DKIM and SPF records Question

[David Henry]

When a customer adds a domain, MZ generates SPF and DKIM settings that we need to add in the domain's DNS zone.

The question is:
1. The error of (Unable to find proper TXT record for your domain name, if you just added the records please wait for them to propagate) come when the server fails to find the DKIM record only or both (SPF and DKIM)? I do understand that it takes 48 hours for DNS to propogate and all.

2. Do we need to add the SPF records generated by MW only as a TXT record or can we make our own SPF and add them as a TXT record? Will this affect the DNS verification issue as mentioned in Q1?

3. Lets say, Q2 is affirmative and a requirement for SPF by MW that the same record should be entered, else Q1 issue will occur. So how should we go about SPF in this scenario, mentioned below:

"MW is hosted on some other server, this server is only used for sending transnational e-mails only. We have another server (server2) (VPS with VestaCP, IP: 142.xxx.xx.xxx, domainname.com). We add this server 2 in MW (server1). Add server2 as the sending domain.

We have verified server2 as an SMTP and its all good.
When we are trying to verify sending domain, it shows a different SPF record, which includes server2 ip, server1 ip as IP4 and server1 domainname.

E.G v=spf1 mx a ptr a:mail.domain1.com a:142.xx.xxx.xx a:domain1.com ip4:162.xxx.xx.xx ~ all

162 (server1, domain1 IP) (MW installed on this server)
142 (server2, domain 2 IP) (using to send e-mails via MW as platform provider)

In near future, if some one adds their own SMTP, this means the SPF record will get bigger and bigger?

Last stupid question. Do we need to add SPF with "" or without "".
Thank You very much in advance for answering this.

 

[twisted1919]

@David Henry

1. The error of (Unable to find proper TXT record for your domain name, if you just added the records please wait for them to propagate) come when the server fails to find the DKIM record only or both (SPF and DKIM)? I do understand that it takes 48 hours for DNS to propogate and all.

Just DKIM.

2. Do we need to add the SPF records generated by MW only as a TXT record or can we make our own SPF and add them as a TXT record? Will this affect the DNS verification issue as mentioned in Q1?

You can use your own SPF records and add what mailwizz recommends.

Now, keep in mind that you don't have to add sending domains in mailwizz thus you don't have to use mailwizz's generated DNS records (DKIM/SPF). Mailwizz offers these in case your providers don't do it but most of providers will offer this, i.e: SPF records will be automatically created most of the time and your smtp server will most likely sign your email with DKIM.

Last stupid question. Do we need to add SPF with "" or without "".

Without.

 

[frm.mwz]

When a customer adds a domain, MZ generates SPF and DKIM settings that we need to add in the domain's DNS zone.

They will have to add it to their domain's DNS records.

1. The error of (Unable to find proper TXT record for your domain name, if you just added the records please wait for them to propagate) come when the server fails to find the DKIM record only or both (SPF and DKIM)? I do understand that it takes 48 hours for DNS to propogate and all.

You get that error if the records are wrong, or, when they are not propagated. That is why you can use propagation tools to see, if they are already propagated (and still wrong).

2. Do we need to add the SPF records generated by MW only as a TXT record or can we make our own SPF and add them as a TXT record? Will this affect the DNS verification issue as mentioned in Q1?

MWZ gives you a hint, but you can design them as you wish, provided they contain all they need to contain.

3. Lets say, Q2 is affirmative and a requirement for SPF by MW that the same record should be entered, else Q1 issue will occur. So how should we go about SPF in this scenario, mentioned below:

"MW is hosted on some other server, this server is only used for sending transnational e-mails only. We have another server (server2) (VPS with VestaCP, IP: 142.xxx.xx.xxx, domainname.com). We add this server 2 in MW (server1). Add server2 as the sending domain.

See above. Also, read up what SPF and DKIM are for. In short, spf is forward confirmation, ie. this IP is allowed to send on someone else's (before) behalf. DKIM is for the mailer being able to sign each email.

We have verified server2 as an SMTP and its all good.
When we are trying to verify sending domain, it shows a different SPF record, which includes server2 ip, server1 ip as IP4 and server1 domainname.

See above, once you understand how each works, it will be totally clear. Ask yourself, for what do I need this record, or where do I use this domain? Then you will know which spf or dkim to use where.

v=spf1 mx a ptr a:mail.domain1.com a:142.xx.xxx.xx a:domain1.com ip4:162.xxx.xx.xx ~ all

This fine and you can perhaps even simplify if some of the records are the same (e.g. a domain having the same IP as a mentioned IP).

162 (server1, domain1 IP) (MW installed on this server)
142 (server2, domain 2 IP) (using to send e-mails via MW as platform provider)

You can easily do that, just add the records where they are needed.

In near future, if some one adds their own SMTP, this means the SPF record will get bigger and bigger?

See above, clients need to add their own in their own dns records.

Last stupid question. Do we need to add SPF with "" or without "".

This depends on the platform you put it in, but normally without.

It might be useful if you take a few moments and look at a few examples, e.g. at sendgrid or sparkpost.

 

[David Henry]

sendgrid or sparkpost.

I did and they were different than MWZ SPF. Even saw some videos and each of them had a different point. Therefore, it was confusing.

Anyways, Thank You for the answers. It cleared many doubts. Thanks again.

 

[frm.mwz]

they were different than MWZ SPF

Of course, the specifics are different, it is to learn from the structural/systematic parts

saw some videos and each of them had a different point.

Hopefully, otherwise it would be repetitive

You find also instructions re spf and dkim in the 'guides to mailwizz' section on the forum, I think this one has a link to it: https://forum.mailwizz.com/posts/20504
or this one: https://forum.mailwizz.com/posts/19013

Just play with it and you will get the hang of it

 

[David Henry]

Thanks

 

[David Henry]

@twisted1919 Sorry. I have another question. This one is spinning me around and around.

1. I have a dedicated VPS with many domains. Out of them, on one domain, I have installed mailwizz on it. (lets name it domain1.com)
2. Now I have another domain name (domain2), added on the same VPS, but under a different Dedicated IP and have made a separate account for it. This one should be totally different and has nothing to do with domain1.com)
3. I am using domain2 (which has its own dedicated IP address) as a mailing server. I have setup the server in MWZ and its all good. The emails are going through and through.
4. The SPF are all good, but the DKIM is the main problem for domain2.

Here is the question:
I have attached the image and it maybe complicated. Sorry for that. (too many arrows and all). When I send en email, it lands in junk. I go to the source of the message as told by you. The results are attached in the image.






1. It shows me invalid DKIM key, even though the domain is verified in MWZ sending domain area.

2. There is no e-mail address shown in "header i=@domain2.net".

3. The sender e-mail address is good and the receiving one is also good.

4. The IP shown is where the MWZ is hosted at the moment, where as the server I am using has a different IP address (162.xxx.xx.153)

5. Why is sending from server.domain1.co.uk, when I have selected a different server for e-mail sending via MWZ. The server is verified and all good to go.

6. Do I need to add the DKIM settings in the main domain as well? Like where the MWZ is hosted or where this server.domainname.co.uk is located?

I am kind of lost in this loop of the emails are going to spam and sending sever is showing different than the one from the email is sent.

Any help would be appreciated. Thanks

 

[twisted1919]

This means, mainly, that google didn't find your dkim key in the dns records.
How long ago did you add the dns records ?

 

[David Henry]

How long ago did you add the dns records

Its not long. I will wait for the right time. One the DNS is updated, the IP and everything will be updated? Thanks

 

[Carlos Franco]

seems like a miss configuration.... your server is sending those emails only from the main IP then the DKIm configuration brokes

 

[David Henry]

Yup seems to be something up with the server. It shouldn't be doing this as all the things are different. I will try to change the server for MWZ and see because the hosting provider support is very limited and they dont provide a good support.

 

[Carlos Franco]

Ok be sure that you can send from two diferent ips as you configured,

Then be sure MWz is well configured with new license for two domains..


Everything should works fine as you did with your Main domain ...

 

[David Henry]

MWz is well configured with new license for two domains

Do I need to buy MWZ license again? Didnt quite got your point.

two diferent ips as you configured

I can send from each IP, But there seems to be an issue from server's end.

Thanks

 

[frm.mwz]

Do I need to buy MWZ license again? Didnt quite got your point.


I can send from each IP, But there seems to be an issue from server's end.

Thanks

Re licenses (and other things), just search the forum or the KB.
Re issues, it seems it is all in your settings, not the server's fault, so start with simple steps, like testing phpmail from your own server, then with a provider like sendgrid and their help files, and you might learn it, and can do it forever on your own

 

[Carlos Franco]

I have one license for each project, so one license per domain

 

[David Henry]

Thank you every one. Moved to a new server with a new IP and the issue seems to be resolved. The SPF is good and DKIM as well.

 

[Macguiver89]

Hi.

I realize this might be an old post.

When I use mail-tester it says my spf and dkim records are not valid. Generated from mailwizz. Does anyone know how to get the dkim and spf records to show up as valid?

Valid isn't the correct word. But it effects the spam score

 

[twisted1919]

It takes up to 72 hours for the DNS records to fully propagate, maybe that's the issue and you just have to wait more?

 

[Macguiver89]

I do doubt that. But it could be the case.

Do you know any other way of generating SPF and DKIM records?

 

[twisted1919]

Do you know any other way of generating SPF and DKIM records?

There are plenty generators if you google this, you will find plenty.
But keep in mind, you will need DKIM in mailwizz only if your smtp server does not sign the emails with dkim. Otherwise, there's no need for this in mailwizz. As for SPF, MailWizz generates a suggestions list, it's up to you to add them properly.