DMARC, DKIM, and SPF on custom DNS nameserver

Options
JFields
JFields Posts: 3 Spectator
edited February 21 in Email

Hello Spectrum Community,

I am a Spectrum Business customer. I have called into Spectrum Support several times requesting the DKIM and SPF information. I am having massive trouble getting the information I need. I host my DNS records through a 3rd party provider and not through Spectrum.

Every time I call they tell me to reach out to a 3rd party mail provider, and when I call this mail provider they inform me that they do not host my Spectrum email. They inform me to get a hold of Spectrum to get the information I require. I call Spectrum back and after sitting on hold for 15 minutes, the Spectrum representative reads me my current DNS records that I created by guessing the information.

Currently, my mail is marked as "Spam" to the receiving party because DKIM fails. I have created my own SPF record, as the mail server's public addresses cannot be provided to me when I call in - I literally just guessed the mail servers public IP address to create the SPF record.

I was making do and alright with this until today. Specifically Google (GMail) and Yahoo is now pushing a requirement to have a DMARC & DKIM record listed for email. I can easily create the DMARC, but I cannot guess or create the DKIM. From my understanding, the DKIM public key has to be provided to me by the mail host. In order to create a proper SPF record, I need the public IPs of the mail server.


Here is an article about the changes coming in February 2024 regarding Google and Yahoo:

Here is an article on DKIM:


At the present time, I am starting a search for another mail provider, and probably downgrading back to a residential circuit. I hope someone here can help with my request for a DKIM record and the public IP addresses of the mail server. Otherwise, I have a lot of updates and changes to do in the next month. I highly appreciate replies and input on this issue.

Thanks,

Jon

Tagged:

Answers

  • HT_Greenfield
    HT_Greenfield Posts: 761 Contributor
    Options

    You should be able to determine the hostname and IP address of the applicable email server from the same email message header/source by which you found the DKIM fault in the first place and then the applicable "ESP" to contact for the the DKIM info via DNS from that.

    ISP's don't necessarily offer you-know-what email services, even biz-wise, by the way.

    🔗https://blog.hubspot.com/marketing/what-is-an-esp

    🔗https://www.spectrum.com/policies/spectrum-business-internet-acceptable-use-policy ↳ 4. NO you-know-what

    Out of my league, though, so you take this with a grain of salt, yet, nevertheless, if you need an "ESP," get one.

  • JFields
    JFields Posts: 3 Spectator
    Options

    Hello HT_Greenfield,

    Thank you for the reply and good reading. I actually didn't know that Spectrum didn't like mass emails, and luckily for me, I am not doing #4. Specifically right now, when I email a customer directly to answer questions, I receive a DMARC report back stating that my email has been marked SPAM / Junk. I then have to tell my customer to look in their Spam or Junk folder to find my email through a text message.

    This is why I need Spectrum to give me the public DKIM record, so when I directly email a customer I am no longer marked as Spam or Junk. The DMARC report clearly shows the SPF record as passing, DKIM failing, and marking the message as Spam.

    As for marketing emails, I do have a system for that and I do not use Spectrum emails for it. I apologize I wasn't clear on this before. With Yahoo and Google cracking down, I imagine DKIM will become a requirement for all emails. Hopefully this information helps and thank you for the reply!

    ~Jon

  • HT_Greenfield
    HT_Greenfield Posts: 761 Contributor
    Options

    You're welcome and my bad for talking out of turn.

    Stupid question: Is the DMARC report you are receiving literally saying that a receiving server is literally quarantining messages from your email server, or an ESP sending email on your behalf, simply due to no DKIM signature despite good SPF or is it saying that SPF is good, DKIM isn't, and, by the way, your DMARC policy is set to have the receiving server quarantine when neither is good?

    Another stupid question: can and do you have your ISP sending email on your behalf ESP à la mode?

  • JFields
    JFields Posts: 3 Spectator
    Options

    Hello HT_Greenfield,

    No, thank you for the info!

    This is a lot of information to break down, so here goes:

    DMARC report is stating that the rule I have in place will mark the message as SPAM/Quarantine. This was done at the recommendation of my marketing / advertising system. The marketing / advertising system has provided me with a DKIM record and SPF record for their email servers, so anything I send from there on behalf of my domain goes into an Inbox just fine. This is also the same system I use for invoices (which is more common than marketing emails).

    The DMARC is setup to quarantine when any record fails to match. I have considered changing this setting; however I also do not want to mess up my invoices from going into someone's inbox either. I suppose it couldn't hurt to try but I would prefer getting the public DKIM from Spectrum or a proper SPF record (at the very least all the IP's/hostnames of the authorized email servers).

    As for the last question, as I understand it, you are asking if my marketing system is using the Spectrum mail server to send out emails on my behalf. The answer is no, the marketing system has it's own email server that it uses and is completely separate from Spectrum's mail server.

    If you're asking how I connect to get my emails, I specifically have Outlook configured to connect to the indy.rr.com mail server via IMAP. I hope this information is helpful and thank you very much for the reply.

    ~Jon

This discussion has been closed.