E-mail SPF records

[aronesz]

Greetings,

I am trying to write up an SPF record and DKIM for the Company I work for. For my own website, using Google Applications, it was relatively easy (mail.personalwebsite.com setup).

v=spf1 include:_spf.google.com ~all

I think for the domainkey (DKIM) Google gave me a copy and paste, process was a breeze.

But for the Company, we use an IceWarp mail server (our own box in a local DC). mail.company.com resolves to an internet IP 69.55.x.x. The first MX record is 10 mail.company.com 69.55.x.x, and the second MX record is 20 mf-mx.sofnet.net 69.55.128.7 (which I am not sure what that is).

Where and how would I begin with getting SPF and DKIM records generated? I have found forms that put together SPF records based on information you enter, but it is a little confusing along with the second MX record we have. I am hoping someone here might be able to enlighten me as to how parts of SPF work and what would be right for our setup (and why).

(We have hundreds of users, so we want to make sure e-mail isn't disrupted, thus doing it right the first time around.)

EDIT: Notes to self

• http://www.acyba.com/fr/support/doc...g-dkim&Itemid=30&option=com_content#dkiminfos
• http://dkimcore.org/tools/keycheck.html
• http://dkimcore.org/tools/

 

[transformational]

Here's a wizard you can use to create your SPF record:
http://www.unlocktheinbox.com/spfwizard/

I didn't see a DKIM wizard under the email tools but I did find this page that might help you in that category:
http://www.unlocktheinbox.com/resources/dkim/

Let me know if you need any more help. I deal with these kind of issues regularly. I think these two links will get you where you want to be tho. Good luck!

tf

 

[aronesz]

Here's a wizard you can use to create your SPF record:
http://www.unlocktheinbox.com/spfwizard/

I didn't see a DKIM wizard under the email tools but I did find this page that might help you in that category:
http://www.unlocktheinbox.com/resources/dkim/

Let me know if you need any more help. I deal with these kind of issues regularly. I think these two links will get you where you want to be tho. Good luck!

tf

Thank you! Apparently IceWarp doesn't support DKIM. I can't find anything on it except under SpamAssassin, and that only applies to incoming mail

EDIT: I am wrong, it does support DKIM. I was suspicious about that

http://esupport.icewarp.com/index.p.../View/176/0/how-to-setup-dkim-for-your-domain

EDIT2: SPF record looks like
v=spf1 mx mx:mf-mx.sofnet.net mx:mail.company.com ~all

DKIM record looks like
company._domainkey.company.com TXT v=DKIM1; k=rsa; n=2048; p=verylongrandomalphanumericpublickeyhere

http://blogs.cisco.com/security/key_lengths_for_dkim_signatures/ it is not recommended to use 512-bit strength for the key, otherwise should be regenerated often.