Thank you! We're glad you found this video useful.

Thank you for the feedback!

Glad it was helpful!

Glad you found it helpful!

@@MDaemonTechnologies I also subscribed to you and activated alert and now I'm browsing your videos instead of working. HAHA. Another proof that good content works better than ?%//$ clickbait 😅

Thanks for commenting. Glad you found this tutorial useful! Brad - MDaemon Technologies

I agree ☝️

Glad you found it useful, Ersin! Brad

Thank you!

You got me curious! Can you make a video?

@@_m.a-x I've thought about it. I want to figure out how to manually calculate and verify a DKIM signature first.

Yes, while domain owners can set their preferred quarantine/reject policies in their own DMARC records, SecurityGateway administrators can override those preferences to handle those messages based on their own needs. Brad Wyro MDaemon Technologies

is that security gate way freetool

Thank you. I'm glad you found this video helpful! Brad - MDaemon Technologies

Thanks Stefan. Glad you found it useful! Brad

Glad you found it helpful!

Thank you!

Are you using a business email account? What application are you using? Are you referring to your email client? If you are sending mail through your ISP from an on-premise mail server, or via a hosted email service, many ISPs block transmission on the standard SMTP port - port 25. Do you know what port you're using for SMTP? Brad

Hello Max. I did some research on this and found that the recommend practices while deploying DMARC is to set your SPF policy to SOFTFAIL (~all) while your DMARC policy (p= tag) is set to p=none. Then, after you've had enough time to review your DMARC forensic & aggregate reports, set your SPF record to HARDFAIL (-all) and then, at that time, set your DMARC policy to p=quarantine or p=reject. - Brad

Thanks!

DKIM, SPF & DMARC are all implemented via DNS records, so they are not product-specific. If mail from your domain is sent from both Office 365 and Proofpoint, then both would need to be included in your domain's SPF record, and both would need to be able to sign outbound messages with DKIM. Your DMARC record would simply tell receiving servers how to handle messages that don't properly align with DKIM & SPF. Brad

SecurityGateway is software that runs on Windows. You can download it here: www.altn.com/Downloads/SecurityGateway-Free-Trial/ We also have hosted options, which you can learn about here: www.securitygatewayforemail.com/ If you need further assistance, I'll be happy to help. Brad

@@MDaemonTechnologies Thank you very much for quick response.

Hello Yusuf. You will need to first implement DKIM and SPF. You will need to publish a DKIM (public) key to DNS, and sign outbound mail with the private DKIM key on your mail server or gateway. For SPF, you will need to set up an SPF record in DNS that designates servers that are authorized to send mail on behalf of your domain. Once DKIM & SPF have been implemented, you can then create a DMARC record and then deploy DMARC. Here's a webinar I conduced that provides an overview of how to deploy DMARC. It's a few years old, but the same concepts still apply. kzfaq.info/get/bejne/rNh9gK6e3anRoac.html Brad Wyro MDaemon Technologies

MDaemon Technologies thank you

DMARC was designed to use both DKIM and SPF. If you've only implemented one or the other, then you could still use DMARC's reporting feature to receive aggregate & forensic reports indicating how your domain is being used. This article explains using DMARC with only SPF (and thus, it's the opposite scenario from what you're asking), but you may find some of its content helpful. dmarc.org/2017/03/can-i-use-dmarc-if-i-have-only-deployed-spf/

@@MDaemonTechnologies thank you

Hello Zanzhar. The message is not signed with anything that's publicly available in DNS. DKIM uses a "selector" to sign messages with the corresponding private key. The public key is there to provide the receiving servers performing DKIM verification (that have the emails containing the private key) something they can download and check against the private key, but those keys are not exact duplicates of each other, so a potential hacker can't simply take the public key from a signed message & use it to sign outbound messages. - Brad

@@MDaemonTechnologies wow thank you Brad for the answer! Didn't expect that it'll be so fast 😮 much appreciated!

@@sanzhar.danybayev You're welcome. Please let us know if you have any other questions! - Brad

@@MDaemonTechnologies now thanks to you everything is clear!

Yes, you are correct. It should be the name of your selector. I was just using DKIM as an example.

You could and should use both DKIM and SPF. Any server capable of forwarding mail on your behalf would need to be present in your SPF record either by name or IP.

Hello Aniket. I've created a tutorial video that explains the SPF record creation process. You can watch it here: kzfaq.info/get/bejne/b9ieZNeJr5yshZ8.html Brad