Authorize FL3XX's Email Servers to Avoid Spam Filter Issues
1b. We already have a TXT record for our domain
- Type: You need to choose the type TXT. The list should contain other types like A, AAAA, CNAME, MX, etc
- Name: The name should be the name of your domain. It usually is the last part of your email address after the @
- Value: The value is a special field where we define all the authorized email servers. Add exactly this without the double-quotes “v=spf1 include:mail.fl3xx.com ~all”
- “v=spf1” means that the SPF version is 1. It’s always like this
- “include:mail.fl3xx.com” means that we allow fl3xx.com to send emails on our behalf.
- “~all” means that if the email comes from anything else, it should be flagged as SPAM.
4. TTL: This value specifies how long the internet servers should cache this record. If you are configuring this record for the first time, we recommend 300 seconds or 5 minutes.
1b. We already have a TXT record
- Type: You need to choose the type TXT. The list should contain another type like A, AAAA, CNAME, MX, etc.
- Name: The name should always be this and pay attention to the underline: fl3xx._domainkey
- Value: The value contains three things: a “v-tag” specifying the version, a “k-tag” specifying the type of encryption key used, and a “p-tag” containing the public key of the message signature. The exact value you need to add is displayed below:
v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDU18Z4/N0vq6IHMdB7OqeF9lL6TfkKz7fxjWJq6jycD0BvZk7smfk2QGSC1Xz+IS8deEZELxzcVkBOQQ/oo712JW1SeGWu6bAkKgiB4A0QVPM/HwrTiw+rIBDr1Xxw2SBOoPqYyvptUM9J5Aq/FBBuOqHk9zKIyOn+xCtbVK3lGQIDAQAB;
2. Test DKIM configuration
How to Configure DMARC?
DMARC is a very powerful system, that gives you full control over how the receiving party processes your emails. You can read more here.
In this tutorial, we’re not going into detail, but we show you how to initialize your DMARC entry, which for most SPAM filters is already enough to increase your score.
1. DMARC Configuration
The DMARC configuration is similar to the SPF. This means that we will need to add a TXT record but with different values.
- Type: You need to choose the type TXT. The list should contain another type like A, AAAA, CNAME, MX, etc
- Name: The name should always be this and pay attention to the underline: _dmarc
- Value: In our basic version the value contains two things: a “v-tag” specifying the version, and a “p-tag” specifying the policy deployed by the receiving party. The exact value you need to add is displayed below:
- “v=DMARC1; p=none”
- TTL: This value specifies how long the internet servers should cache this record. If you are configuring this record for the first time, we recommend 300 seconds or 5 minutes.
2. Test DMARC configuration
After configuration, please make sure that the DMARC record is correct. Please note that changes to the DNS can take several minutes up to hours to take effect!
You can verify the SPF configuration with for example DMARC Analyzer. Domain to Verify = <your domain, e.g. abc.com>. Good if you see anything here. However, DMARC is an optional thing and has way less impact than the other two (SPF and DKIM).
You can also use a tool called Dig using the following command: dig +short _dmarc.[your domain, e.g. fl3xx.com] TXT
In addition to the DNS improvements described above, FL3XX offers the option to sign outgoing emails with an SMIME certificate.
If required by the customer, FL3XX can relay outgoing emails via the mail server of the customer.
Authentication is possible based on hostname (Staging IP: 188.8.131.52 / 2a05:d014:8af:3400:355b:500e:8d68:2ca3, Production IP: 184.108.40.206 / 2a05:d014:9a:1801:9304:ce7a:d7c6:3440 )or login credentials.
Authentication is possible based on whitelisting (Staging IP: 220.127.116.11 / 2600:1f1c:974:8700:5af9:9397:4188:c911, Production IP: 18.104.22.168 / 2600:1f1c:b07:4400:78a2:1bb:9150:3772) or login credentials.
Please contact FL3XX Support with your Mail-Server URL/IP-Address and authentication details to set this up.
After setting up the SPF, DKIM, and DMARC records, FL3XX will be able to send emails on your behalf to your customer with a better reputation score. You can test the score online with MailTester. You can create a dedicated email address there and send an email directly from FL3XX to this email. Currently, our score should be in the area of 9, which is an excellent result.
This will ensure those emails won’t end up in the SPAM folder. In any case, if you are not sure what you are doing, we can assist you in the configuration of those settings.
Signing emails with an SMIME Certificate aims to increase the trustworthiness of outgoing emails.
Implementing an own mail relay is not recommended for standard users.
You can also download the PDF files here: