Email deliverability: SPF, DKIM, and DMARC
SPF, DKIM and DMARC are not SummitPSA settings — they are DNS records you publish for the domain you send from. They tell receiving servers that your SummitPSA / relay is allowed to send as your domain, which is essential for ticket mail to reach inboxes. This is general email-infrastructure guidance for self-hosters.
SPF
Sender Policy Framework lists the servers allowed to send for your domain, as a single TXT record. If you relay through a provider (for example Mailgun), include theirs:
v=spf1 include:mailgun.org -all
Publish exactly one SPF record; end it with -all (hard fail) or ~all (soft fail).
DKIM
DomainKeys Identified Mail cryptographically signs outgoing mail. Your relay or mail server generates a key pair; you publish the public key as a TXT record at a selector subdomain, e.g. selector._domainkey.yourdomain.com. Receivers verify the signature against it.
DMARC
DMARC tells receivers what to do when SPF/DKIM fail and where to send reports. Start in monitor mode, then tighten:
v=DMARC1; p=none; rua=mailto:dmarc@yourdomain.com
Move from p=none to p=quarantine and finally p=reject once reports confirm your legitimate mail aligns.
Checklist
- Use a consistent From domain in your SummitPSA email account that you control DNS for.
- Publish SPF, DKIM and DMARC for that domain.
- Send a test ticket reply and inspect the headers (or use a mail-tester tool) to confirm all three pass.
Allow time for DNS changes to propagate, and verify with your provider's domain-verification page before going live.