This instructional article will demonstrate the NetSuite configuration process of Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM) Signatures to ensure NetSuite passes the DMARC alignment check and eliminates spam from your domain and increases security.
The SPF record identifies the mail servers and domains that are allowed to send email on behalf of your domain. The DKIM record, on the other hand, is a specially formatted DNS TXT record that stores the public key the receiving mail server will use to verify a message’s signature. These email authentication methods will be used to prove to ISPs and mail services that senders are truly authorized to send email from a particular domain and are a way of verifying your email sending server is sending emails through your domain.
The process of configuring SPF
To establish SPF authentication for NetSuite, it’s important to note that NetSuite encompasses two distinct services: Email Infrastructure and Tax Infrastructure.
For further details regarding SPF configuration for these services, kindly refer to the table provided below:
| Infrastructure Name | SPF Value |
| Tax | include:sent-via.netsuite.com |
| include:mailsenders.netsuite.com |
- Login and head to your DNS Zone provider
- Create a new TXT record
- Input the DNS name as @ or your domain name
- Input the DNS value as v=spf1 include:mailsenders.netsuite.com ~all
Note: Based on the infrastructure you use, please make sure to include the correct SPF Value.
- Save the record
- Wait up to 72 hours to allow your DNS to process the changes
The screenshot below will show you an example of the SPF record. We’ll be using CloudFlare for this example.
Important Note: Each domain must have only one SPF TXT Record. If you have multiple SPF Records, SPF will return a PermError.
If you are using multiple IPs, ESPs, Third-Party services for your various email strategies, you should include them in a single SPF Record.
E.g v=spf1 ip4:18.57.156.221 include:sent-via.netsuite.com include:thirdpartyservice.com ~all
The process of configuring DKIM
In order to authenticate NetSuite on DKIM, please follow these steps
- Go to Setup > Company > Email > Email Preferences.
- Click on the Domain Keys.
- In the Domain Selector field, enter the first domain selector.
- In the Domain Name field, enter your domain name
- Click Generate Key Pairs to generate the DKIM keys
- Click Generated DNS Entry
7. Head to your DNS zone
8.Create a new TXT record
9.Input the data based on the format below with your generated keys: Name: [selector]._domainkey
Note: Enter the Domain Selector name you entered in NetSuite with the ._domainkey suffix as the DNS record. For example, if you entered dec2023-netsuite in the Domain Selector field in NetSuite, at your domain provider, you would enter dec2023-netsuite._domainkey
Value: Paste the value you have generated after clicking the Generated DNS Entry
- Save the record
Note: Please repeat the process in case you have another DKIM keys generated from the section 8 to 10.
The screenshot below will show you an example of the DKIM record. We’ll be using CloudFlare for this example.
In order to check and verify your DKIM keys, please follow these steps:
- Head to your NetSuite dashboard
- Head to Setup > Company > Email > Email Preferences
- Click on Domain Keys and click on a row to edit the selector for the domain or subdomain.
- Click on Active
5.Click on Save
6.Click on Verify DNS Entry and make sure your DNS Entry for DKIM is verified
Congratulations, you now successfully authenticated your outgoing mail stream from NetSuite with SPF and DKIM.
We’re glad you joined EasyDMARC newsletter! Get ready for valuable email security knowledge every week.
You’re already subscribed to EasyDMARC newsletter. Continue learning more about email security with us