About
This article covers creating and verifying DNS record for the On-Premise Gateway.
Basic
The most basic record is an A record. An A record resolves a domain name to IP.
For example:
www.google.com resolves to 172.217.9.14
Advanced
DNS is split into the following areas.
- SPF Records
- PTR Records
- DKIM Records
SPF Records
Sender Policy Framework(SPF) is an open standard developed to help prevent sender address forgery. When deploying and managing your own mail server it is important to take the time to implement a properly constructed SPF record to help prevent this fraudulent activity.
SPF records work by implementing a TXT DNS record for the domains you own and will be sending email from. This TXT record creates your policy indicating to the recipient mail servers the hosts that are authorized to send outbound email.
The Virtru Email Gateway will be sending (relaying) emails from your domain so it is important to take note of the public IP address that will be directly assigned and/or used to NAT traffic from the gateway to the internet. This IP address is what the recipient email servers will see as your source address.
Example SPF Record:
SPFTXT @ "v=spf1 ip4:123.123.123.123 a:example.com include:_spf.google.com ~all"
Detailed overview of the SPF standard is beyond the scope of this document but there are a number of great resources available online.
Before sending a significant volume of email its important to validate your SPF record to ensure your mail server does not get poor reputation scores in a variety of spam prevention databases. Below you will find a few online resources to help with this validation.
SPF Validation Resources:
- https://mxtoolbox.com/spf.aspx
- http://www.kitterman.com/spf/validate.html
- http://tools.bevhost.com/spf/
SPF Resources: