Goal
- Protect users from fraudulent or spoofed emails,
- Improve the deliverability of legitimate emails (newsletters, confirmations, alerts),
- Strengthen the reputation and reliability of the sending domain,
- Reduce the risk of emails being classified as spam,
- Comply with the requirements of major email providers,
- Monitor emails sent with the domain name.
Implementation
For each domain used to send emails:- SPF: Add a TXT record to the domain's DNS listing the servers authorized to send emails for that domain.
- DKIM: Configure cryptographic signing of emails sent via a private key, and publish the public key in the domain's DNS.
- DMARC: Define a policy (none, quarantine, reject) and specify a return address for reports via a DNS record.
Control
For each domain used to send emails:- Use DNS configuration testing tools (e.g., https://mxtoolbox.com, https://dmarcian.com),
- Check that SPF, DKIM, and DMARC records are present and correctly configured,
- Analyze the headers of received emails to confirm that signatures are being applied correctly,
- Ensure that the policies defined (particularly DMARC) are consistent with the site's sending practices.
Discover Opquast training and certification
The objective of these rules and the Opquast community mission is ‘making the web better’ for your customers and for everyone! Opquast rules cover the key major areas of risk that can negatively affect website users such as privacy, ecodesign, accessibility and security.
Opquast training has already allowed over 19,000 web professionals to have their skills certified. Train your teams, contact us
We offer a 1 hour free discovery module.