Instructions - Configuration

How to prescribe dkim, dmarc, spf

Because emails are now widely used, they have become a vehicle for spreading viruses, spam, and phishing attacks, such as using spoof messages to lure recipients into disclosing confidential information, opening an attachment, or clicking on a dangerous link.

SPF, DKIM and DMARC are the main settings for protecting the sender's mail server from spamming malicious emails. SPF and DKIM confirm that the sender's domain is genuine and that mail messages come from it, therefore, without these signatures, the sender's letters will not be delivered or fall into spam.

DKIM (DomainKeys Identified Mail) is an e-mail authentication method based on digital signature authentication.

SPF (Sender Policy Framework) is an extension for the protocol for sending email via SMTP. SPF is defined in RFC 7208 (Wiki). In simple terms, SPF is a mechanism for message authentication, by checking the sender's server.

DMARC is an email processing algorithm that provides additional protection and verification of your mailings.

All signatures are configured through the corresponding records in the DNS of the client, the control panel for which is provided by the hosting provider from which the domain was purchased.

Once records have been specified in a domain's DNS, it can take up to 24 hours before they start being discovered from the outside.

If you periodically open and disappear the problem that the DKIM record was not found, contact your hosting provider for support.


Setting up a DKIM signature according to the example on


Step 1. Log in to the Mirohost control panel

Step 2. Select the desired domain

Step 3. Select "Mail Domain Settings" ("Mail" → "Mail Domain" in the sidebar)

Step 4. Select the domain/subdomain you are interested in, click the "Select" button

Step 5. Enable DKIM for the mail domain:

Step 6. Save the settings with the "Apply" button;

Почтовый домен новый

Step 7. Get the generated post.

To pass verification on the mail servers of your recipients, you need to add the following entry in the domain zone settings. If mirohost DNS is used, the domain zone is configured in the ZONE MANAGEMENT -> Zone settings section.

Настройка ДКИМ

Step 8. Go to your domain's DNS settings

Step 9. Add the generated post

host - default._domainkey
record type - TXT
data - k=rsa; p=MIGfMA0GCSqGSI...
Step 10. Save your settings



How to add a DMARC entry

The DMARC record is needed to protect your domain from spoofing and phishing and to prevent your emails from being classified as spam.

To implement DMARC functionality, you must add a DMARC record in your domain's DNS settings.

Once you've prepared the text for the DMARC record, add or change the DNS TXT record at your domain registrar. To change a DNS TXT record, enter the text string corresponding to your DMARC record in the management console at your domain registrar.

Every time you change the rules and the DMARC record, you must also change the DNS TXT record at your domain registrar.

Subdomains and additional domains
If you have multiple domains, follow the steps below for each one. Each domain can have its own reporting rules and parameters (defined in the record).

If you don't create DMARC rules for subdomains, they will inherit those rules from their parent domains. To define DMARC rules for subdomains, use the sp rule tag in the DMARC record for the parent domain.

How to add or change an entry
The steps below should be performed in the management console of your domain registrar, not in the admin console.

Important! Before implementing DMARC, configure DKIM (DomainKeys Identified Mail) and SPF (Sender Policy Framework) technologies. Emails must be authenticated with them at least 48 hours before DMARC is enabled.

Prepare a text file or string representing the entry with the rules.
Sign in to your domain registrar's management console.
Go to the page where you can change DNS records.
Add a DNS TXT record or edit an existing one by entering your details in the field for the _dmarc parameter:
TXT record name. In this field, in the DNS Host name section, enter the following:
Important! Some domain registrars automatically add the domain name after _dmarc. After adding a TXT record for DMARC, you can check if its name is correct.

TXT record value. In the second field, enter the text of the DMARC record, for example:
v=DMARC1; p=none;

The field names shown here may differ from those used by your registrar. DNS TXT record field names may vary from registrar to registrar. Here is an example of a domain. Replace "" with your domain name.

Save your changes.
DMARC Record Format
A DMARC entry is a plain text string that lists DMARC tags and values separated by a semicolon. Not all tags are required.

DMARC rules define what actions the recipient's server takes on unauthenticated messages from your domain. Actions are specified by the rules tag (p),

v=DMARC1; p=reject;,; pct=100; adkim=s; aspf=s

How to set an SPF record

The SPF record defines the mail servers and domains that are allowed to send mail on behalf of your domain. Mail servers that accept emails from your domain check the SPF record to make sure the emails are from the servers you allow.

Each domain can have only one SPF record, but you can specify multiple servers and third-party email providers in it.

If all emails in your organization are sent using Google Workspace, use the following SPF record:

v=spf1 ~all

Add other senders in your organization to the SPF record to send mail using Google Workspace:

v=spf1 ~all

Examples of IP addresses and domain names. Replace them with the IP addresses and domains of your senders:

Example of an SPF record:

v=spf1 ip4: ~all


Sets the following allowed email senders for the domain:

Any server with an IP address between and

Google Workspace


Example of an SPF record:

v=spf1 ip4: ~all


Sets the following allowed email senders for the domain:

Servers with addresses ranging from to

Google Workspace

Third party service Sendyourmail.

Example of an SPF record:

v=spf1 ip4: ~all


Sets the following allowed email senders for the domain: server.

Server with IP address

Google Workspace


Example of an SPF record:

v=spf1 ~all


Sets the following allowed email senders for the domain:

Third party mail service with server.

Google Workspace

Last updated on: 02/06/2023