Email Authentication SPF and DKIM help !!!

Discussion in 'Free Hosting' started by simon.evanz48, Jul 26, 2012.

Thread Status:
Not open for further replies.
  1. simon.evanz48

    simon.evanz48 Member

    Messages:
    32
    Likes Received:
    0
    Trophy Points:
    6
    Hi,

    I am in the process of setting up Google Apps for domain, mostly for there offerings of up to 50 extra email accounts plus a couple of features, etc..

    I am having some problems trying to secure my domain from spammers and would like to know how to *properly* setup the Domain Keys Identified Mail (DKIM) standard on my addon domain.
    which is:- wampbox.co.uk

    My primary question is: How do I make my addon domain become the SOA on the x10hosting Servers. (or indeed if that is possible) as stated in the following error message:

    The following is the cPanel warning I receive when I try to alter/save the SPF records:
    In order to ensure that SPF or DKIM takes effect, you must confirm that this server is an authoritative nameserver for <mydomain>.elementfx.com. If you need help, contact your hosting provider.

    Status: Enabled Warning: cPanel is unable to verify that this server is an authoritative nameserver for <mydomain>.elementfx.com.

    in order to use my own domain name I have pointed it towards x10hosting name servers (ns1.x10hosting.com & ns2.x10hosting.com)

    - This has been done and I am receiving traffic on my add-on domain. [OK]

    Now I am left with the above error message in the SPF section of cPanel on my domain.
    Can someone please shed some light on my situation and help point out what I may have done wrong, or indeed the steps required to setup DKIM for my addon domain.

    FYI:


    I have also followed the setup instruction during the DKIM setup stage from within Google Apps (for domains).

    It recommended adding the following as a TXT record to my DNS zone for my addon domain to establish DKIM:

    [KEY] google._domainkey
    [TTL] 14400
    [Value] "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADC<lots_more_chars_...>, etc, etc...."


    During the setup phase of SPF I needed to retrieve the IP addresses of all Authorized email servers that will be allowed to send mail for my domain. As I am going to be using google Apps mail servers I was required to locate All the Additional Ip blocks for your domains (IP4) records which will be used to send mail for my domain.

    I queried Google's SPF records to acquire the additional IPv4 address ranges so as to able to setup my own SPF TXT record based upon Googles mail servers:

    The Additional IPv4 addresses have been added using the CIDR format. (as seen below)

    So I done the following:-

    > nslookup -q=TXT _netblocks.google.com 8.8.8.8


    Reply

    Server: google-public-dns-a.google.com
    Address: 8.8.8.8

    Non-authoritative answer:
    _netblocks.google.com text =

    "v=spf1 ip4:216.239.32.0/19 ip4:64.233.160.0/19 ip4:66.249.80.0/20 ip4:72.14.192.0/18 ip4:209.85.128.0/17 ip4:66.102.0.0/20 ip4:74.125.0.0/16 ip4:64.18.0.0/20 ip4:207.126.144.0/20 ip4:173.194.0.0/16 ?all"


    Thanks
     
  2. misson

    misson Community Paragon Community Support

    Messages:
    2,572
    Likes Received:
    72
    Trophy Points:
    48
    When you write "cpanel", are you refering to the X10 cPanel, or the Google Apps control panel? Unfortunately, Google decided to give its product the same name as the existing cPanel, Inc's one, so just "cpanel" is ambiguous. Since you're using the X10 name servers, you should be using the X10 cPanel when creating DNS records.

    You can't and shouldn't do this, as the x10 name servers are already (and should be) set as the authoritative servers. The SOA record names the name server, not your domain.

    Note that you can use
     
  3. simon.evanz48

    simon.evanz48 Member

    Messages:
    32
    Likes Received:
    0
    Trophy Points:
    6
    Hi misson,

    Firstly, thank you for your reply.

    I hope now this all makes a bit of sense as trying to communicate technical information contextually can sometimes be a total nightmare and I hope that I did not repeat myself too many times nor come across as being patronising as this is not my intention.. So please bare with me as I step through and try to validate my thinking and possibly identify where I have gone wrong.

    Oh, and thanks for sharing your tips on 3rdparty SPF records. I agree this technique will prove to be a real time saver on my brains thinking power in times to come, cheers.

    With regards to not specifying which cPanel interface that I was referring to through each of my points, indeed I should have been more specific with regards to this. I am however referring to x10hosting cPanel as this is what I am using to configure my add-on domain. [wampbox.co.uk]

    I am "Trying" to correctly setup SPF using x10 cPanel. I did however, use Google's cPanel to generate the DKIM value/Key pair which in turn, was then added to x10 cPanel as a TXT record.

    I achieved this via "The Advanced DNS" section on x10 cPanel for the wampbox.co.uk domain name.

    The domain that I am currently setting up, and by this I mean, sorting out the DKIM & SPF record is for wampbox.co.uk.

    (wampbox.co.uk was added as an add-on domain to my account. My x10 Free hosting account was originally setup with the primary domain of pure.elementfx.com <- this domain is not being used for anything relating to the wampbox.co.uk domain)

    Question:

    Do I need to setup the SPF and DKIM TXT records on the pure.elementfx.com domain as opposed to including the TXT records on the wampbox.co.uk domain. I only say this as pure.elementfx.com is the primary domain for my account even though I am only trying to send mail through and really use the wampbox.co.uk domain ?



    ** Stepping through the instructions **

    - As explained in the instructions found on the Google Apps Control Panel > Gmail > Help Prevent Spoofing section setup page..

    I selected the domain that I wanted to generate a domain key for. [domain: wampbox.co.uk] it says in the Google cPanel Status: Authenticating email
    Generate New Record: Nothing changed here, still using the originally generated DKIM key/value pair from when I started this process
    I continued to use default option for the DKIM selector prefix: value was google.com
    This key/value pair information that was provided was what I included as a TXT record under x10 cPanel for the wampbox.co.uk domain. (as above in previous post)

    ---

    So, this is now where I am currently at with respect to setting up DKIM and SPF records.

    NB.

    I have also taken into account, and also given sufficient time to allow for full DNS propagation throughout the inet for all my settings. So this i believe is not an issue.

    Thanks for any help or assistance

    Simon
     
  4. simon.evanz48

    simon.evanz48 Member

    Messages:
    32
    Likes Received:
    0
    Trophy Points:
    6
    FIXED

    It looks like there was an issue with the additional IP blocks that are allowed for my domain. As mentioned earlier, I provided all the IP's found under the _spf.google.com records. which I added to the additional (IP4) blocks section. As soon as I tweaked these settings (removed them all except for x10 server IP address) and followed your advise and setup 3rdparty._spf.wampbox.co.uk now it all looks ok.

    No more errors

    Will be monitoring the situation closely and validating my setup in due course.

    But all looks ok.

    Thanks for help
     
Thread Status:
Not open for further replies.

Share This Page