Email authentication for multiple DNS views
Updated over a week ago

Many companies will configure their DNS to have multiple DNS Views. A DNS view is a copy of one or more DNS zones that is only accessible to a specified set of clients. In many cases there will only be one DNS view which is available to anyone on the Internet and the domain owners own employees.

In larger companies, the domain owner may have some DNS information that is only available to their employees and not to the general Internet for security reasons. For example internal databases or other business applications should not be advertised to non employees. It is possible to have many DNS views but due to complexity of management, most organizations will have no more than two.

Multiple DNS views may have implications for email authentication. Any entity doing email authentication must be able to find the proper SPF/DKIM/DMARC information in order to do that authentication. If one DNS view has the proper SPF/DKIM/DMARC configuration but another does not, any entity that accesses the second DNS view will not be able to validate emails with the proper information. This becomes even more important when DMARC is at enforcement.

If a company has multiple DNS views, it is important to ensure that when updating SPF/DKIM to point to Valimail, we also update any internal SPF/DKIM on internal DNS views

a diagram of a computer network
Did this answer your question?