How to set up email authentication
Email authentication is essential to prevent phishing, spoofing, and other types of cyber attacks that could compromise your email security.
In this tutorial, we will guide you through a few simple steps to set up and manage your email security using SPF, DKIM, and DMARC.
- Authentication Setup
- SPF Configuration
- DKIM Configuration
- DMARC Configuration
- Reset SPF/DMARC record to default configuration
Implementing these authentication measures will not only strengthen your email security but also ensure that third-party recipients correctly receive and recognize your messages. Proper configuration of SPF, DKIM, and DMARC is essential to establish trust in your electronic communications, helping to prevent identity spoofing and ensuring your emails reach their recipients legitimately.
Below, we will continue detailing each step so you can easily follow the process and strengthen your email protection.
First of all, log in to your cdmon control panel and go to the hosting management you want to configure. From there, go to email management and access "Email Authentication":
When accessing this, you will first see the DNS status of the domain you are configuring. Our control panel will detect whether you have the DNS servers with us or with another provider. The only implication of this is that you need to configure the records that will be shown later in the corresponding DNS panel.
If your domain's DNS server is configured with cdmon, the panel shows the following notification, indicating that Automatic Configuration applies:
On the other hand, if your domain's DNS server is configured with a provider other than cdmon, i.e., an external DNS server, the panel will show the following notification:
If the domain is with another cdmon user who is configuring the DNS for this hosting, meaning one user manages the hosting and another user manages the domain, the following message will appear stating that DNS records must be created manually.
At the bottom, you can find the authentication settings, which show the different records you can configure: SPF, DKIM, and DMARC.
IMPORTANT: If when accessing this section you observe that the records are marked in green, this means that they are already active (Status: Correct). No specific action needs to be taken; the records are already created and are fulfilling their protective function for the email service.
You can use this window as a validator for these records. If these records appear in any other state (Status: Incorrect/Regular), we suggest following the instructions shown below to activate each one:
The SPF (Sender Policy Framework) is an authorization list for your emails. It tells email servers who is allowed to send messages on your behalf, preventing identity spoofing.
One reason this SPF record appears in red (Status: Incorrect) is that no prior configuration has been made. Remember that cdmon will be configuring it between January 8 and 20, 2024 for all customers who have DNS with us. To start the SPF activation process, you must enable the “Advanced options” located in the top right corner of the box:
When enabling advanced options, the panel will show the DNS record that needs to be created to activate SPF. You must copy the text that appears under “Recommended value” and manually create a record in the domain's DNS management:
Next, access the zone record management for your domain. By clicking on this link, you can access our help on How the static DNS panel works.
Once you are inside your domain's DNS panel, you must create a new DNS record with the following configuration:
- Record type: TXT/SPF
- TTL value: 900
- Host/Redirect: @ The domain
- Value: v=spf1 include:_spf.srv.cat ~all
Below, we attach an image showing what data to enter in our control panel for configuration; you must replicate the data on your domain:
IMPORTANT: If you have an external DNS server other than cdmon, you must create this record in your respective DNS panel; the data to enter is exactly the same.
Once you have created the DNS record and the change has propagated, you can access the Email Authentication window again, and it should show Status: Correct as it detects the DNS record without issues:
DKIM is a digital signature for your emails. It allows recipients to verify that the message has not been altered since it was sent, which also prevents email fraud.
Currently, all cdmon hostings have an activated DKIM (.srv.cat). This is a generic cdmon domain and is valid for authenticating your emails.
DMARC is a security supervisor for your emails. This protocol uses SPF and DKIM to ensure that the messages you receive are legitimate. It also defines what to do with email addresses that do not have these security protocols active on their respective mail servers.
One reason this DMARC record appears in red (Status: Incorrect) is that no prior configuration has been made. Remember that cdmon will be configuring it between January 8 and 20, 2024 for all customers who have DNS with us. To start the DMARC activation process, you must enable the “Advanced options” located in the top right corner of the box:
When enabling advanced options, the panel will show the DNS record that needs to be created to activate DMARC. You must copy the text that appears under “Recommended value” and manually create a record in the domain's DNS management:
Next, access the zone record management for your domain. By clicking on this link, you can access our help on How the static DNS panel works.
Once you are inside your domain's DNS panel, you must create a new DNS record with the following configuration:
- Record type: TXT/SPF
- TTL value: 900
- Host/Redirect: A specific subdomain -> _dmarc
- Value: v=DMARC1; p=none; aspf=s; adkim=r
Below, we attach an image showing what data to enter in our control panel for configuration; you must replicate the data on your domain:
IMPORTANT: If you have an external DNS server other than cdmon, you must create this record in your respective DNS panel; the data to enter is exactly the same.
Once you have created the DNS record and the change has propagated, you can access the Email Authentication window again, and it should show Status: Correct as it detects the DNS record without issues:
Only if the domain has automatic configuration of DNS (the user manages the DNS records and the domain points to the cdmon server) can you reset the value of the SPF and DMARC record directly from our control panel. This function is useful for those who need to revert custom changes to the configuration recommended by our service. Here is how you can use this functionality:
To reset the current SPF and DMARC record, click on the "Advanced options" of the record in question, and in the box of the Current SPF Value or Current DMARC Value, an icon in the shape of a circular arrow appears, located all the way to the right:
Reset SPF record:
Reset DMARC record:
Before proceeding with the reset, the panel will ask for one final confirmation; click "Accept" to continue.
Related Articles
How to enable two-factor authentication (2FA) on SOGo
Two-factor authentication (2FA) adds an extra layer of security to your SOGo account. Once activated, you will need your password and a temporary code generated by an app on your phone (like Google Authenticator) to log in. This guide shows you the ...Closure of port 25 and changes in email authentication
Important: If your email client is still using port 25 for sending emails or has outdated authentication settings, email sending may stop working. What should you do? You should review your email client settings and update: the outgoing port (SMTP), ...How to set up cdmon email in Gmail
We have the best virtual servers If you have a cdmon mail account, you can configure it with Gmail in four steps. In this case, we use the account “videos@laboratoriocc.click” as an example. You should replace this address with the name of the email ...How to add email in MAC OS MAIL
Domain with email IMPORTANT: For security reasons, port 25 has been disabled for sending emails. If your email client is configured with this port, you must update it to continue sending emails. New recommended configuration: SMTP Server: ...How to add a cdmon email address in Thunderbird
IMPORTANT: For security reasons, port 25 has been disabled for sending emails. If your email client is configured with this port, you must update it to continue sending emails. New recommended configuration: How to change the outgoing port in ...