Would you like to reduce the likelihood of having your emails marked as spam? Would you like to try to prevent others from being able to send emails using your email address? If so, you should add SPF and DKIM records to the DNS records for your domain name and consider enabling DMARC. It’s important to note that these suggestions only work if you use your own domain name such as SoundSupport.biz or YourCompanyName.com. My suggestions aren’t applicable if your email address ends with gmail.com, comcast.net, outlook.com, iCloud.com, etc.
This Tech Tip is the first in a series. Subsequent Tech Tips will talk about how to setup and validate your SPF, DKIM and DMARC records.
If you’re not very familiar with DNS records then read my previous Tech Tip which introduces you to the basics of DNS. Even if you’re already know the basics of DNS, please remember to make a record of your current DNS records before you make any changes. Also, make sure you choose a qualified person to edit your DNS records. Read my previous Tech Tip which talks more about these recommendations for avoiding common DNS problems.
Let me briefly explain what SPF, DKIM, and DMARC are and how they could help you.
SPF stands for Sender Policy Framework. SPF is an email authentication protocol that allows you, the owner of a domain, to specify which mail servers you use to send mail from that specific domain. It’s relatively easy for an email spammer to spoof your email address. Spoofing means that the spammer will send an email from his or her email account but make it appear as though the email was sent from your email account. Since the email sent by the spammer was not sent from your email server then the recipient’s mail server could identify this email as spam or possibly discard it altogether. Conversely, emails that you send can be verified as really coming from you and thus are less likely to be identified as spam. For a deeper understanding of SPF and some of its limitations check out Validity’s SPF in Plain English article.
DKIM stands for Domain Keys Identified Mail. DKIM is a way for you and your organization to digitally sign your emails. This allows the recipient’s mail server to verify that the email has not been altered in transit. Unlike SPF, DKIM, does not instruct the recipient’s mail server to do anything with an email that does pass the validation process. For a deeper understanding of DKIM and its limitations check out Validity’s DKIM in Plain English article.
DMARC stands for Domain-based Message Authentication, Reporting & Conformance. It is the most recently developed method of email authentication. It relies on either SPF or DKIM validation and then guarantees that the domain visible to the recipient is the same as the domains validated by either SPF or DKIM. Your DMARC policy can give the recipient’s mail server instructions on how to handle the email. Briefly DMARC offers three possible instructions: 1. do nothing, 2. mark the message as spam or 3. reject the message. Setting your DMARC policy to do nothing is risk free and educational. You would start to get email reports about who is sending email using your domain name. This could include legitimate senders such as your own mail server and maybe an email marketing service that you use. It could also include spammers who are sending out emails using your domain name. You could then change your DMARC policy to either quarantine or reject emails that don’t pass the email authentication process, once you’re sure you have SPF and DKIM records in place.
You should not rush into configuring your DMARC policy to instruct mail servers to reject emails since you could shoot yourself in the foot. For example, if you forgot to list a mail server that sends legitimate emails, such as invoice emails or marketing emails, on behalf of your company in your SPF record, then all of the emails sent from this legitimate service could be rejected by the recipient’s email server. For a deeper understanding of DMARC watch this video by Validity and use the timestamp information listed below the video to jump to the desired sections.