I’m just using this as a space to record changes to our DNS records as they pertain to email deliverability, specifically DMARC, SPF, and DKIM. I don’t think it will be useful for anyone else.
Change Log:
- 3/13/2024: added FACTS SPF and DKIM to the sis.lincolnlutheran.org subdomain. This is the domain they will send email through.
- 2/26/2024: removed FACTS from SPF as this took us over 10 SPF lookups, and we are not actually using it yet. Not sure what I’ll do when we start using it.
- 2/26/2024: removed +A from SPF record. A record points to Apptegy, and all mail from Apptegy actually comes from SendGrid, which is already in the SPF record.
- 2/26/2024: Added 3 DKIM records for Apptegy. Sendgrid was already in SPF, so no changes there.
- em1052.lincolnlutheran.org. 14400 CNAME
u345601.wl102.sendgrid.net - s1._domainkey.lincolnlutheran.org. 14400 CNAME s1.domainkey.u345601.wl102.sendgrid.net
- s2._domainkey.lincolnlutheran.org. 14400 CNAME s2.domainkey.u345601.wl102.sendgrid.net
- em1052.lincolnlutheran.org. 14400 CNAME
- 2/26/2024: Started Change Log
To Do:
- Use the Dmarcian SPF Surveyor tool to see which of our SPF includes are actually authenticating any emails. It looks like only the Google entry is actually authenticating any. 2/26/2024
- Change MailGun, SendGrid, and Emma to use subdomains to send email. Also, figure out how to do this. 2/26/2024
SPF Entry:
v=spf1 a include:_spf.google.com include:_spf.mailgun.org include:_spf.eu.mailgun.org include:sendgrid.net include:e2ma.net include:spf.renweb.com ip4:158.106.138.2 ~all
- [a] I might not need this. The A record for lincolnlutheran.org points to Apptegy, and I don’t know if they send any emails from that IP address.
- [include:_spf.google.com] Google manages our actual email accounts. DKIM is also setup for Google, and seems to validate at a higher rate than SPF.
- [include:_spf.mailgun.org include:_spf.eu.mailgun.org] Mailgun is the provider of bulk emails from PowerSchool. This is the same as include:mailgun.org, but gets me one fewer SPF entries.
- [include:sendgrid.net] SendGrid is the bulk email provider for Apptegy (emergency alerts) and Bloomerang (development) DKIM is setup for for both of those.
- [include:e2ma.net] Emma is used by Peg to send social media and email blasts. DKIM is setup for Emma.
- [include:spf.renweb.com] This is the entry for FACTS. DKIM is setup for FACTS.
- [ip4:158.106.138.2] This is the IP address of the server that all of our other things are hosted on. These would mostly be alert or logging type emails. This one isn’t working for all emails yet.