SPF, DKIM and Dmarc: Making sure emails reach Inbox

TL,DR;

Increase email authority by deploying these measures on your hosting control  panels and SMTP mail servers. Setup SPF, DKIM and Dmarc records in your hosting to limit email rejections and spam-marking.  

Problems with Emails.

As an IT company providing email marketing and integration services, we ensure that our clients emails are properly signed, don’t fall into . For a long time (at least till 2005), there was issue on the web with emails. Emails didn’t conform to any standards. The spam filters were weak. Unwanted emails came in the inbox whereas your trusted email which you were expecting got ended up in Junk. There was a lot of phishing. People posing as fake survey mails from large companies got you to fill shady forms to hack your data and everything. MailServers needed solutions to make sure that emails were properly signed so that receiver would not be deceived. Thats where big internet companies got together and setup some standards for email identification and conformation to a standard to make sure that right emails reach the inbox while the fraudsters and spammers could be kept out. These standards ended up becoming SPF, DKIM and Dmarc. We’ll talk about what they are and how to set them up in this blog. All email providers including the big ones such as Gmail, Microsoft, Yahoo!, Zoho etc. follow these email guidelines strictly and sort emails based on reputation and criteria. So, its important to not give a reason to them to reject your newsletters and emails.  

Setup SPF, DKIM and Dmarc

But First, Verify your SPF, DKIM, Dmarc settings

To verify if your emails are being properly signed and follow authenticity rules, you can use a popular third-party service that we use. Click on mail-tester.com to read the procedure. Test your emails for verification using mail-tester.com free service.
The method to use is simple.

1. Copy the email address generated by the service.
2. Send email to that email address using the exact method you want to test. e.g. WordPress, Newsletter or custom PHP script.
3. Refresh Mail-tester page – a few seconds after sending the email – to find your results.
4. After setting up your SPF and DKIM, refresh Mail-tester page to view your score go up.

Mail Tester will handily tell you your score out of 10 along with a generic summary message and point by point reference of what you are missing. The points mail-tester tests are,

1. Mail sender IP and its online reputation
2. Content Quality and Text-to-image ratio
3. SPF, DKIM, Dmarc scores

You can use Mail-tester or contact The Right Software to do the testing of your emails. For your IP reputation, you can talk to your hosting service provider or sysadmin. While, for email contents, you can discuss with your email designer. However, we can still make sure that our SPF, DKIM and Dmarc values are in line with recommendations to get most traction with email providers. A good hosting and an IT services company will take care of these points.  

What is SPF?

SPF stands for Sender Policy Framework. This is an open standard that provides mechanism to prevent sender email address forgery. SPF is a DNS record that you add inside your DNS settings. It is a TXT type record and you can easily set this up. A typical SPF record looks like this.  

example.net.   TXT   "v=spf1 mx a:pluto.example.net include:aspmx.googlemail.com -all"

  This record tells that all emails that come from MX records (again found in DNS records) of example.net as well as pluto.example.net and third party services such googlemail are authorized to send email on behalf of example.net. And any email received with these signatures is a valid email. -all switch tells to discard all other emails. This setting will be read and respected by most email providers. If you use a third-party service for sending emails such as MailChimp then spf will handled automatically. In Mandrill, there is option to setup dmarc as Mandrill provides the instructions to add in your DNS.  

What is DKIM?

DKIM stands for DomainKeys Identified Mail. DKIM came from labs of Yahoo! and Cisco to become DKIM open standard. DKIM is a digital signature that is generated by the email sender and embedded in the actual email  messasge as a mail header field. That signature can be verified by the receiving party. The DKIM signature of a message is created using message body and a private key generated by the server. That signature is later on verified by the DKIM text record of the sender. Here is a very good explanation of how DKIM works. A typical DKIM text record looks like,  

Identifier._domainkey.example.net.   TXT   "v=DKIM1; p=yourPublicKey"

  Creating yourPublicKey and signing your emails with it is a complex process and best be left to a professional email integration company. However, most shared and managed hostings provide DKIM service in control panels. DKIM adaption rate is less than SPF as it needs careful installation and is a complex task.  

What is Dmarc?

Dmarc is a mouthful Domain-based Message Authentication, Reporting & Conformance. Dmarc is a protocol that again defines what to do with emails that comply with authentication and what to do with emails that don’t. Another TXT record, Dmarc looks like,  

_dmarc.example.net.   TXT   "v=DMARC1;p=reject;pct=100;rua=mailto:[email protected]"

  Where DMARC1 is the protocol while p is policy switch that tells to reject all emails that fall outside SPF and DKIM authentication. So basically you are suggesting mail receiver to to reject, quarantine or accept emails based on your policies. Although its on receiver discretion what to do with actual emails. However, its best to have SPF, DKIM and Dmarc policies ready and deployed. All famous mail sending services such as MailChimp and Mandrill provide instructions to setup SPF, DKIM and dmarc.  

Setup SPF, DKIM, Dmarc on famous hostings!

We have worked with all famous hosting providers to setup SPF, DKIM and Dmarc. Most hosting companies provide screens inside their hosting control panels.

CPanel-Ready Hosting

CPanel is a famous hosting control panel on shared hosting companies such as GoDaddy, HostGator and InMotionHosting. In CPanel, you can go to Login -> Cpanel  -> Email -> Authentication for SPF and DKIM settings. For TXT records, you can go to Advanced DNZ Zone editor.

CloudFlare and NS1.com

If you manage your DNS through CloudFlare and NS1.com, you can simply create TXT entries in there. You do not need to add those entries in the hosting panel. The CloudFlare and NS1 are managed DNS services and they will also increase your website speed as lookup times will decrease.

SquareSpace Domain Hosting

If you host your website on SquareSpace online platform then you have a handy tool to manage domains. There is option to edit DNS records and add SPF/DKIM information.   Related: Follow these 8 steps to prevent your MailChimp emails going to spam.  

Final Thought

To get uninterrupted email delivery, either choose a hosted email solution such as MailChimp or SendGrid. Otherwise, make sure that your SMTP server follows these protocols for optimum results. Send us an email if you need help with setting up any of these protocols for your mail server or if your emails are being flagged for spam.