Overview
You would like to know how to set up SPF, DKIM, and DMARC for Emails being sent from Jive, or you would like to request the correct DNS settings for SPF or DKIM.
SPF, DKIM, and DMARC are all ways to ensure that any mail servers which send out an email for your domain are truly authorized to do so. When correctly set up, all three will minimize the incidence of your email domain name being used in spam and phishing attacks, and also maximize proper email delivery to the intended recipient.
This article has been written to assist you in setting up your Jive installation to be able to utilize these email security measures.
Solution
These steps need to be performed by the person or team who is responsible for managing your organization's email security configuration.
Setting up SPF (Sender Policy Framework)
SPF is a DNS TXT record that specifies which IP addresses and/or servers are allowed to send email “from” a particular domain. The process is different for Cloud and Hosted:
How to Configure SPF For Jive Cloud
To update an existing SPF record:
Login to your DNS management console. If you already have an SPF record for your specific email domain name, then you will need to include the Jive Cloud email servers.
-
For example, if your current SPF record was:
"v=spf1 include:_spf.google.com ~all"
-
For US Customers, you’d then insert the following:
ip4:204.93.64.116 ip4:204.93.64.117 ip4:192.250.208.112 ip4:192.250.208.113 include:sendgrid.net
-
Your final record would look like:
"v=spf1 ip4:204.93.64.116 ip4:204.93.64.117 ip4:192.250.208.112 ip4:192.250.208.113 include:sendgrid.net include:_spf.google.com ~all"
-
For EU Customers, you’d insert the following instead:
ip4:204.93.80.116 ip4:204.93.80.117 ip4:204.93.95.57 include:sendgrid.net
-
Your final record would look like:
"v=spf1 ip4:204.93.80.116 ip4:204.93.80.117 ip4:204.93.95.57 include:sendgrid.net include:_spf.google.com ~all"
How to Configure SPF For Jive Hosted
Login to your DNS management console. If you already have an SPF record for your specific email domain name, then you will need to include the Jive Hosted email servers in the SPF record.
-
For example, if your current SPF record was:
"v=spf1 include:_spf.google.com ~all"
-
For both US & EU Customers, you’d then insert the following:
include:sendgrid.net include:spf.jivesoftware.com
-
Your final record would look like:
-
"v=spf1 include:sendgrid.net include:spf.jivesoftware.com include:_spf.google.com ~all"
Note: The entry include:sendgrid.net is not strictly needed for Jive Hosted customers, but is included here in case you are a Jive Cloud customer wanting to setup DKIM (read more about this below). Once Jive Support has set up DKIM and it's all working ok, you can remove the reference to sendgrid.net.
Setting up DKIM
DKIM is an acronym for “DomainKeys Identified Mail”, otherwise known as “email signing”. It relies on electronic keys; a private one, which resides on the sending mail server (with the Jive Infrastructure Operations team), and a public one held in a special DNS server record.
Since a DKIM record can be used for multiple external providers, each one is assigned a pre-agreed string called a "selector" (a sort of distinguished name).
- Request creation of DKIM Keys/Entries
- Update TXT Records - Jive Hosted Instances
- Update CNAME Records - Jive Cloud Instances
Request creation of the DKIM keys / entries
In order to configure DKIM, you first need to request a new DKIM public key (for Jive Hosted) or DKIM CNAME Records (for Jive Cloud). To do this, contact us to receive assistance from ATLAS. If it's not able to assist, then it will create a ticket for you on which you can provide the below information:
-
The email domain (typically this is the same email domain used for the Server Admin Email setting in Admin Console > System > Settings > Email Server).
- Note: If you are a Cloud Customer, you will not have access to the above setting. You can simply mention this on your support ticket. Customer Support will be able to get this information for you, via the backend.
-
The "selector" - a simple identifier that can be anything, even something as simple as "jmx". The selector has to be exactly 3 characters long.
Our Jive Infrastructure Operations team will perform the implementation on the Jive side and your assigned support agent will provide you the entries that you need to add to your domain's DNS record.
Update TXT Records - Jive Hosted Instances
Field 1: TXT record Hostname or Name
Most DNS management consoles will require you to enter a hostname or name in the first field of the TXT record. If the selector you requested is "jmx", then combine this with suffix prefix ._domainkey, and enter to the field like so:
jmx._domainkey
Field 2: TXT record Value
In the second field of the TXT record (usually referred to as the Value field), enter the public key, which your support agent will provide to you. Below is an example:
"k=rsa; t=s; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDDmzRmJRQxLEuyYiyMg4suA2Sy MwR5MGHpP9diNT1hRiwUd/mZp1ro7kIDTKS8ttkI6z6eTRW9e9dDOxzSxNuXmume60Cjbu08gOyhPG3 GfWdg7QkdN6kR4V75MFlw624VY35DaXBvnlTJTgRg/EW72O1DiYVThkyCgpSYS8nmEQIDAQAB"
Problems with longer keys
The DKIM public keys issued by Jive Support are 1024-bit by default, but you can request a 2048 bit key, which will result in a much longer text string. When you try to enter the key to the value field in the TXT DNS record, you may run into this error:
Contiguous strings may not be longer than 255 characters.
To work around this, break the string up with double quotes into lengths of less than 255 characters in a text editor, like in the example below, and re-enter the value to the DNS record.
"v=DKIM1; k=rsa;""p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7jLS6S0MF4kJFyJOyE4Tm/Dv583oUGkUjbBa9CXWLrP4IYoamSrTqBiOQuXsbKw0yCObgDrJ844hH+yIFlTkw0FlKx/B706fEGPr7DL8L6mdicqZX1fbVqLs7GsX9OE0FOm1rUsr/eHQPug4""F2JQ5yNDtjK0Jt07pYEpf6wWxY0HMNtq4oKwU3MBwgfsVx9XsxdDYMvs0vtVR2WQD1LAxgL20hWOPtZZ6QwhZhBFpHOuiN4WACSnGDtZhHE6Mxwy642eImQtsFjnJrIe1t0HT/dP2r5B7ptkk8ZgLbH8eiI2VY7GIV7g58sJTL86xvkYLrMXcWjow2L2Ho+MKivmawIDAQAB"
Update CNAME Records - Jive Cloud Instances
The Jive Customer support agent will provide you CNAME entries that look like the ones below:
Please follow the instructions from your DNS hosting provider to add the above entries for your domain. Instructions for some popular providers are listed below:
How to Check DKIM and SPF Configuration?
Please refer to the article on Checking DKIM and SPF Configuration for a Domain.
Setting up DMARC
DMARC is an acronym for “Domain-based Message Authentication, Reporting, and Conformance”. It’s an email authentication, policy, and reporting protocol that’s built around both SPF and DKIM.
Once you have configured SPF and DKIM, then setting up DMARC is relatively straightforward and does not involve any configuration on the Jive side, and it is outside the scope of the Jive Support team.
In practice, it consists of an additional DNS record that defines the rules for the processing of emails for a specific domain, including reporting on any errors encountered with either SPF or DKIM, as well as the IP addresses of servers used to send email from your domain name, and so on.
We recommend you to start from the official DMARC website, and ask your IT Operations team to implement the DMarc framework.
Comments
0 comments
Article is closed for comments.