New to administering Atlassian cloud products? Learn about Atlassian organizations and what it means to be an organization admin.
Managing products from an organization? Learn what's available to organization admins.
Need to control change in cloud? Test and manage product changes for Jira and Confluence Cloud.
Need to integrate your Atlassian products? Use application tunnels to connect your organization to the products in your network.
Stay on top of users and data across your organization with all the reports and tracking options we offer.
DMARC uses Sender Policy Framework (SPF) and DomainKeys identified mail (DKIM) to determine the authenticity of an email message and recognize whether a message is coming from your domain. As part of your DMARC setup, we provide Domain Name System (DNS) records with these authentication details. Learn how to add these records to your domain provider
By verifying the sending server's IP address, SPF helps detect domain spoofing. SPF does this by verifying the IP address against a list of allowed IP addresses for your domain published on the DNS record.
When a recipient’s mail server receives a new email, it checks the SPF record for your domain. When it can verify the email’s domain in the SPF record, the server accepts the email.
To authenticate with SPF, we provide an SPF record in the form of a TXT record. We use an additional TXT record to verify that you own the domain.
DKIM CNAME records
DKIM ensures that email content is kept safe from tampering. DKIM does this by having a digital signature as part of of the email, which can be verified against your domains DNS record. By publishing the DKIM records on your domain's DNS record, you grant us permission to sign emails on your domain's behalf.
When Jira sends an email, we add DKIM signatures to the email header and secure them with public key cryptography. We use this public key in the DKIM signature to verify whether messages are authentic.
We define the unique cryptographic key in DKIM records in the form of CNAME records. We include two DKIM records in case one key needs to be rotated.
If the recipient’s email is rejected, we send the email to the mail server indicated in the Bounce record. For example, if the recipient’s server detects that an email isn’t coming from the domain specified in the SPF record, the email is rejected. We provide the Bounce record in the form of a CNAME record.
Was this helpful?