Rackspace Email - DMARC / DKIM: What It Is & How to Setup

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
[Music] watching this video you're obviously looking for more information about D K m and D mark we'll begin with D mark D mark stands for domain based message authentication reporting and conformance or D mark for short d mark is a record type that tells recipient mail servers what to do with messages that pass or fail their SPF and DKIM checks D mark was a record type designed to help prevent spoofing and other ways that fraudulent mail is being sent let's look at it with kind of a real world analogy say you're buying concert tickets to your favorite show you get sent the tickets in the mail and when you show up but they have to validate your tickets in some way to allow you inside they scan your ticket if you do have the correct ticket they let you in if you don't have the correct ticket they don't allow you in it's that simple now let's talk about what a Demark record actually looks like a Demark record is a txt record that you will need to input with your domain host in your DNS you want to input the first part the host name beginning with underscore d mark dot and then replace your domain com with the domain that you would like to set this record up before the TTL for this record will need to be set to the lowest possible typically around 1 hour is perfect the record type as we mentioned is txt and the value is where you'll specify what the record actually does this first part of the value V equals D mark 1 just tells the Internet that this is a d mark record in the record type the second part is where you specify what you want recipient mail servers to do with your emails the policy we recommend starting with is P equals none this is known as a reporting only policy once you're comfortable with the reporting only policy you can scale it up to P equals quarantine and that tells recipient mail servers to warranty norm of the messages to the spam folder for any messages that fail their SPF or DKIM techs the third option we have here is to set P equal to reject that tells recipient mail servers to outright reject any messages that fail their SPF and/or D Kim checks third part of this is very important as well are you a equals mail to here you'll want to substitute chosen - email at your domain comm for whatever email you would like to receive the reports generated by this about your domain again this is going to help you receive reports on fraudulent emails that are being received across the internet that are sent by your domain it's very important to monitor now that about sums up D mark but D mark only applies to messages as their incoming into a mail environment what can you do about messages that you're sending out the solution we have for that is called D Kim D Kim stands for domainkeys identified mail and it works by having your sending mail server' stamp each one of your messages with a private key that the recipient mail server can then decode on their end with the public key available in your dns now to continue our analogy with the concert we were using earlier for d kim signing imagine that you are the rock star you want all of your concert goers that buy tickets to know that the tickets they're getting are legitimate so to do that you're gonna stamp your outgoing messages with a unique identifier so that when they receive that they'll be able to know for certain that the ticket that they have is genuine once you have your messages stamped to show their validity DCAM in this analogy you still need to make sure that you have a security guard at the gate checking tickets your d mark record will be your security guard to check each message for validity as it enters the stadium remember your D Kim signing will not work on its own you need a D mark record to enforce your policy with other mail providers if there is no security guard your d mark record even people with counterfeit tickets would be able to get in to see your Rock Show now let's take an example about what that record will actually look like in your DNS the first part here in the hostname began with the selector they'll be given to you by your male host at the time you turn on your dkm signing after the selector number input period underscore domain key dot then you'll replace your domain comm with the domain that you're looking to set this record up before the TTL should be the lowest possible the record type will be txt as well the value has three parts the first part V equals D chem one specifies that this is your D chem record second part K equals RSA specifies the encryption key that will be used for your public key and the third part is the public key itself P equals will replace these asterisks with a long string of letters and numbers will be generated specifically for your domain at the time that signing is turned on we'll go over the selector that is generated and the p value public key and one of the following steps in this video in the next step we'll take a look at actually generating the key that you will input into your DNS to follow along with these steps please keep in mind that these steps specifically apply to our mail environment and if you have a different mail provider I need to contact them for their recommended steps for how to set this up now we're gonna see how to actually turn on dekum signing for your domain from within the control panel if you follow along through these steps with me right now if you scroll down from the home page to beneath the domains heading you'll see the option for sender authentication DKIM will click on that it may take a moment for this screen to load but once it does you'll see the list of domains that you have available in your control panel to enable TEM signing for and this one we're gonna turn it on for email help vids com so go ahead and click on the text of your domain you'll see this option D Kim is currently disabled I'll click the option to enable D chem for this domain and you'll see here the progress is showing as enabling and it will generate the records including the selector that we're going to need to input and the public key that will be put in your DNS and the record that we went over previously now that you have your selector and public key you'll be able to input the DNS record we mentioned previously but substituting the example for the records that you now have once you input the record within your DNS the control panel will check to make sure that those records are active and propagating and then you'll be all set to have your messages signed with decamp now that we have dekum turned on for your domain there are a few special situations to keep in mind if you have any of the following enabled disclaimers Auto forwarding exchange contacts or group lists it would be recommended to contact your email administrator for more information before turning on DCAM signing for your domain another thing to keep in mind is that we recommend setting up your SPF record before implementing your D command D Marc policies your SPF record is referenced in your D Marc policy and so in order for it to perform correctly we do recommend setting that up first if you have any questions about how to set up an SPF record or about DNS records in general please see the other videos that we have available as well we've talked a lot in this video about different types of records DCAM which is your message signing on outbound messages and d mark which is the policy you enforce as no servers receive your mail of course if you have any further questions and our Rackspace customer please reference our email help tool at email help Rackspace comm or give us a call at our support line available in the top part of your Rackspace control panel thank you for watching this video and enjoy the rest your name you [Music] you [Music]
Info
Channel: Rackspace Cloud Office
Views: 56,309
Rating: 4.950963 out of 5
Keywords: Rackspace, Rackspace Email, Email, Outlook, Microsoft, Office 365, Technology, DMARC, DKIM, Spoofing, Phishing, Prevent Spoofing, Spoofing Prevention, Spam Prevention, Fraud, Spam, Domain Keys Identified Mail, Domain, Keys, Identified, Mail, Message, Authentication, Reporting, Conformance, DNS, SPF Records, SPF
Id: qbBGQuYUIpk
Channel Id: undefined
Length: 8min 36sec (516 seconds)
Published: Mon Sep 25 2017
Related Videos
DMARC and Office365
Global Cyber Alliance
55K
How To Setup DKIM in 3 Steps - Set Up DNS & EMail
RAZR
74K
How to Spot Any Spoofed & Fake Email (Ultimate Guide)
ThioJoe
329K
Rackspace Email - Spoofing: How to Identify & Protect Your Organization
Rackspace Cloud Office
22K
Introduction to the Sender Policy Framework (SPF): A Closer Look
Global Cyber Alliance
48K
Enable DMARC on Office365 | New update video link is in description
Technology Wanderers
22K
Simon Sinek 2021 - The Speech That Broke The Internet - Most MOTIVATIONAL Ever
Alpha Leaders
403K
DMARC for Dummies
PowerDMARC
283
Hands-On With the Helm Personal Email Server
TWiT Tech Podcast Network
9.3K
Holy Trinity of e-mail delivery - SPF, DKIM and DMARC explained
PB Com
20K
Enhancing email delivery with SPF, DKIM and DMARC
Amit Nepal
28K
DMARC Training-2: DMARC Identifier Alignment
MAAWG-Messaging, Malware and Mobile Anti-Abuse Working Group
8.2K
Email Help - Blacklisting / Safelisting With Rackspace Email
Rackspace Cloud Office
856
Inside the mind of a master procrastinator | Tim Urban
TED
44M
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.