure SPF when sending from their domain but using iService hosted servers. The configuration is simple and can be done by the person that manages your DNS (Domain Name Server) configuration.

The following defines the SPF record for the domain. It should appear after the domain definition but before individual host records (this means it should apply to the entire domain and does not have a specific host record associated with it)

TXT "v=spf1 mx ip4:69.65.19.64/27 ~all"

This record indicates that you are officially stating that the defined MX (mail) servers are approved, as well as any mail server in the IP block from 69.65.19.64 - 69.65.19.95 (the iServiceCRM Mail and Web servers). The ~all indicates that you make no claims pro or against any other server which may send mail under this domain name. If you already have an SPF record for your domain, you only have to add "ip4:69.65.19.64/27" to the existing list, but before the terminating "all" clause.

For more information about SPF, we recommend the following page.
http://www.openspf.org/Introduction

DKIM

DomainKeys Identified Mail (DKIM) is a method for associating a domain name to an email, thereby allowing an organization to take responsibility for a message in a way that can be validated by a recipient. The validation technique is based on public-key cryptography: Responsibility is claimed by the signer by adding a domain name to the message and then also affixing a digital signature of it and the message. The value is placed in the DKIM-Signature: header field. The verifier recovers the signer's public key using the DNS, and then verifies the signature. The iService email servers are configured to support DKIM and insert these keys into all of the messages sent via our iService OnDemand system.

The following should be added to the DNS records for your domain. As opposed to SPF, these records DO have a host identifier, which is used by servers which check DKIM records. The first entry identifies a selector (1to1service) and a DKIM Domain Key as part of the domain. By using this selector, you can use other domain keys for other servers used by yourselves or by other vendors without compromising security -- each set of servers under separate administration will have a separate selector, and thus a separate key used for signing.

Note that in the data portion of this first record, everything between the quote marks (") should be included as one line without spaces or breaks, other than the spaces after each semi-colon. You will obtain the key that replaces "Your_Key" from the iServiceCRM support staff.

Record 1

1to1service._domainkey IN TXT "v=DKIM1; g=*; k=rsa; p=Your_Key" where Your_Key is supplied by the iServiceCRM support staff.

Record 2

If you are already using DKIM for other services or for your own mail server, this next line is not required. This entry indicates that any mail which is NOT signed by DKIM is to be treated neutrally and DKIM is not specifically required by your domain. If you are using DKIM already, you may have a similar line, or you may have a line that specifies that DKIM is required, but since DKIM outside of the 1to1service selector is not under our jurisdiction, this default leaves your existing mail servers as "official" or "unofficial" as your current existing settings.

 _ssp._domainkey IN TXT "t=y; dkim=unknown"

Article DetailsSubscribe and Rate this article
Article ID:59073
Date Updated:8/24/2010 6:32:08 PM
# Views:3075
Article Creator:Joe Nuval
Article Topic:Site configuration
Attachments:-- None --
Deleting or moving mailboxes 4/15/2010 5:55:38 PM 5.0 1976 Site configuration
Please Wait...