Toggle menu

Email Security - Using DKIM and SPF Records

DomainKeys Identified Mail(opens new window) (DKIM) and Sender Policy Framework(opens new window) (SPF) are two recommended ways to strengthen email security that can be implemented for the services you host with us.

Sites Using AWS SES

If your site is hosted with us it will use Amazon SES for sending mail and you can implement DKIM and SPF.

As part of the SES verification process, a private key is generated and stored by AWS. The corresponding public key, returned as part of the process, can be added to your DNS records. Once the domain is verified AWS SES will start using the key to sign emails matching the sender domain.

To use SPF you will need to add a TXT record to your DNS. Amazon has instructions for that in their  SES Developer Guide(opens new window).

Your own Mail Server

We can also configure GOSS hosted applications to relay email directly to your own own mail server, either directly or via a VPN. You can then implement the desired configuration, as per the guidelines. With this approach you'll need to ensure the availability of your own mail server, as not all messages from the application hosted with us will retry in the event of a failure.

Several GOSS clients are already using this method with Office 365 mail servers, where the IP address of the GOSS hosted services has been white listed to relay mail. We suggest speaking to your own network teams for further advice and support on this.

Last modified on 04 January 2023

Share this page

Facebook icon Twitter icon email icon


print icon