✅ SPF (Sender Policy Framework)
SPF lets you specify which mail servers are allowed to send emails on behalf of your domain. This helps prevent email spoofing.
Example SPF record:
v=spf1 ip4:192.0.2.1 include:_spf.google.com ~all
✅ DKIM (DomainKeys Identified Mail)
DKIM adds a digital signature to outgoing messages. The recipient's mail server uses a public key (published in DNS) to verify the message wasn't altered during transmission.
Example DKIM record (TXT type):
default._domainkey.example.com
v=DKIM1; k=rsa; p=LOTS_OF_BASE64_CHARACTERS
✅ DMARC (Domain-based Message Authentication, Reporting, and Conformance)
DMARC works with SPF and DKIM to define how to handle emails that fail authentication. It also lets you request reports from receiving servers.
Example DMARC record:
_dmarc.example.com
v=DMARC1; p=quarantine; rua=mailto:dmarc@example.com
⚙️ How to Set Up SPF, DKIM, and DMARC in Plesk
🔹 1. SPF
-
In Plesk, go to Domains → select your domain.
-
Go to DNS Settings.
-
If no SPF record exists:
-
Add a new TXT record:
-
Record type: TXT
-
Domain name: yourdomain.com
-
TXT value:
v=spf1 +a +mx +ip4:<YOUR_SERVER_IP> ~all -
If it already exists — modify it to include necessary senders.
📝 If you're using external email services (e.g., Google, Microsoft), add something like include:_spf.google.com.
🔹 2. DKIM
-
In Plesk, go to:
Mail → Mail Settings → select your domain. -
Enable: Use DKIM spam protection system to sign outgoing email messages.
-
Plesk will automatically generate DKIM DNS records.
-
If Plesk manages DNS, they’ll be added automatically.
-
If using external DNS, copy the record and add it there manually.
🔹 3. DMARC
-
In DNS Settings, add a new record:
-
Type: TXT
-
Name: _dmarc
Value:
v=DMARC1; p=none; rua=mailto:dmarc@yourdomain.com
-
Change p=none to quarantine or reject for stricter enforcement.
✅ Verification Tools
After configuring:
