fbpx
January 17, 2024
  • Home
  • /
  • Blog
  • /
  • Master MxToolbox: Guide to Enabling SPF, DMARC & DKIM

Master MxToolbox: Guide to Enabling SPF, DMARC & DKIM

In an era dominated by digital communication, securing your emails is more important than ever. Cyber threats loom at every corner of the virtual world, and it's imperative that individuals and businesses take proactive measures to protect their online presence. One of the fundamental steps towards safeguarding your email communication is by enabling Sender Policy Framework (SPF), Domain-based Message Authentication, Reporting & Conformance (DMARC), and Domain Keys Identified Mail (DKIM). 

MxToolBox is an invaluable tool in this endeavor. In this guide, we'll walk you through the process using powerful features of MxToolbox. Whether you're a seasoned IT professional or just dipping your toes into the world of email authentication, this comprehensive tutorial will equip you with the knowledge and steps you need to ensure your emails reach their destination securely and reliably. 

What is MxToolbox?

MxToolbox is a robust online platform that provides a suite of essential email and network diagnostic tools. It offers a range of services, including DNS lookup, blacklist monitoring, and email authentication verification. MxToolbox simplifies the process of configuring and optimizing critical email security protocols, making it an invaluable asset for individuals and organizations alike. 

Do you know? 43% of breaches take place at small business 

Go Passwordless! The future is here for your Microsoft account, and it no longer requires a password! No more worrying about a breach happening to your business. This Free Inforgraphic will list everything that is potentially at risk and how to protect it. 

Why Use MxToolbox for Email Authentication? 

MxToolbox streamlines the implementation of SPF, DMARC, and DKIM, offering an intuitive interface that guides users through the setup process. With its user-friendly tools and comprehensive reporting, MxToolbox ensures that your email communications are not only secure but also highly reliable. 

mxtoolbox

Understanding SPF, DMARC, and DKIM 

Before we dive into the practical steps of enabling SPF, DMARC, and DKIM using MxToolbox, let's take a moment to understand what each of these acronyms represents and why they are crucial components of email security. 

SPF (Sender Policy Framework) 

SPF is a widely adopted email authentication protocol that helps prevent email spoofing. It specifies which mail servers are authorized to send email on behalf of your domain. By configuring SPF records, you're essentially telling receiving mail servers, "These are the authorized sources for emails from my domain." This way, when an email claims to be from your domain, receiving servers can verify its authenticity. 

DMARC (Domain-based Message Authentication, Reporting, and Conformance) 

DMARC builds on SPF and DKIM, adding an extra layer of email authentication and protection against phishing attacks. It allows you to specify how your emails should be handled if they fail SPF or DKIM checks. Also, DMARC provides valuable reporting that gives you insights into who is sending emails on your domain's behalf. 

DKIM (DomainKeys Identified Mail) 

DKIM is another authentication method that involves digitally signing outgoing emails. This signature allows receiving servers to verify that the email was sent by an authorized source and hasn't been tampered with in transit. 

Understanding these three protocols lays the foundation for a robust email authentication system. Now, let's move on to the practical steps of enabling them to use MxToolbox. 

Step-by-Step Guide to Enabling SPF, DMARC, and DKIM with MxToolbox 

How to Add SPF Record

Here's how you can enhance your email authentication by adding an SPF record to your DNS:

Visit Your DNS Provider

Open your web browser and go to the website of your DNS provider (for example, GoDaddy, Cloud Flare, etc.)

Access DNS Management

Look for an option usually named "DNS Management" on the provider's website. This is where you can make changes to your domain's settings. 

Add a TXT Record

Find an option that allows you to add a new TXT record. It might be labeled as "Add Record" or something similar. Now, you'll need to provide some information: 

Record Type 

Select "TXT" from the drop-down menu. 

Hostname

This is like a nickname for the record. You can put '@' if you want it to be linked directly to your domain name. If you want to link it to a subdomain (like www or ftp), you can enter that. 

TXT Value

This is the actual information you want to associate with the record. For a TXT SPF record, you'd enter the SPF rule here. For instance, 'v=spf1 mx -all' means that all email is sent from this server and no other mail servers are authorized. 

TTL (Time to Live)

This sets how long this information will be stored in DNS caches. 3600 is a common value, which means 3600 seconds (about 1 hour). 

Save the Record 

Once you've filled in the necessary details on MxToolBox, there should be a button like "Save" or "Add Record". Click it to confirm and save the changes. 

Remember, each DNS provider might have a slightly different interface, but the basic steps should be similar. If you have any questions or concerns while using MxToolBox, your DNS provider's support team can be a great resource to help you through this process. 

How to Test if the SPF Record is running? 

  1. Go to https://mxtoolbox.com/spf.aspx 
mxtoolbox

                2. Enter the Domain and click on SPF Record Lookup 

mxtoolbox

Setting up DKIM with Microsoft Office 365 and MX Toolbox 

Understanding CNAME Records

CNAME records act like shortcuts in DNS. They point one domain or subdomain to another. Each domain requires two CNAME records in the following format: 

selector1-<domainGUID>. _domainkey. <initialDomain> 

Finding the DomainGUID using MxToolbox

Here's how we'll use MxToolbox to find the DomainGUID:

Visit MxToolbox

Open a web browser and go to mxtoolbox.com

Navigate to the MX Lookup Tool

On the MXToolbox homepage, locate and click on "MX Lookup" in the menu bar. 

Enter Your Domain

In the provided field, enter your domain name (e.g., example.com) and click on the "MX Lookup" button. 

View the MX Records

MXToolbox will display the MX records associated with your domain. Look for the record that shows your domain's mail exchanger (MX preference) and mail server address. 

Note Down the DomainGUID

The DomainGUID is the first part of your mail server address. For example, if your MX record points to contoso-com.mail.protection.outlook.com, the DomainGUID is Contoso-com. 

Finding the Initial Domain

This is the prefix part of your tenant’s name. For example, if your tenant domain is contoso.onmicrosoft.com, the initial domain is Contoso. 

Creating the CNAME Records

For example: 

  1. selector1._domainkey.contoso.com. CNAME selector1-contoso-com._domainkey.contoso.onmicrosoft.com 
  2. selector2._domainkey.contoso.com. CNAME selector2-contoso-com._domainkey.contoso.onmicrosoft.com 

Access MX Toolbox

Visit the MX Toolbox website (mxtoolbox.com)

Navigate to the DKIM Record Generator 

On the MX Toolbox homepage, locate and click on "DKIM" in the menu bar. This will take you to the DKIM Record Generator page. 

Enter Your Domain

In the provided field, enter your domain name (e.g., example.com) and click on the "DKIM Lookup" button. 

View DKIM Selector

MX Toolbox will generate a DKIM selector for you. Note down the selector, as you'll need it for the next steps. 

Access Your DNS Provider

Open a new browser tab and log in to your DNS provider's website (e.g., GoDaddy, Cloudflare). 

Create CNAME Records (Continued)

In your DNS provider's settings, look for an option to add a new CNAME record. 

Format the CNAME Records (Continued)

Follow this format for each CNAME record: 

  1. selector1-<domainGUID>. _domainkey. <initialDomain> 
  2. Create the CNAME Records (Continued)

For example, if your DKIM selector is selector1, and your domainGUID and initialDomain are as per the earlier guide, create two CNAME records: 

  1. selector1._domainkey.yourdomain.com CNAME selector1-contoso-com._domainkey.contoso.onmicrosoft.com 
  2. selector2._domainkey.yourdomain.com CNAME selector2-contoso-com._domainkey.contoso.onmicrosoft.com 

*Ensure you replace "yourdomain.com" with your actual domain. 

Save the Records (Continued)

Confirm and save the CNAME records in your DNS settings. 

How to Enable DKIM on Office 365 

Before you begin, verify that the required DNS records have been established and are publicly visible. 

Go to Office 365 Admin Center

Open your web browser and visit https://admin.microsoft.com. 

Access Exchange Admin Center

Inside the Admin Center, find and click on "Exchange Admin Center." 

Go to Protection Settings

Inside Exchange Center, look for "Protection" and click on it. 

Enable DKIM

In the Protection settings, find and click on "DKIM." 

Click "ENABLE"

Look for the "ENABLE" button and click on it. After clicking "ENABLE," don't close the window. It might take up to an hour before you can complete the setup. 

By following these comprehensive steps, you've successfully set up DKIM for your domain using MX Toolbox and integrated it with Microsoft Office 365. DKIM helps verify the authenticity of your outgoing emails, enhancing security and trustworthiness. If you encounter any issues, refer to your DNS provider's support or MX Toolbox's resources for further assistance. 

Create a DMARC Rule! 

DMARC policies are stored in the Domain Name System (DNS) as text (TXT) records. These records provide instructions to email receivers on how to handle emails that do not align properly. DMARC records use a flexible "tag-value" format, like DKIM, for defining DNS-based key records. Below is a chart showcasing some of the tags that can be utilized. 

mxtoolbox

How to Add a DMARC Entry in Your DNS

Visit Your DNS Provider

Go to the website of your DNS provider like GoDaddy, Network Solutions, or others. 

Access DNS Management

Look for a section called "DNS Management." This is where you can make changes to your domain's settings. 

Add a New TXT Entry

Find an option that allows you to add a new record. It might be labeled as "Add Record" or something similar.

Fill in the Details:

  1. Record Type: Choose "TXT" from the options.
  2. Hostname: Type _dmarc as the name for this record. 
  3. TXT Value: This is the important part. Enter v=DMARC1; p=quarantine; pct=100. This tells email servers how to handle messages that don't pass DMARC checks. 
  4. TTL (Time to Live): Set this to 3600. It's like a refresh rate for this information.

Save the Record

Click the button to save changes. 

To make sure your DMARC set up is working correctly:

Visit MXToolbox

Go to https://mxtoolbox.com/dmarc.aspx. 

Enter Your Domain

Type your domain name and click on "DMARC lookup." 

You'll see a screen showing if your DMARC rules are set up correctly. 

mxtoolbox

You've completed the setup! With SPF, DKIM, and DMARC in place, you've significantly lowered the chances of your company falling prey to email-related data breaches. These measures provide a strong shield against potential security threats. To further enhance your cybersecurity, book a strategy call with us today for expert guidance and advanced solutions. Don't wait – secure your digital communications now!  

Having a centralized view of your organization's security posture is critical for identifying and addressing potential security threats. For more information on Enterprise Security, make sure to check out our blogs on Identity and Access Management, Threat Protection, Information Protection, and Security Management. 

Last Updated 6 months ago

About the Author

Certified Microsoft Technology Specialist, having over 2 years of experience in integrating and optimizing Microsoft Solutions. Proficient in deploying, configuring and troubleshooting a range of Microsoft products including Azure, and Office 365.

Ibrahim Ahmed

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}
>

Looking for a Mobile Device Management Solution?