SPF, DKIM, DMARC - Improving Email Deliverability

SPF Record, DKIM, DMARC: Improving Email Deliverability

In my 10 Ways to Improve Email Deliverability article I shared a number of ways to help ensure that the emails sent to your email list are delivered to your recipient’s inboxes.

Similarly to all things website and IT, there is another aspect of email deliverability which is extremely important to address ignored by many. These are systems which authenticate your emails ensuring that you did in fact send them.

There are three parts to this known as:-

These three systems are essential to implement and work together to ensure that as a website owner, your email recipients only receive emails that you sent!

This topic can quickly get confusing for those of us who aren’t techies. In this article I’m going to attempt to de-mystify this topic and tell you what you need to know and do.

Firstly, some background on how we got here will give you some context.

A Historical Perspective

Modern email systems and how they detect and classify spam, have very much evolved to prevent activities such as the use of open mail relays. So what is an open mail relay? This is an email server that is improperly configured allowing the unauthenticated relay of email.

In plain English, this provides a spammer with the ability to connect to that server and use it to send emails whilst forging the sender information. In other words, it allows anyone on the internet to send email through it.

Spammer intercepting email

SMTP email has no inbuilt authentication protection so historically a spammer could simply set one of these up and quickly send millions of emails to anyone from any originating email address. It is important to understand that this is why many email service providers will direct the emails sent to your email list into your recipient’s spam, junk and Gmail Promotion folders.

Yes, following all the steps explained in my other article will certainly help your efforts to keep your emails in your recipient’s inboxes. However, taking steps to ensure your website domain and email activity comply with SPF, DKIM and DMARC are additional important steps towards achieving this goal.

It Also Prevents Spoofing, Phishing and Other Dangers

This isn’t only about the ability to get your emails delivered into your recipient’s inboxes. There is a deeper issue here and there are far wider implications including:-

A hacker could destroy your entire business and cause all sorts of problems which go far beyond the realms of email!

So let’s start with the SPF…

What is the Sender Policy Framework (SPF Record)?

In a nutshell, the Sender Policy Framework or SPF record, prevents hackers from sending emails which come from your email address. It enables you to publish which mail servers are authorised to send your emails whilst the receiving mail server uses this information to determine how trustworthy the email’s origins are.

The limitations of using an SPF record in isolation are:-

Implementing Your SPF Record

You can implement an SPF record by simply adding it to your domain DNS record. Depending on your domain setup, you may be able to do this from directly within your hosting cPanel.

It is generally found under Email -> Email Deliverability in the cPanel.

An SPF record looks something like this:-

v=spfl a ip4: -all

This indicates that this mail server’s IP address can send emails from your domain address. To check whether your domain SPF record has been configured you can use this SPF record checker tool.

A DKIM record prevents forgery

Domain Keys Identified Mail (DKIM Record)

This is another email authentication technique which should be used in unison with your SPF record. A DKIM record uses public key cryptography, a digital signature, which is added to the email message and encrypted. It is important to note that all leading ISPs including the likes of Yahoo, Microsoft and Gmail check incoming email for a DKIM record signature.

Basically, a DKIM record goes an extra step, ensuring that a message cannot be altered whilst in transit. The digital signature ensures the identify of the sender and two keys are created with one kept on the sending server whilst the other is saved as a DNS record.

These measures are necessary to detect forgery and prevent harmful email being delivered.

DMARC reporting conformance

Domain-based Message Authentication Reporting and Conformance (DMARC Record)

A DMARC record is the final piece of the jigsaw puzzle and brings it all together by adding important reporting functionality. It helps you gain insight into who is sending email on behalf of your organisation’s domain name.

This offers further protection against violations such as phishing or spoofing attacks. Utilising DMARC records you can obtain reports from ISPs including the likes of Yahoo and Gmail to ensure that no one is using your identity.

You can configure a DMARC record for when SPF record and DKIM record authentication fails for a message to:-

Similarly to the SPF record and DKIM record, a DMARC record is set up as a TXT record inside your domain DNS record.

You can quickly and easily check and set up a DMARC record via easydmarc. Simply set up a free user account and check out their DMARC Record Lookup and DMARC Record Generator tools to get started.

Phew, I hope I didn’t overwhelm you with this article. I’ve aimed to explain a topic which does get very confusing into an easy to understand format.

When you are getting started with email list building, I highly recommend setting up your SPF record, DKIM record and DMARC record as part of the process.

Also be sure to read the documentation for whichever email service provider you decide to use. I’ve taken a look at a number of the players websites including Aweber, GetResponse, MailChimp, ConvertKit, SendInBlue and Moosend and they all provide easy to follow instructions to help you get started.

A tiny request: If you liked this post, please share this?

I know most people don’t share because they feel that we don’t need their “tiny” social share. But here’s the truth…

I built this blog piece by piece, one small share at a time, and will continue to do so. So thank you so much for your support, my reader.

A share from you would seriously help a lot.

Some great suggestions:
– Pin it!
– Share it to your favorite blog + biz Facebook group
– Tweet it!
– Share it on LinkedIn!

It won’t take more than 10 seconds of your time. The share buttons are right here. 🙂

Leave a comment

Before you go...

Grab your free Ultimate Website Planning Checklist. It will help you plan your website easier than ever!