Setting up sender authentication for outbound mail

Outbound sender authentication helps mail servers that are outside of your organization to detect when they receive messages that have forged email addresses or header information that appear to come from your domains.
Sender authentication for outbound mail requires changes to your DNS records that are outside the scope of SMG operations. The outbound setups in the following table describe what you need to do to set up sender authentication for outbound messages.
Outbound steps for sender authentication
Sender authentication method
Outbound implementation steps
(Enable receivers to detect spoofed emails from your domain)
SPF
Create a DNS record to provide proof of your domain ownership. Refer to resources on the internet such as SPF_Record_Syntax if you need instructions.
Sender ID
Create a DNS record to provide proof of your domain ownership. Refer to resources on the internet if you need instructions.
DKIM
  1. On the
    Administration > Settings > Certificates > Domain Keys
    tab, add or import a domain key.
  2. On the
    Protocols > Domains > Add or Edit Domain > Delivery
    tab, enable
    DKIM signing
    .
  3. Also on the
    Protocols > Domains > Add or Edit Domain > Delivery
    tab, click
    Generate
    to generate a DKIM DNS text record. This operation provides the correct DNS TXT record content and syntax.
  4. Manually copy the generated DKIM DNS text record into your DNS records for the domain.
DMARC
  1. Enable DKIM signing for the domain, as described above.
  2. Add the DMARC resource records to your DNS records for the domain.
For more information, including the DMARC resource record syntax, visit . You can also find a general procedure for implementing DMARC in the dmarc.org FAQ "FAQ#What_steps_should_I_follow_to_implement_DMARC_on_my_corporate_email_domain.3F"
Symantec Email Fraud Protection is a cloud service that helps customers implement the DMARC standard to prevent attackers from spoofing their domain names. Email Fraud Protection is offered as an add-on for Symantec Messaging Gateway. Customers who purchase the service point their DMARC, SPF, and DKIM records to the Email Fraud Protection platform, which responds to authentication requests in real time and ensures that email sent using the customer’s domain name is authorized. For information about how Email Fraud Protection works, see the service’s online help at FRAUD_PRO?locale=EN_US.