Mail Servers

Blank 4/9/2019 06:18 - 4/9/2019 06:18
Emails & Marketing Website Management

 

Kadem'is mail server is a computer system that sends and receives emails. In many cases, web servers and mail servers are combined in a single machine.
Kademi uses SPF and DKIM permissions and authorizations so emails are sent and received correctly. You can also choose to setup DMARC, MX and A records.

SPF - Sender Policy Framework

This a simple email validation system designed to detect email imitation by providing a mechanism to allow receiving mail exchangers to check that incoming mails from a domain come from a host authorized by that domain's administrators.

DKIM - Domain Keys Identified Mail

This is an email authentication method designed to detect email imitation. It allows the receiver to check that an email claimed to have come from a specific domain was indeed authorized by the owner of that domain.

DMARC - Domain-based Message Authentication, Reporting, and Conformance

This is an email authentication protocol that helps protect against email spoofing, phishing, and other fraudulent activities by using SPF and DKIM to verify email authenticity.

MX - Mail Exchange Records

MX records are DNS (Domain Name Service) records that specifiy which mail servers are designated to handle incoming emails for a particular domain. 

A - Address Records

A records are DNS records that maps a domain to a specific IP address.

 

Go to the mail server settings

  • Go to website manager, select websites

  • Click on the settings button of your website

  • Next click on Mail server tab

  • If Kademi is hosting your domain, the SPF record will be added automatically

  • Click, Generate new DKIM key

  • Next, click Generate

  • The DKIM code will be added automatically

  • You can leave the DKIM identifier blank and it will generate a random one, or you can enter it.

  • For the key size, you can use 1024 as default

  • Finally, click on "Generate"

  • Kademi adds all records automatically for you to your domain

Send test email

  • Click on the "Send test email" button

Review the details

  • In the email you get you should see pass for the SPF and the DKIM check, and ham for the Spam check.

Extra

Checking if your SPF and DKIM settings are loaded into your domain

Go to website manager, select Domains

Underneath DNS settings, click on the domain name

Click on the domain to go to the setting

If you see a value in the SPF and DKIM row, then there has been an authentification success.

SPF

mydomain.com. 300 IN TXT "v=spf1 include:_spf.kademi.us ~all"

To break this down so you understand what each column stands for, you have - Type, Value, and TTL

  • mydomain.com - please enter your domain name here

  • Value - "v=spf1 include:_spf.kademi.us ~all" - this is Kademi's code to verify your the mail domain, It has to have "v=spf1 include:_spf.kademi.us - you can add extensions before the  "~all" to add extra permissions and features if required. You will also need to change "spf.kademi.us" to the actual domain your Kademi account uses. Here is a list below, simply replace "spf.kademi.us" with your Kademi account's domain: 

    • UK: _spf.kademi.uk

    • AU: _spf.kademi.com.au

    • US: _spf.kademi.us

    • Play: _spf.kademiplay.com

  • 300 is your TTL - Time to live is a mechanism that limits the lifespan or lifetime of data in a computer or network. TTL may be implemented as a counter or timestamp attached to or embedded in the data. Once the prescribed event count or timespan has elapsed, data is discarded.

DKIM

This is the same process as SPF but the value is not editable, it's a specific code which is static.

Creating a DMARC Record

DMARC Policies

First, you'll need to decide which policies you want to implement. These policies instruct email providers on how to handle emails that fail authentication. There are three to choose from: none, quarantine or reject.

DMARC Syntax

DMARC records are TXT records in your domain's DNS settings and have a specific syntax. Here is an example below:

v=DMARC1; p=none; rua=mailto:; ruf=mailto:;

 

  • v=DMARC1: This indicates that this is a DMARC version 1 record.
  • p=none: This sets the policy for email that fails DMARC checks. In this example, it's set to "none," which means you're in monitoring mode, and no action is taken on failed emails. Other options include "quarantine" and "reject."
  • rua: This is the address to which aggregate reports are sent. Replace    with your email address.
  • ruf: This is the address to which forensic (failure) reports are sent. Replace  with your email address
  • fo=1: This option will decide the conditions for which the failure report will be generated. When the option is set to 1, a failure report will be generated if any underlying authentication method (SPF or DKIM) produce anything other than a PASS result. It's recommended to leave this option at 1.

You'll need to customise the DMARC record based on your specific requirements. You can also use an online tool such as https://mxtoolbox.com/DMARCRecordGenerator.aspx to generate your DMARC record based on your domain and a few simple questions.

Creating a DMARC Record in Kademi

  • On the left sidebar in the Kademi Admin Dashboard navigate to the Website Manager > Domains page.
  • Under the DNS Settings section, click on your Domain name to manage your domain's records.
  • Click on Create New Record
  • Name: set this field as _dmarc
  • Type: set it to TXT - Text
  • TTL: enter in 300 or as recommended
  • Value: enter in your DMARC record, the syntax is shown above. 
  • After adding the DMARC record, it may take some time for the DNS changes to propagate. You can use online tools like DMARC analyzer to verify that your DMARC record is correctly published.

Best Practices

Start with a none policy and gather data on your email flow before enforcing stricter policies.

 

Creating or updating MX/A Records

Kademi automatically creates MX/A records but you may need to update depending on your requirements. MX record changes can disrupt email services, so proceed with caution.

To create or update the MX/A records:

  • On the left sidebar in the Kademi Admin Dashboard navigate to the Website Manager > Domains page.
  • Under the DNS Settings section, click on your Domain name to manage your domain's records.
  • Locate the MX/A record and click the edit icon to update it. If one doesn't already exist, then you'll need to click Create New Record to create a new record

For MX records:

  • The MX records value will look like this:
    • 10 mail.example.com
      
    • Priority: The number is the priority or preference value. Lower values indicate higher priority. Common values are 10, 20, 30, etc. The email server with the lowest priority value will be attempted first
    • Server: The next part is the server hostname. Specify the mail server's hostname or IP address provided by your email hosting provider.
    • Type: set it to MX - Mail exchange
    • TTL: enter in 300 or as recommended
  • You can verify your MX record by using the MXToolbox MX Lookup.

    For A records:

    • Value: enter in your IP address as provided by your email service provider
    • Type: set it to A - IPv4 address
    • TTL: enter in 300 or as recommended
    • You can verify your A record by using the MXToolbox DNS Lookup.