DMARC Analyzer - Creating DNS Entries and SPF Record for Subdomains

Updated

This article contains information on creating and updating SPF and DNS records to authenticate email, including steps for adding Mimecast IP ranges, validating records, and configuring subdomains for secure email delivery.

Creating a DNS Entry

If you wish to implement SPF for your domain, you'll need to create a corresponding TXT DNS record. By adding our IP Ranges to your TXT / SPF record, you ensure Mimecast is allowed to send mail carrying your domain name.

To create a DNS record:

  1. Update the SPF records for your domains with the information displayed in the application under SPF Record, as shown below:
Connect Application Implementing SPF for Outbound Email Delivery_3
  • If you are allowing other hosts to send as your domain.  You can add additional hostnames using the include : and the hostname before the ~ all in the SF record.  Adding the additional includes after ~ all will not be checked by receiving organizations.
  • Only use the SPF record displayed in the application, as there are regional differences (i.e. "eu" for Europe in the above image). The regional records are also listed in the "Implementing SPF for Outbound Email Delivery" section above. If you're not the person responsible for this task, click the Share link to send an email containing the required details to someone who is.
  1. Log in to your Domain Registrar.
  2. Update/replace each domain's SPF record to specify us as the authorized outbound service.
  3. If all email for your domains will be routed via us, remove all previous SPF records.
  4. Other outbound sources for your domain may require a combined SPF record. In this instance, ensure you include the Mimecast "xx_netblocks.mimecast.com" entry before creating a mail flow connector. To determine what "xx" is, refer to step 1 above.

See the "Implementing SPF for Outbound Email Delivery" section in the Email Security Cloud Gateway - Configuring DNS Authentication Definition page for additional information.

  1. Optionally test your SPF record:
  2. Navigate to Platform | Set Up Your Outbound Email in the Connect Application.
  3. Select your domain from the Record to Validate drop-down menu.
  4. Click on the Validate button. One of the following messages will display:
    • A green tick confirms the SPF record is valid.
    • A red exclamation confirms the SPF record is invalid.
  1. Click on the More or Less links to view further information about the SPF record and toggle the display.
  • This  step performs a TXT record lookup and validates the SPF record entry. You can have more than one mechanism (IP/Host), but Mimecast must be the first one listed.
  • A maximum of 10 DNS lookups are allowed on the SPF records. IE the Mimecast lookup is one DNS lookup.

Creating an SPF record for your subdomains

SPF policies do not automatically get inherited by subdomains. If you use SPF to authenticate your emails and you are sending emails using subdomains, you would need to individually configure SPF records for these subdomains by making modifications to your DNS entries. Steps for adding the SPF record would be the same as when adding a main domain. 

Related to

Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.