Most email marketers are unaware of what SPF, DKIM, and DMARC records are or why they need them.

When sending email from your domain (like joe@acme.com) you need to put in place these three security measures.

Failure to not include them in your DNS records risks having your emails not delivered (bounced) or marked as spam.

We have all received a fake email that claims to be from someone like your bank, PayPal, the IRS, or a Nigerian prince. These emails usually end up in your spam folder and flagged as spam.

This is where SPF, DKIM, and DMARC come into play. These records verify that the email is actually from whom it says it is.

 

What is an SPF record?


Sender Policy Framework (SPF) is a record inserted at the Domain Name System (DNS) level that specifies the IP addresses of servers that may send email on their behalf.

So if you are using a third-party email service like MailChimp or Sendgrid or even if you are using your own web hosting company, you need to have the SPF record indicating that the email server may send emails from your domain.

Many web hosting companies will set this up for you in the background, but for a third-party emailer like Mailchimp or Sendgrid, you will have to add the records yourself on your DNS.

 

What is DKIM verification?


DomainKeys Identified Mail (DKIM) is an encrypted signature for emails.

This email authentication method detects email spoofing. Spoofing is when someone sends a fraudulent email claiming to be from someone they at not.

It allows the receiving email server or spam filter to verify that an email came from an authorized domain.

It prevents forged sender addresses in emails, a technique often used in phishing and email spam.

 

How to create a DKIM record


Creating a DKIM record is easy. A Google search will deliver several results for DKIM generators like Socketlabs.com.

Follow the online instructions and your keys will be created for you. All that is left to do now is add them to your DNS records.

 

So what is DMARC?


DMARC (Domain-based Message Authentication, Reporting & Conformance) is yet another level of email verification that ensures that legitimate email is authenticating against established DKIM and SPF standards.

It blocks fraudulent activity from unauthorized email servers. Two key values of DMARC are domain alignment and reporting.

How it works: DMARC’s alignment feature prevents spoofing of the “header from” address by:

  • Matching the “header from” domain name with the “envelope from” domain name used during an SPF check, and
  • Matching the “header from” domain name with the “d= domain name” in the DKIM signature.

 

How to create a DMARC record


There are several online generators that you can use like Unlock the Inbox DMARC wizard.

You will have these records to your DNS server.

 

How to check your mail configuration


By far the most complete tool out there is MXToolbox.com. Google also provides tools that although intended to check if your outgoing mail server is configured for their email service, actually works for any other system out there.

 

Conclusion:


Whether you are an email marketer or setting up a domain for a small or large company, you need to have all three security measures in place if you want to ensure email delivery.

Third party email senders like Google, MailChimp, or Sendgrid have detailed instructions on how to integrate their email sending services into your domain ecosystem.

Failure to set up your SPF, DKIM and DMAC records can result in failure to deliver your emails to your clients.

Subscribe To Our Newsletter

Subscribe To Our Newsletter

Join our mailing list to receive the latest news and updates from our team.

You have Successfully Subscribed!