DNS

To prevent your mailserver from being recognized as spam, you should add all necessary DNS records like SPF, DMARC and DKIM. Please note that you will have to adapt our recommendation to your needs. This applies in particular if another mailserver also sends emails from your domain. To test whether your DNS records are correct, you can use tools such as mail-tester.com.

Recommendation

The following DNS example contains all the necessary DNS records.

# Name            Type      Value
                  IN MX     10 mail.example.com
                            #│   └─> Hostname of the mailserver
                            #└─> Priority of the mailserver

                  IN TXT    v=spf1 mx -all
                                   #│   └─> reject all mails from other servers
                                   #└─> allow mails from mailserver listed in MX record

_dmarc            IN TXT    v=DMARC1; p=reject
                                        #└─> reject all mails that fails SPF or DKIM test


dkim._domainkey   IN TXT    v=DKIM1; k=rsa; t=s; s=email; p=YOURKEY
#│                                                          #└─> Public Key of the DKIM key
#└─> Selector, depends on the key                           #    See below how to generate a DKIM key
#    you created (default: dkim)

Warning

Please make sure to include all other servers in your SPF record that should be able to send emails from your domain.

Generate DKIM Key

Generate a new key for this domain through the Mailcow webinterface. Use the following settings:

Domain: example.com
Selector: dkim
DKIM key length: 2048 bits
create dkim key