Configuring SPF and DKIM for your Email Domain

SPF and DKIM are fundamental email authentication protocols that can help protect email senders and recipients from spam, phishing, and spoofing. SPF allows your recipients to know whether emails from your domain, are in fact sent by you while DKIM verifies whether the emails are generated, from the authorized servers of the sending domains. Both SPF and DKIM are added as TXT records in your DNS settings.

Availability

Permission
Users with the Support Administrator permission profile can configure SPF and DKIM for email domain.
Check Feature Availability and Limits

Understanding SPF 

At the most basic level, SPF establishes mail servers that you've authorized to send emails. This way, receiving mail servers can validate whether the emails sent by you originated from a server that has permission to send on your behalf. The following steps will describe how SPF works:

1. Creating an SPF record: As the domain administrator, you establish a policy that defines which mail servers are authorized to send emails from your domain. This policy is called the SPF record.
   
2. DNS lookup: An incoming email will be verified for the bounce domain in DNS. Then, the inbound mail server will check whether the IP address of the mail sender matches the IP address specified in the SPF record.
   
3. Outcome: Now, based on the rules specified in your domain’s SPF record, the mail server decides whether to deliver, flag, or reject the email message. This ensures that legitimate emails sent from your domain are delivered to your customers.

Understanding DKIM 

DKIM is an email security standard that allows you to claim responsibility for emails in a way that can be validated by the recipients. This is done using a public key and private key to sign and verify emails sent from your mail server. The following steps will describe how DKIM works:

1. As the domain administrator, you publish a public key as a TXT record in the domain’s DNS records.
   
2. When you send an email, the outbound mail server adds a unique digital signature to the email headers. This header will contain two hashes, one of the specified headers, and one of the message body.
   
3. When an inbound mail server receives the email, it checks if a DKIM-Signature field exists in the header.
   
4. If the signature exists, it uses the public key in the DNS to validate the signature. If the two values match, it indicates that the email was indeed sent by you and is unaltered in transit.

Email domain authentication steps

Authenticating your email domain in Zoho Desk is a simple four-step process:

1. Add a "From" email address to your Zoho Desk account.
   
2. Copy the SPF and DKIM record values for the "From" email address.
   
3. Go to your domain hosting website's settings page, paste the copied record values, and publish them to the DNS servers.
   
4. After your records are published, verify your domain back in the DKIM verification page inside Zoho Desk.

Step 1: Adding From Email Address 

1. Go to Setup (  ) > Channels > Email.
2. Select From Address under the Email sub-menu.
   
3. Click New From Address in the top right corner.
   
4. On the New From Address page, do the following:
   
1. Select a Department (when you've more than one) from the drop-down menu.
   
2. Enter the From Address to be used while replying to tickets. For example, support@zylker.com.
   
3. Enter a Friendly Name for your From Address.
   
5. Click Save.
   You will receive a verification email to the email address you just added.
6. Please verify the email address before we proceed to Step 2.

Note: DKIM and SPF authentication are not available for "From" addresses that send emails using your own SMTP servers.

Step 2: Copying SPF and DKIM Record Values 

1. Go to Setup (  ) > Channels > Email.
2. Select DKIM Authentication under the Email sub-menu.
   
3. On the DKIM Authentication page, do the following:
   
1. Click Verify corresponding to the domain name of your "from" email address.
   The DKIM Authentication window opens.
2. Click the Copy button next to the text records.
   You need to create a TXT record with these values in the DNS Manager.

Step 3: Setting up SPF and DKIM records for your domain 

1. Go to your domain hosting website from where you have purchased your domain (GoDaddy.com, Cloudflare, BlueHost, etc.).
   
2. Paste the Selector Values and the TXT record values copied from your Zoho Desk account in your domain's DNS settings.
   
3. Click Publish.
   Note: DNS setup usually updates within 24-48 hours, and your email domain will be verified after the update is complete.

Step 4: Verifying your Email Domain 

After the SPF and DKIM records for your email domain have been published on the DNS servers, follow the steps given below:

1. Back in Zoho Desk, navigate to the DKIM Authentication page.
   
2. Click Verify corresponding to the domain name whose SPF and DKIM records were published on the DNS servers.
   
3. The DKIM Authentication window opens.
   
4. Click Verify.
   If the DKIM records have been validated for the email domain, the domain's status will be changed to Verified.

Note: Zoho Desk will look up and verify whether the DKIM TXT records exist in your DNS once every two days.

• Related Articles

• Setting up your Email Channel

  Emails are the most widely used mode of communication for your customers to submit tickets to your Zoho Desk. The emails received from your customers are converted into tickets and assigned a unique ticket ID. All you need to do is to forward the ...

• Forwarding your Support Emails to Zoho Desk

  Create support tickets in Zoho Desk by forwarding the emails received at your external email address. You must configure a forwarding rule (in your email client) to route the emails received in your mail client to an equivalent email address in Zoho ...

• Domain Mapping

  Provide customer support from your own domain with Zoho Desk. By default, the web address of your Help Center is a Zoho Desk subdomain such as "portalname.zohodesk.com/portal". However, you can personalize this so that your customers can submit their ...

• Sending Email to Contacts and Converting it to a Ticket

  Customers often reach the support team via phone, live chat, or other channels to seek immediate assistance. Issues such as failed payment or recurring problems with a purchased product can be solved faster over a phone call with the support agent. ...

• Following, Commenting, and Viewing original email headers in Tickets

  Following Tickets Following support tickets keeps you up-to-date with your activities. When you follow tickets, the email conversations, comments, statuses, and other details will display in your Notification Center. To follow support tickets In the ...