However I want to be able to send emails from my iOS iPad and Android phone so it looks like its coming from my domain.co.uk email address. How do I do this please??
What you have asked certainly makes sense.
In the early days of email you would have been able to send out emails with your 'mydomain.co.uk' address from your iPad or phone using the Virgin Media email servers that you use for your ntllworld emails. However that is no longer supported.
These days you need to use the incoming and outgoing email server names that relate to your 'mydomain.co.uk' email account. Those are referred to as the IMAP (or POP3) and SMTP details.
In my opinion, given your limited experience in these things, your best course of action would be to contact the Domain Registrar that you purchased your domain name from (Godaddy, Names.co.uk, 123 Reg or whoever) and get advice from them as to what your options are.
So called 'email forwarding' which is what you appear to have with your domain, usually comes free when you purchase a domain name but as you have discovered it is of limited use. To have the option to do what you are asking for will almost certainly involve an extra expense but it should not be too much
******************************* I am just another Virgin Media customer. If someone posts a useful reply you can say thanks by clicking on the thumbs up sign in their post. If someone posts a message that solves your problem it helps everyone if you mark their post as a Helpful Answer
I'm going to tell you how to achieve what you want, but first I'm going to try and explain why your current setup is NOT a good.idea.
If you want to go ahead and do it anyway, skip to the end, but I strongly recommend not doing so.
Email is trying to adapt to combat From: address spoofing.
When email was invented the internet was in it's infancy, as such some design choices were made that were a spammers wet dream, that's not to say it was designed badly. For the original Arpanet the design was adequate.
One of the major flaws in SMTP was that there was no checking to see if the senders address was valid. In fact the senders address didn't even have to match the author's address (in fact there's actually an important reason why that was the case. This meant that ANYONE ANYWHERE could send emails with your address as both the sender and/or the From: address, and unless you dug into the email headers you'd never know.
There have been a number of aborted attempts to address this, but in the end three technologies have been settled on. I'm now going to cover each in turn.
Bear in mind though that these technologies don't necessarily affect outgoing mail from your domain, they also affect what happens to inbound mails from other domains.
To understand the technology you do need to understand the difference between the Sender and Author of an email.
When you send an email your client actually sends the following two commands to the email server.
Mail From: <firstname.lastname@example.org> - This is the envelope sender Rcpt to: <email@example.com> - This is the envelope recipient
The From: and To: headers are actually part of the email itself, and while in MOST cases these will be the same as the envelope sender and envelope recipient respectively - in terms of email delivery - these headers are NOT the one's used when determining where a mail is sent or where undelivered mail is returned to.
For example If the mail server receives the following commands
mail from: <firstname.lastname@example.org rcpt to: <email@example.com
yet the email contains
From: firstname.lastname@example.org To: email@example.com
Fred will get a mail in his inbox seemingly addressed to Julie
If the mail is rejected then Joe will get the bounce that was seemingly written by Ann
For this reason the envelope-Sender and From: addresses are considered separate addresses when dealing with email. As are the envelope-recipient and To: address.
In fact the only email address you can be 100% sure of until recently was the envelope-recipient.
Sender Policy Framework (SPF)
This looks at the sender of the email - that is the address found in the mail from: command rather than the from address.
It allows a domain owner to specify that the IP address delivering the mail to the recipients mail service is trusted,
take the following SPF record (this is a genuine one)
Finally they will check if the IP address of the mail server they are talking to matches the IP address above. If it does the mail will pass on SPF, if not it will fail
Now this is OK provided the recipient doesn't have auto-forwarding set up. When this happens the server that ends up delivering that mail to Virgin is that belonging to your forwarding service rather than my mail server. So Virgin Media will fail the mail.
Note: to that in the original SPF specification:
There were no checks to see if the envelope-sender matched the From: address
The decision as to what to do with the failed mail rested with the receiving email administrator.
So while SPF is a start it's not perfect. In fact your setup breaks SPF authentication on inbound mail.
DomainKeys Identified Mail (DKIM)
This was being developed alongside SPF and is an extension of a now deprecated standard called DomainKeys which was originally developed by Yahoo.
DKIM allows a domain administrator to publish a public key in DNS which is then used to determine if a mail is genuine.
Essentially what happens it this.
Author sends email.
Sending server uses a private key to derive a DKIM signature from a private key known to the server.
Sending server also hashes the body and selected headers of the email.
Signature and hash are written into a DKIM header and the email is sent on it's merry way.
Receiving server reads the DKIM signature and uses the corresponding public key to establish the signature is genuine.
The body hash is recomputed to see if it matches the body hash in the signature. Unless the email has been altered in transit this should be the case.
If the signature and the body hash pass then the mail passes on DKIM
Fun fact 1: The domain used to sign the mail is provided in the DKIM header, but under the DKIM standard there's no requirement that the domain be the same as that in the From: address. (Just like SPF)
Fun fact 2: Provided the mail is NOT altered in transit, DKIM checks SHOULD survive being forwarded, but:
Some servers do change the mail before forwarding it on (even though they really shouldn't)
DKIM has a known problem with mailing lists.
Finally: Just like SPF the DKIM specification doesn't say what to do when a mail fails on DKIM - again this was originally left up to the receiving email service.
So while DKIM is an improvement on SPF in some regards, once again it's not perfect.
So lets look at our final standard:
Domain Messaging Authentication Reporting and Conformance (DMARC)
DMARC provides the following
Authentication using DKIM and/or SPF.
Checks to ensure that the domain in the From: address matches the domains used in the SPF and DKIM checks.
Allows the domain administrators to tell the world what to do with emails that fail authentication checks.
Allows the domain administrator to provide email addresses for the receipt of reports on deliverability for their domain.
This is again handled in DNS by publishing a DMARC record
This is a slightly more complex record. p=reject - reject failed mails altogether. pct=100 the percentage of mails to scan. (note this defaults to 100 so technically isn't needed here) rua= the address to send aggregate reports with statistics for mails delivered to a particular server.
With DMARC SPF is done as before BUT the domain in the envelope-sender is compared with the domain in the From: address. If the two don't mach then regardless of the outcome of the SPF check - the mail fails on DMARC. Likewise with DKIM if the domain used to sign the mail is different to the domain in the DMARC address a mail can pass on DKIM but fail on DMARC.
Finally so long as either
SPF passes (mail is being delivered by an approved IP address) DKIM passes (mail has been properly signed and authenticated)
then DMARC passes so it's possible fo have SPF = fail, DKIM = pass or SPF=pass, DKIM=fail and still get a DMARC pass.
DMARC is not without it's issues mind you. BUT it's a definite improvement on SPF or DKIM alone.
However when it comes to receiving mail. You are somewhat at the whim of the both senders and forwarding servers here. While Yahoo do use DKIM to verify their mail as well as SPF, what happens should DKIM fail because an intervening server has changed the mail. - In this case Yahoo say the mail must be rejected so Virgin's email server would dutifully do just that.
For that reason I STRONGLY suggest you either run your own email server or use a hosted email service rather than the setup you are using now.
If you still want to use Virgin Media's servers to send your mail then read my next post:
Only use Helpful answer if your problems been solved.
By default your SPF record won't include Virgin Media's SMTP servers. SO If you do set up our iPad to send using Virgin Media's servers, Virgin Media will reject the send. They do this to protect their service from being abused.
So you need to modify your SPF record to include Virgin Media's servers.
Lets say for example I wanted to modify my own record.
You may recall that previously my record is
"v=spf1 mx -all"
In order to include Virgin Media's SMTP relays I would ADD the following to the existing record
But this needs do be added BEFORE the -all section. So in my case the new record would be:
Tim, thank you so much for taking the time to give such a detailed answer. Although I really do appreciate it, I’m afraid that most of it is lost on me. That’s down to my ignorance and so apologies for that. It’s clearly not a simple task for someone of my computer knowledge and so I will probably just contact my domain provider and let them sort it out.
That’s down to my ignorance and so apologies for that. It’s clearly not a simple task for someone of my computer knowledge and so I will probably just contact my domain provider and let them sort it out.
The best way to become less ignorant is to bite the bullet and try and sort it yourself. The first time I had my own domain, (under Freenetname) I was extremely ignorant about DNS. In fact the domain lapsed when I stopped using freenetname. But even when I purchased my own domain more recently, I was still quite ignorant.
The main things you need to learn:
How to I manage my DNS myself?
Most DNS hosts provide some method of managing your DNS records, if you let me know who your domain provider is, I can walk you through their interface.
Trust me, it's far more satisfying than letting someone else do it.
What is it they say?
"Give a man a fish - he'll feed himself for a day. Teach a man how to fish, and he'll feed himself for life."
Adding or amending the entry you need is usually very simple. Adding the email address to an existing email account on the iPad turned out to be a lot simpler than I thought it would be.
The only thing that makes it more difficult is the fact that Virgin Media do some unusual checking on their outbound servers which makes it necessary to ensure your SPF record is correct.
Only use Helpful answer if your problems been solved.
If you use the information there to show the advanced options, you should be able to see all the records already in use on the account.
Look for the section labelled Text or TXT Record.
Check to see if you already have a record that starts v=spf1 - If you do then you just need to modify this record to add
Somewhere between the spf1 and the last ~all entry (note the underline character is required.
Note that as far as I can tell the TTL's cannot be amended - so DNS servers such as Virgin Media's will cache any entry they find for the period specified in the TTL - (default appears to be 24 hours). This is how DNS is designed.
If you need specific help or you want me to check your current DNS record, drop me a PM with your domain.
Only use Helpful answer if your problems been solved.
I've had a look as you suggested and there is nothing currently in the TXT box. There is an option to add a new TXT record and it asks me for a Name, Value and some drop down options for TTL. Is this where I need to enter something??
Options for TTL are 1 min, 5 mins, 15 mins, 1 hr, 4 hrs and 1 day.