How to Set Up/Modify SPF for Symantec
The following description addresses how to update a Domain Name Service (DNS) record to use SPF with your custom domain in Symantec.
To utilize a custom domain, the Symantec provider requires an SPF TXT record be added to the DNS record. This TXT record is then used by DNS to recognize email servers allowed to send messages on behalf of your custom/third-party domain. To determine whether a correspondence from the specified domain comes from an authorized messaging server, the recipient system relies on the implemented SPF TXT record. At that point, the message is either accepted, quarantined, or rejected by the email receiving system.
To implement SPF authentication for your domain, you will need access to your DNS records in the domain hosting account. Important: If you already have an SPF record, then you should modify that existing record. You must not have more than one SPF record.
For convenience, be sure to log in to your Symantec account to verify your domain and copy your TXT records. Symantec utilizes an include mechanism during the set-up process. For example, if you do not have an SPF record on your domain, the following scenario is the most common and would pass SPF:
v=spf1 include:spf.messagelabs.com ~all
If you do already have an SPF record on your domain, simply add the following to it:
include:spf.messagelabs.com
To create an SPF record for your domain name, follow these steps:
1. Log in to your domain host account
2. Navigate to your domain host’s DNS/Name Server management page
3. In TXT Value field, create a TXT record with the following specifications:
v=spf1 include:spf.messagelabs.com ~all
4. Decide how you want to enforce SPF failures:
~all results in a soft fail (not authorized, but not explicitly unauthorized)
-all results in a hard fail (unauthorized)
?all is neutral (similar to no policy)
As shown above, enter your choice after v=spf1 include:spf.messagelabs.com
5. Click Save
How to Set Up/Modify DKIM for Symantec
You can enable DKIM for your domain from Symantec’s control panel after creating the required TXT record in your domain’s DNS manager. The DKIM configuration includes the following steps:
1. Create a domain key
2. Enable DKIM signing for specific domain
3. Generate DKIM TXT record from domain key
4. Store domain key in DNS
As a user of this outbound email provider, Symantec customers are afforded DKIM signing because it supports that mechanism. By utilizing Symantec’s self-service portal, you can manually set up DKIM at your convenience via TXT records mentioned above. Overall, this Symantec product provides beneficial components (e.g., DKIM signing, custom DKIM records, self-service set up with TXT records) that result in a streamlined process.