Jive Support

Articles in this section

Back

How to Setup SPF, DKIM and DMARC Email Authentication

Author: Daniele De Felice

Overview

SPF, DKIM, and DMARC are all ways to ensure that any mail servers which send out an email for your domain are truly authorized to do so.   When correctly set up, all three will minimize the incidence of your email domain name being used in spam and phishing attacks, and also maximize proper email delivery to the intended recipient.

This article has been written to assist you in setting up your Jive installation to be able to utilize these email security measures.

 

Solution

The three frameworks that you should implement in order to increase email security and delivery are:

  

Setting up SPF (Sender Policy Framework)

SPF is a DNS TXT record that specifies which IP addresses and/or servers are allowed to send email “from” a particular domain. The process is different for Cloud and Hosted:

How to Configure SPF For Jive Cloud

To update an existing SPF record:

Login to your DNS management console.  If you already have an SPF record for your specific email domain name, then you will need to include the Jive Cloud email servers.

  1. For example, if your current SPF record was: "v=spf1 include:_spf.google.com ~all"

  2. For US Customers, you’d then insert the following:

    ip4:204.93.64.116 ip4:204.93.64.117 ip4:192.250.208.112 ip4:192.250.208.113 include:sendgrid.net

  3. Your final record would look like:

    "v=spf1 ip4:204.93.64.116 ip4:204.93.64.117 ip4:192.250.208.112 ip4:192.250.208.113 include:sendgrid.net include:_spf.google.com ~all"

  4. For EU Customers, you’d insert the following instead:

    ip4:204.93.80.116 ip4:204.93.80.117 ip4:204.93.95.57 include:sendgrid.net

  5. Your final record would look like:

    "v=spf1 ip4:204.93.80.116 ip4:204.93.80.117 ip4:204.93.95.57 include:sendgrid.net include:_spf.google.com ~all"

    Note: If you are a Jive Cloud customer planning to utilize DKIM, then Jive Support will need to switch your SMTP server from SMTP-Cloud to a SMTP-Hosted configuration to allow for this, and you should configure your SPF records with those meant for Jive Hosted customers below.

How to Configure SPF For Jive Hosted

Login to your DNS management console.  If you already have an SPF record for your specific email domain name, then you will need to include the Jive Hosted email servers in the SPF record.

  1. For example, if your current SPF record was: "v=spf1 include:_spf.google.com ~all"

  2. For both US  & EU Customers, you’d then insert the following:

    include:sendgrid.net include:spf.jivesoftware.com

  3. Your final record would look like:

  4. "v=spf1 include:sendgrid.net include:spf.jivesoftware.com include:_spf.google.com ~all"

    Note: The entry include:sendgrid.net is not strictly needed for Jive Hosted customers, but is included here in case you are a Jive Cloud customer wanting to setup DKIM (read more about this below).  Once Jive Support has set up DKIM and it's all working ok, you can remove the reference to sendgrid.net. 

How to check your SPF configuration

You can manually check the SPF record using the nslookup command, which is built into all popular operating systems including Mac and Windows.

  1. On Windows 10, open a command prompt by selecting the spotlight search icon, type command, then select Run as Administrator

    open-command-prompt-administrator.png
     

  2. On MacOS, choose the spotlight search icon, type in terminal, then select the Terminal utility.

    open-terminal.png
     

  3. Type the command  nslookup -type=text <domain name> (replace <domain name> with your email domain name), then press Enter.  If your DNS has been configured correctly, the output will include the SPF record (the line starting with "v=spf1"). In the example below, the domain name is google.com. 

    nslookup-command.png
     

Setting up DKIM

DKIM is an acronym for “DomainKeys Identified Mail”, otherwise known as “email signing”.  It relies on electronic keys; a private one, which resides on the sending mail server (at Jive Hosted Operations), and a public one held in a special DNS server record. 

Since a DKIM record can be used for multiple external providers, each one is assigned a pre-agreed string called a "selector" (a sort of distinguished name).

Request creation of the DKIM keys 

In order to configure DKIM, you first need to request a new DKIM public key.  To do this, open a ticket with Jive Support with the subject DKIM configuration required.  Please also include:

  • The email domain (typically this is the same email domain used for the Server Admin Email setting in  Admin Console > System > Settings > Email Server).

  • The "selector" - a simple identifier that can be anything, even something as simple as "jive" or "mail".

Our Jive Infrastructure Operations team will perform the implementation on the Jive side and your assigned support agent will provide you a string that should be added as a TXT record in your DNS configuration.

Field 1: TXT record Hostname or Name

Most DNS management consoles will require you to enter a hostname or name in the first field of the TXT record.  If the selector you requested is "jive", then combine this with suffix prefix ._domainkey, and enter to the field like so:

jive._domainkey

Field 2: TXT record Value

In the second field of the TXT record (usually referred to as the Value field), enter the public key, which your support agent will provide to you.  Below is an example:

"k=rsa; t=s; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDDmzRmJRQxLEuyYiyMg4suA2Sy
MwR5MGHpP9diNT1hRiwUd/mZp1ro7kIDTKS8ttkI6z6eTRW9e9dDOxzSxNuXmume60Cjbu08gOyhPG3
GfWdg7QkdN6kR4V75MFlw624VY35DaXBvnlTJTgRg/EW72O1DiYVThkyCgpSYS8nmEQIDAQAB"
Note: Some DNS management systems will require you to include the quotes ("") around the text string in this field. Check their documentation if you are unsure.

Problems with longer keys

The DKIM public keys issued by Jive Support are 1024-bit by default, but you can request a 2048 bit key, which will result in a much longer text string.  When you try to enter the key to the value field in the TXT DNS record, you may run into this error: 

Contiguous strings may not be longer than 255 characters.

To work around this, break the string up with double quotes into lengths of less than 255 characters in a text editor, like in the example below, and re-enter the value to the DNS record.

"v=DKIM1; k=rsa;""p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7jLS6S0MF4kJFyJOyE4Tm/Dv583oUGkUjbBa9CXWLrP4IYoamSrTqBiOQuXsbKw0yCObgDrJ844hH+yIFlTkw0FlKx/B706fEGPr7DL8L6mdicqZX1fbVqLs7GsX9OE0FOm1rUsr/eHQPug4""F2JQ5yNDtjK0Jt07pYEpf6wWxY0HMNtq4oKwU3MBwgfsVx9XsxdDYMvs0vtVR2WQD1LAxgL20hWOPtZZ6QwhZhBFpHOuiN4WACSnGDtZhHE6Mxwy642eImQtsFjnJrIe1t0HT/dP2r5B7ptkk8ZgLbH8eiI2VY7GIV7g58sJTL86xvkYLrMXcWjow2L2Ho+MKivmawIDAQAB"

Setting up DMARC

DMARC is an acronym for “Domain-based Message Authentication, Reporting, and Conformance”. It’s an email authentication, policy and reporting protocol that’s built around both SPF and DKIM.

Once you have configured SPF and DKIM, then setting up DMARC is relatively straightforward and does not involve any configuration on the Jive side, but it is outside the scope of the Jive Support team.

In practice, it consists of an additional DNS record that defines the rules for the processing of emails for a specific domain, including reporting on any errors encountered with either SPF or DKIM, as well as the IP addresses of servers used to send email from your domain name, and so on.

We recommend you to start from the official DMARC website, and ask your IT Operations team to implement the DMarc framework.

 

Was this article helpful?
0 out of 0 found this helpful

Related articles

Comments

0 comments

Article is closed for comments.

Still Have Questions?

Our customer care team is here for you!

Submit a request