Email security is a critical aspect of modern communication. Two key protocols that help ensure the authenticity and integrity of emails are the Sender Policy Framework (SPF) and Domain-based Message Authentication, Reporting, and Conformance (DMARC).

SPF is designed to authenticate the sending server and prevent email spoofing. It allows a domain to specify which servers are authorized to send emails on its behalf.

DMARC builds upon SPF and DKIM (DomainKeys Identified Mail) to provide a consistent set of policies for email authentication. It helps prevent phishing and email spam by verifying where emails come from and reporting back instances of phishing and spam to the legitimate domain/email owner.

SPF works by listing all the IP addresses of servers authorized to send emails from a domain. When an email is received, the receiving server checks it against the SPF record before passing it on to the recipient’s inbox.

DMARC tells a receiving email server what to do if an email fails SPF checks. It can instruct mail servers to quarantine or reject such emails, or to deliver them. DMARC reports give administrators the information they need to adjust their DMARC policies.

Implementing SPF and DMARC involves several steps:

For more information regarding the different variables and parameters that can be optionally included in your SPF record to fine-tune its performance, please see: https://mxtoolbox.com/dmarc/spf/setup/how-to-setup-or-modify-spf

*Replace [email protected] with an address of your choosing which you have access to.

Begin by creating a DMARC record with enforcement set to none (p=none;). This will allow you to start receiving reports without risking messages from your domain being rejected or marked as spam by receiving servers. We suggest using this record for a minimum of one week, as this is usually sufficient time for the daily reports to contain data that is representative of all your mail streams. After monitoring DMARC reports for at least a week with no adverse results, update your policy to quarantine (p=quarantine;), or the more strict policy of reject (p=reject;) .

Updating your domain's DNS records first starts by determining who hosts these records in the first place. If you are unsure who hosts your DNS records, perform a WHOIS search of your domain via the button below.

Scroll through the results until you reach the list of three name servers assigned to your domain. These servers are where your DNS records reside. Contact the service provider associated with these name servers for assistance.

If Webnames.ca is your DNS provider, and you have DNS Hosting services with us, your DNS record interface is located in one of two places:

Visit your list of domains that have Website Hosting:

Click on the Manage button beneath the Web Hosting heading of the applicable domain name.

On the subsequent page, scroll down to the Hosting Logins section and click the Login button in Hosting Control Panel.

In the Hosting Control Panel, locate and click on DNS Settings in the main center panel.

Add or update your SPF and DMARC TXT Records:

Click OK, and wait up to six hours for this change to propagate across the internet.

Click on the Manage button beneath the DNS heading of the applicable domain name.

On the DNS Hosting tab, scroll down to the TXT records section of the page.

Add or update your DNS TXT Records:

Click Apply at the bottom of the page, and wait up to six hours for this change to propagate across the internet.

If your domain has neither DNS nor Website Hosting already, more information about purchasing our DNS Hosting can be found here:

By implementing SPF and DMARC, you can significantly enhance the security of your email communications, protect your domain’s reputation, and ensure your emails reach their intended recipients.