Atlassian SPF, DKIM, DMARC Configuration - Authenticate Email Domain

Atlassian SPF, DKIM, DMARC Configuration - Authenticate Email Domain

October 17, 2024

How to Setup Atlassian SPF, DKIM, and DMARC Records for Domain Authentication?

The email inbox service providers (ISPs) require proof that you are who you say and your emails are safe to open. That's where domain authentication comes in.

By authenticating your sender email domain, the ISPs recognize you as a legitimate source and flag your emails as spam.

SPF, DKIM, and DMARC are commonly used authentication protocols. They ensure that your emails are not forged in transit and your domain is not used by scammers.

You can obtain these DNS records from an authorized platform like Atlassian. This post will guide you on how to setup the Atlassian domain authentication records (SPF, DKIM, DMARC, and Bounce records) in your DNS provider. Read till the end to learn all the ins and outs of email authentication.

Add your Domain in Atlassian:

Before sending emails, add your domain to Atlassian and setup the verification records in your DNS provider.

  1. At the dashboard, click the menu icon and go to Administration.

  2. Open Settings and go to the Domain tab in the left navigation menu.

  3. Here, click Verify Your Company Domain.

  4. Click Next, and you will land on the domain verification record page. Add this record to your DNS provider.

Setup the Verification Record in DNS provider:

  1. Login into your DNS provider and click your domain.

  2. In the DNS tab, click Add Record.

  3. Select type TXT.

  4. In the Name field, write "@."

  5. Copy the verification value and paste it into the Content field.

  6. Lastly, click Save.

Verify the Domain:

  1. Return to Atlassian and click Verify Domain.

  2. Wait for the DNS record to propagate.

  3. When the domain is verified, you will see the Active status highlighted in green.

Configure Atlassian SPF, DKIM, Bounce, and DMARC Records:

  1. Head to the Email tab and click Add Domain.

  2. Write your domain name and click Next.

  3. Next, you get DKIM, Bounce, and Domain verification records.

  4. Add these records to the DNS provider.

Setup Atlassian DKIM and Bounce Record in DNS Provider:

  1. On your DNS dashboard, select type CNAME.

  2. Copy the Record Name from Atlassian and paste it into the Name Field of your DNS dashboard.

  3. Copy the Record Value and add it to the Target Field.

  4. Disable Proxy and click Save.

NOTE: Turning off the proxy toggle for every CNAME record is important. When enabled, it diverts the traffic to your DNS server instead of your email server. This can cause authentication issues.

Setup Atlassian SPF Record in DNS Provider:

  1. Select the record type TXT.

  2. In the Name Field, write @.

  3. In the Content Field, add the following SPF value: v=spf1 include:spf1.atlassian.com include:spf3.atlassian.com ~all.

  4. Click Save.

What to do if there are multiple SPF records?

Having more than one SPF record for a single domain can cause conflicts, and one will stop working. If your domain already has SPF records from any other source, merge it with the Atlassian SPF record.

  1. For merging, use the SPF merge tool.

  2. Add your domain name and Atlassian SPF value.

  3. Click Merge SPF Values.

  4. The tool detects your current SPF value and merges it with the Atlassian SPF.

  5. Copy the merged value and add it to your DNS provider.

Verify Records:

  1. After adding the DKIM, Bounce, and verification records, click Run DNS Records Check.

  2. Wait for a while till servers update the DNS changes.

  3. When records are verified, you will see green checkmarks with each record.

Setup Atlassian DMARC Record:

To implement a strict DMARC policy, go to the DmarcDkim.com DMARC check tool. It guides you through every step of setting up your DMARC policy and gives you actionable insights into DMARC reports.

  1. Open the DMARC check tool.

  2. Add your domain name and click Check.

  3. Copy the Suggested DMARC value and add it to your DNS provider.

  4. Sign up for the tool to get actionable insights into DMARC reports.

After adding all records, wait 24 hours for the records to get verified. If DNS authentication doesn't happen after 24 hours, it points to a potential misconfiguration in your DNS setup.

To troubleshoot the domain authentication issues, contact the DmarcDkim.com expert.