SPF and DKIM records setup guide for your DNS


You need to install opendkim for postfix on your vps server.

Centos server you can find this article http://blog.sunsaturn.com/linux/dkim/dkim-and-postfix-setup-on-centos-6-3/


Install EPEL repository:
64 bit:

rpm -Uvh http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-7.noarch.rpm

32 bit:

rpm -Uvh http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-7.noarch.rpm

Install DKIM:

yum install opendkim

export domain=YOURDOMAIN.com

mkdir /etc/opendkim/keys/$domain

cd /etc/opendkim/keys/$domain

opendkim-genkey -d $domain -s default

chown -R opendkim:opendkim /etc/opendkim/keys/$domain

echo “default._domainkey.$domain $domain:default:/etc/opendkim/keys/$domain/default.private” >> /etc/opendkim/KeyTable

echo “*@$domain default._domainkey.$domain” >> /etc/opendkim/SigningTable

vim /etc/opendkim/keys/$domain/default.txt //copy thoese words into your defaut._domainkey.YOURDOMAIN TXT record likethis:”v=DKIM1; k=rsa; p=MIGfMA0Gwewe”

You can check this on http://dkimcore.org/c/keycheck// selector is default, you will find this “This is a valid DKIM key record”


change to:
Mode sv
uncomment everything except KeyFile

Configure Postfix

vim /etc/postfix/main.cf (add following)

smtpd_milters = inet:
non_smtpd_milters = $smtpd_milters
milter_default_action = accept
milter_protocol= 2

echo “” >> /etc/opendkim/TrustedHosts

echo “1127.0.0.1” >> /etc/opendkim/TrustedHosts

echo “YOURDOMAIN.NAME” >> /etc/opendkim/TrustedHosts

service opendkim restart

service postfix restart

chkconfig opendkim on

sent a email: echo “DKIM Test” | mail -s “DKIM Testing” [email protected] //(you can yum install mail if not exit)

DKIM is over.


next will will use “domain.com” and your Server IP “” and IPV6 “1600:3c83::f13c:61ff:fe73:8eca” as a example:

1.setup your SPF record:

You need to add a spf and txt records like this:


TXT: domain.com v=spf1 mx a ip4: ip6:1600:3c83::f13c:61ff:fe73:8eca/64 include:othermailservice.com -all

next is a example of cloudflare dns setting

You can use SPF Record Testing Tools to check your setting:

you can sent a mail to Gmail to check your DKIM, if it is “Authentication-Results: mx.google.com; spf=pass dkim=pass “, your setting is right, if your mail was in Spam Box or DKIM is “dkim=neutral (no signature)” or not pass, you need to ckeck it out.