You can use the email security settings to prevent attackers from using your domain for forged sender addresses.
The DKIM, SPF, and DMARC methods are available for this purpose.
DKIM
DKIM stands for DomainKeys Identified Mail.
This method adds a digital signature to outgoing emails. This allows receiving mail servers to verify whether an email actually originated from your domain and whether it was altered during transmission.
How it works
DKIM uses a key pair.
Private Key
Stored on the mail server and used to sign emails.
Public Key
Published in your domain’s DNS and used by receiving mail servers for verification.
Enable DKIM
The Enable DKIM function automatically generates a key pair.
If you use the konsoleH nameservers, the system can set the necessary DNS record automatically.
If you use external nameservers, you must enter the displayed TXT record manually in the DNS.
Use Your Own Keys
You can use your own key pair.
The private key must not be password-protected.
SPF
SPF stands for Sender Policy Framework.
This procedure defines which mail servers are authorized to send emails on behalf of your domain.
The SPF entry is stored as a TXT record in your domain’s DNS.
How it works
You define authorized mail servers in the SPF record. These can be individual IP addresses, IP ranges, or hostnames.
Receiving mail servers use this entry to verify whether an email was sent from an authorized server.
SPF with konsoleH Nameservers
When you use konsoleH nameservers, the system automatically sets a default SPF record.
⚠️ Issues may arise if you send emails via external services not included in the SPF record.
In such cases, you must add the relevant mail servers to the SPF record.
DMARC
DMARC stands for Domain-based Message Authentication, Reporting, and Conformance.
DMARC builds on the SPF and DKIM protocols and specifies how receiving mail servers should handle emails that fail these checks.
Additionally, DMARC enables the sending of reports regarding failed checks.
How it works
You configure DMARC via a TXT record in your domain’s DNS.
Among other things, this record defines:
- which policy to apply
- whether reports on failed checks should be sent
- how strictly the check should be performed
Receiving mail servers use the DMARC record to verify whether an email has passed the SPF or DKIM check and whether the sender matches the domain.
Possible Policies
DMARC can define different policies.
none
The receiving mail server delivers the email and only performs an evaluation.
quarantine
The receiving mail server may treat the email as spam.
reject
The receiving mail server rejects the email.
Creating a DMARC Record
You store the DMARC record as a TXT record in your domain’s DNS.
A typical entry might look like this, for example:
_dmarc.example.com IN TXT “v=DMARC1; p=none”You choose the policy based on the desired configuration of the domain.