Best Practices

Recommended workflows and tips

5 min read Reference

Email Authentication Best Practices

Follow these guidelines for optimal email deliverability and security.

SPF Best Practices

Keep lookups under 10

Use DMARC Busta's managed SPF to consolidate includes and stay within limits.

Use includes, not IPs

Email service IPs change. Use include: directives to automatically stay current.

End with -all (hard fail)

Once your SPF is complete, use -all to reject unauthorized senders.

Don't include your own domain

Circular references (including yourself) waste lookups and can cause failures.

DKIM Best Practices

Enable DKIM for all services

Every service sending email for you should have DKIM configured.

Use 2048-bit keys

1024-bit keys are considered weak. Most providers now default to 2048-bit.

Rotate keys annually

Regular key rotation limits exposure if a key is compromised.

DMARC Best Practices

Start with p=none

Monitor first to identify all legitimate email sources before enforcing.

Progress gradually

Use DMARC Busta's progression system: none → quarantine → reject.

Maintain 95%+ pass rate

Before quarantine, achieve 95%+ DMARC pass. Before reject, achieve 99%+.

Monitor after changes

Wait 30 days at each policy level to ensure stability before progressing.

Using Autopilot

For hands-off management, enable Autopilot to let DMARC Busta's AI automatically approve high-confidence sources, monitor DKIM health, and progress your DMARC policy safely based on your domain's volume classification.

Previous
Glossary of Terms

Related Articles

Glossary of Terms

Zero Data in AI Insights

Declining Compliance
← Back to Documentation