DKIM and SPF are email authentication mechanisms that ensure genuine emails reach the intended recipient's inbox and avoid being flagged as spam.
DKIM allows checking whether an email is received from the specific domain that is authorized. These signatures are generally not visible to the end users, and the recipients must verify them.
Elena Yau, Director of Information Technology at Five Acres believes that setting up DKIM and SPF records is part of an effective strategy to mitigate cyber risks in 2024.
"I believe that the lowest hanging fruit to enhance cybersecurity globally is email since that is a common denominator across all organizations. As a community effort, I recommend that all organizations review their SPF, DKIM and DMARC and set up policies like Paubox’s ExecProtect to prevent spoofing authorities in their organization that deals with personnel records, financials, internal operations and has authorities for approval."
She explains, "If you wonder why your CEO, new account, or new HR person is spoofed, look at your SPF, DKIM, and DMARC."
Related: How to comply with Google's new email sender guidelines
SPF is a framework that allows a domain owner to specify which IP addresses or servers are authorized to send emails on behalf of their domain. It's essentially a list of authorized mail servers that can send emails from a specific domain. When an email is received, the recipient's email server checks the SPF record of the sender's domain to verify that the sending server is allowed to send emails on behalf of that domain.
See also: HIPAA Compliant Email: The Definitive Guide
Access the DNS management settings provided by your domain registrar, email service provider such as Google Workspace, or hosting provider such as Godaddy. This is where you'll make changes to your DNS records.
For this example, let's assume you're using Google Workspace as your email service provider:
Log in to your Google Workspace admin console.
Return to your DNS management interface and create a new TXT record with the following details:
Save the new TXT record and publish the changes. DNS updates may take some time to propagate across the internet, usually a few hours to a day.
After the DNS records have propagated, you can verify your DKIM setup:
See also: What information is protected by HIPAA's security rule?
Log in to your domain registrar's website or hosting provider's dashboard.
Access the DNS management section. Look for options like "DNS Management," "Domain Settings," or "DNS Configuration."
DNS changes may take some time to propagate across the internet. This process typically takes a few hours to a day.
After the DNS changes have propagated, you can verify your SPF setup using various online SPF record validation tools or by sending test emails and checking the received email headers.