Setting up email deliverability SPF DKIM DMARC Office 365 Cloudflare cPanel


Take a primary domain where DNS is controlled at provider A (e.g. CloudFlare), email is managed through provider B (e.g. Office 365) and the website is hosted on provider C (e.g. cPanel server).

We are using domain name example.com

We are as using cPanel IP 1.2.3.4

Test SPF at https://www.dmarcanalyzer.com/spf/checker/

Test DKIM at https://easydmarc.com/tools/dkim-lookup (uses auto for the selector so easier)

SPF

SPF is a DNS record for the sender domain (example.com) that stores which domains/IPs are allowed to send email.

v=spf1 ip4:1.2.3.4 include:spf.protection.outlook.com ~all

DKIM

DKIM is a combination of DNS record and email header that use private/public keys to sign an email.

You need to add DKIM DNS records for every provider that can send email. In our case, that’s Office 365 and the webserver (to send out contact form emails etc).

Office 365

Go to Office 365 admin. Select ‘All Apps’ and go to ‘Security’. Under Email & collaboration select Policies and Rules. Select Threat Policy. Select DKIM under Rules. Click on the primary domain (example.com) and click Create DKIM Keys. Add the CNAME records to your DNS.

Usually DKIM records are DNS txt records but Microsoft add a CNAME so their own server are responsible for the keys.

Wait a bit so MS picks up the new DNS records. Use the ‘Enabled’ switch in the same panel as above. MS will now sign emails.

Instructions on Microsoft.

cPanel

Choose Email Deliverability. Click Manage for the main domain (example.com). Add a new DNS txt record with name default._domainkey (assuming that’s what cPanel outputted) and copy the Value field into the content field e.g:

v=DKIM1; k=rsa; p=NMBnbvchgjdf7645hgfAQ8AMIIBCgKCAQEA3uCYyWLv+j1RoqPLBhD/071PDGdrAc3myzE4+KJGjhguytjhg876JHGJHgjh6FS/oDUljkKVoPwr2NaaRQXSmLJs6GkzbwvbjtOPoRIzSnj3gWgUDECcLhoHXrcWLeK5kfJrg6/jv2nv87HJe3LP0uPPspf988NdE+LHObEziSYnItWH12xr8wnvb8UpsExN0SuiNMrJpt1sGyJIv7Ay6gTjpTRJPmAOb0Wyi4BdZsgz7svIAzgh4LEIdJaPSiwuVk6WWCA9n5c+B0aaeBMRwinpvmYwAOLUMg2kHx0Dm3TIhfKJGkjhgyutfhg765/JKHGnbjhiuyr897hvg;

DMARC

In CloudFlare, navigate to the DNS page for example.com. Scroll down and select Configure next to Email Security. Next to DMARC, select Create Record. Enter an appppropriate email address. Choose policy ‘none’ and click Submit. This will add a new txt record with a name of _dmarc and a value of:

v=DMARC1; p=none; rua=mailto:admin@example.com


Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.