How to Make Sure Your Email is Safely Delivered

Are your work emails not being delivered? If so, it could be because you have not updated your Domain Name System (DNS) with the records that tell email providers that your email is safe. Here is a brief introduction to SPF, DKIM and DMARC, and why they are important to include in your DNS records.

Are your work emails not being delivered? If so, it could be because you have not updated your Domain Name System (DNS) with the records that tell email providers that your email is safe. There are three kinds of records; all of them are increasingly necessary in the ongoing task of making email more secure. Here is a brief introduction to SPF, DKIM and DMARC, and why they are important to include in your DNS records.

Sender Policy Framework (SPF)

SPF is a text record in your DNS that tells your recipient that your message is not spoofing, spamming, or attempting to defraud them. The record includes hostnames and IP addresses authorized to send on behalf of @YourDomain. The receiving email server checks the DNS record to see if the information of the sending server is included. If it is included, the email is validated as coming from your organization.

N.B. You must include the IP addresses of ALL services that send email on your behalf, such as your website, newsletter tools like Mailchimp or cloud-based CRM like Salesforce.

SPF records work very well; however, when an email is forwarded, the SPF becomes invalid because it is no longer being sent by you. That is where DKIM comes in

DomainKeys Identified Mail (DKIM)

DKIM is a two-part key that is added to your DNS as well as every server that sends your email. Email from the sending servers includes both parts. The receiving email server checks to see if the public key in the email exists in the DNS, then sees if the private keys match. If they match, the email is delivered. If they fail to match, the email bounces.

Because DKIM adds the information to the email itself, and is included when an email is forwarded, the receiving email server can judge if the original email is valid and not a spoof.

Domain-based Message Authentication, Reporting & Conformance (DMARC)

DMARC is protection on the receiving end of email. It is a rule that tells your email service provider whether to reject or quarantine emails from untrustworthy or unknown sources, based on results of SPF and DKIM checks. It can also send reporting to IT departments, who can use it to troubleshoot email delivery issues.

The three types of records, used together, are important tools to establish the validity of the email sender. By adding them to your DNS/email server configuration, you increase the chances that your email will arrive in your recipient’s inbox every time.