Email Hygiene: The new requirements and what you need to do

To add, edit or delete a DNS record, go to Site Tools > Domain > DNS Zone Editor.

1. Go to your Domains page.
2. Click the More actions icon next to the relevant domain.
3. Click Manage DNS Records.

1. Open the Domains panel. If your domain is linked to a parking page, log into your parking page to view your unique Home menu instead.
2. Click the domain name. If you have multiple Squarespace domains, you’ll manage their DNS records separately.
3. Click Edit DNS.

1. Log in to Weebly.
2. Click the Domains from the Dashboard.
3. Click the appropriate domain and Edit the DNS Records

Specifies which IP addresses are allowed to send emails on behalf of a domain.

Uses digital signatures to verify that the content of an email has not been altered in transit and that it genuinely comes from the stated sender.

DMARC allows the domain owner to publish a policy on how their emails should be handled if they fail authentication checks.

The policy can be set to “none” (monitoring mode), “quarantine” (mark as spam), or “reject” (do not deliver).

DMARC provides detailed reports to the domain owner about email authentication results.

These reports include information on which emails passed or failed authentication and may include data on sources attempting to send emails on behalf of the domain.

If you don’t it will generate one for you at the link in the first step when you click “Check DMARC Record”

Once you have finished creating your record, go to your DNS hosting provider and create a new TXT record with the output from MxToolbox.

The sender generates a pair of cryptographic keys – a private key and a public key.

The private key is kept secure on the sender’s mail server, while the public key is published in the DNS (Domain Name System) records associated with the sender’s domain.

When the sender sends an email, the email server signs the email with the private key, creating a unique digital signature.

The digital signature is typically added to the email header.

The public key used for signing is made available to recipients by publishing a DKIM DNS record in the sender’s domain.

The DKIM DNS record contains information about the public key and the selector, which helps the recipient locate the correct public key.

When the recipient’s email server receives the email, it retrieves the DKIM signature from the header.

The recipient’s server then uses the public key retrieved from the DKIM DNS record to verify the signature.

If the signature is valid, it indicates that the email was signed by the private key corresponding to the public key in the DNS record and that the email content has not been tampered with.

Enter your info like this:
email._domainkey.yourdomainhere.com

If you don’t it will generate one for you at the link in the first step when you click “Check DMARC Record”

Once you have finished creating your record, go to your DNS hosting provider and create a new TXT record with the output from MxToolbox.

The domain owner publishes an SPF record in the DNS settings for their domain.

The SPF record contains a list of authorized mail servers (IP addresses or hostnames) that are allowed to send emails on behalf of the domain.

When an email is received, the recipient’s mail server checks the SPF record of the sending domain.

If the sending mail server’s IP address matches one of the authorized addresses in the SPF record, the email is considered authenticated.

SPF helps prevent email spoofing by ensuring that only authorized servers send emails using the domain’s identity.

If an email is sent from an unauthorized server, the recipient’s mail server may mark it as suspicious or reject it based on the SPF policy.

1. Gather IP addresses used to send email
2. Make a list of your sending domains
3. Create a SPF record

Once you have finished creating your record, go to your DNS hosting provider and create a new TXT record. Then, go back to the first step and check that it’s all set!