How to configure SPF, DKIM and DMARC to validate emails sent from DEV@Cloud with your e-mail domain

Issue

Several e-mail verification schemes like SPF, DKIM, DMARC exist to help prevent e-mail abuse such as spam or phishing. These schemes verify that e-mails from a given domain mycompany.com are sent from an authorized set of SMTP servers.

Problems arise as Jenkins can be configured to send e-mails as a developer/committer e-mail like someone@mycompany.com.

However, if you have activated SPF, DKIM, or DMARC these e-mails may be classified as spam or blocked completely because they aren’t sent from a SMTP server authorized by your domain but from our DEV@cloud platform.

E-mails sent by Jenkins on DEV@cloud platform are using the SendGrid service.

In this article, we will explain how to allow emails sent by Jenkins with an address from you domain mycompany.com to be authorized by SPF, DKIM, and DMARC controls.

Environment

Resolution

SPF

To allow e-mails sent from SendGrid with SPF you have to add/update your DNS entry for SPF by adding include:sendgrid.net in it. For example, if you are already authorizing e-mails from mycompany.com to be sent from Google and your MX servers you will have something like:

mycompany.com.  TXT  "v=spf1 mx include:aspmx.googlemail.com include:sendgrid.net ~all"

DKIM

To allow e-mails sent from SendGrid with DKIM you have to add a CNAME entry in your DNS configuration to find the domain key on our side

s1._domainkey.mycompany.com. 3600 IN CNAME s1._domainkey.cloudbees.com.

DMARC

DMARC is based on result of SPF and DKIM and adds more controls like the ability to reject emails which didn’t pass these controls. You have no additional setup to do, you just need to ensure that SPF and DKIM controls are passing.

Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.