SPF & DKIM Setup for Fortinet: Strengthening Email Security

In today’s digital landscape, email security is more critical than ever. Cybercriminals frequently exploit email vulnerabilities to launch phishing attacks, impersonation scams, and malware distribution. To prevent email spoofing and enhance email authentication, organizations should implement SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail).

This guide will walk you through setting up SPF and DKIM on Fortinet to ensure that your emails are authenticated, trusted, and secure.

Understanding SPF and DKIM

1. What is SPF (Sender Policy Framework)?

SPF is an email authentication protocol that helps prevent email spoofing by allowing domain owners to define which mail servers are authorized to send emails on behalf of their domain.

When an email is received, the recipient’s mail server checks the SPF record to verify whether the sending server is permitted to send emails for that domain. If it fails this check, the email might be marked as spam or rejected.

2. What is DKIM (DomainKeys Identified Mail)?

DKIM ensures the integrity of an email by digitally signing it using a cryptographic key. This helps verify that the email has not been altered in transit and that it originated from an authorized sender.

With DKIM, an encrypted signature is added to the email header, which the recipient’s email server then verifies using the public DKIM key published in the sender’s DNS.

Why SPF and DKIM Matter?

Both SPF and DKIM play an essential role in email security by:

  • ✅ Preventing email spoofing and phishing attacks
  • ✅ Improving email deliverability by ensuring emails aren’t marked as spam
  • ✅ Strengthening domain reputation and credibility

However, SPF and DKIM alone are not enough to fully protect your emails. They should be used alongside DMARC (Domain-based Message Authentication, Reporting, and Conformance) for maximum protection.

Setting Up SPF for Fortinet

Step 1: Create an SPF Record

An SPF record is a TXT record that needs to be added to your domain’s DNS settings.

  • 1️⃣ Log in to your domain registrar’s DNS management panel (GoDaddy, Cloudflare, AWS, etc.).
  • 2️⃣ Add a new TXT record with the following details:

Type: TXT

Host/Name: @ (or your domain name, e.g., yourdomain.com)

Value:

v=spf1 include:spf.fortinet.com ~all

Step 2: Verify SPF Setup

Once your SPF record is updated, test it using an SPF lookup tool like:

  • 🔹 MXToolbox SPF Checker
  • 🔹 Google Admin Toolbox

Setting Up DKIM for Fortinet

Step 1: Generate the DKIM Key

  • 1️⃣ Log in to the FortiMail Web Console
  • 2️⃣ Navigate to Profile > Session Profile > Advanced Settings
  • 3️⃣ Enable DKIM Signing and click Generate New Key

Step 2: Publish the DKIM Public Key in DNS

Once your DKIM key is generated, add it as a TXT record in your domain’s DNS settings:

Type: TXT

Host/Name: fortidkim._domainkey.yourdomain.com

Value:

v=DKIM1; k=rsa; p=MIGfMA0GC...

Step 3: Verify DKIM Configuration

Once DNS has updated, check if DKIM is working using a DKIM lookup tool:

  • 🔹 MXToolbox DKIM Checker
  • 🔹 Google Admin Toolbox

Enhancing Email Security: Implement DMARC

Step 1: Create a DMARC Record

In your DNS settings, add a new TXT record:

Type: TXT

Host/Name: _dmarc.yourdomain.com

Value:

v=DMARC1; p=reject; rua=mailto:[email protected]; ruf=mailto:[email protected]

Step 2: Verify DMARC Setup

Use a DMARC checker like:

  • 🔹 MXToolbox DMARC Lookup
  • 🔹 Google Admin Toolbox

Troubleshooting Common Issues

🚨 SPF or DKIM Not Working?

  • ✅ Ensure the DNS records are correctly formatted and propagated (wait 24-48 hours).
  • ✅ Avoid multiple SPF records – If you already have one, update it instead of creating a new one.
  • ✅ Check DKIM selector – Ensure the DKIM key matches the one in Fortinet.
  • ✅ Test email headers – Send an email to Gmail and check “Original Message” for SPF, DKIM, and DMARC results.

Conclusion

By configuring SPF and DKIM on Fortinet, you strengthen your domain’s email security, prevent phishing attacks, and improve deliverability. However, for complete protection, implementing DMARC is crucial.

🔹 Need Help?

  • ✅ Generate Your DMARC Record Here
  • ✅ Check Our DMARC Plans

Secure your emails today and protect your business from cyber threats! 🚀

DMARC

Look Up DMARC Record

Learn More
DKIM

Look Up DKIM Record

Learn More
BIMI

Look Up BIMI Record

Learn More
SPF

Look Up and validate SPF Record

Learn More