Create SPF, DMARC, and DKIM records for domain

Article is WIP

What are they?

SPF:
DMARC:
DKIM:

Use MXToolbox

All the instructions in this article use mxtoolbox.com to identify and create records. MXToolbox is a handy, one-stop-shop for all things DNS related.

Identify DNS Name Server

Before you can create any records, you have to identify the name servers for the domain. The name server is the authoritative source of DNS records for the domain.

Go to mxtoolbox.com
Change the tool type by clicking the dropdown arrow on the orange button to "DNS Check"
The name server(s) will be listed here

If you see ns1.universitypccare.com and ns2.universitypccare.com then you know that you should manage the records from our server. Otherwise, you should be able to identify the correct platform to access DNS settings based on the Domain Name and the subtext (if any) in the IP Address field on this page.

Common Name Servers

University PC Care: ns1.universitypccare.com and ns2.universitypccare.com
More to be added

Pitfall to avoid when creating TXT records

Depending on the DNS provider, you may only be required to type in the first part (i.e. _DMARC) of a TXT record or you may have to enter the entire record manually, i.e. _DMARC.example.com. Regardless of the method, the final value of the TXT record should be something like Something.example.com., where Something is the type of TXT record you're creating (_DMARC, spf, etc). Make sure you don't accidentally create a record like _DMARC.example.com.example.com because you copied the entire Host/Name field into the TXT record when it only needed the _DMARC part.

Create SPF Record

Use the MxToolbox SPF Record Generator
Type in the domain name, check the "Pre-fill" checkbox beneath it, then "Check SPF Record"
If one exists, it will be prefilled in the form that appears - if not, fill in the form:
1. Do you send email from your webserver: Yes
2. Do you send email from the same server in your MX records: Yes
3. "Other server hostname": Server hostname or domain that will send email for this server. For email hosted on UPCC's server (not G Suite or M365): server.universitypccare.com. If you're not sure, leave this blank
4. "Enter your domain's IPv4 Addresses": where email will be sent from (usually, the webmail server IP range). For email hosted on UPCC's server (not G Suite or M365): 198.24.176.130/29. If you're not sure, leave this blank
5. "Enter your domain's IPv6 Addresses": If you're not sure, leave this blank
6. "Enter any 3rd party systems": Leave blank unless the customer uses some mail sending service (like SendGrid). If you need to put a value here, you should probably already know by this point. If you're not sure, leave it blank
Leave this page up as you will be copying and pasting from the "Suggested Record" section in a later step

Now, apply the record:

Login to the DNS provider for this domain
Create a new TXT record - see "Pitfall to avoid when creating TXT records" above
Paste the Value from MxToolbox into the value field for the new TXT record
Save the new TXT record

Check SPF Record

Use the MxToolbox SPF Record Lookup tool
Enter the domain name and click "SPF Record Lookup"
Verify that your newly created or modified SPF record appears

Create DMARC Record

Use the MXToolbox DMARC Record Generator
Fill out the form:
1. Quarantine failed messages
2. If we manage this domain's email: dmarc@myweb.care for both email address fields. If we don't, an email address that someone (preferably an admin) of that domain will get.
3. Leave the dropdown on "No" for "Would you like to have MxToolbox [...]"
4. Set the percentage to 10
Leave this page up as you will be copying and pasting from the "Created Record Output" section in a later step