SPF and DKIM are the two terms that sound technical even to an email marketing professional. But it is important to learn, understand and set up these records, especially if you are planning to send an email campaign, as it would have a huge positive impact on your campaign’s deliverability. If you are feeling overwhelmed, don’t worry, we have covered how to set up SPF and DKIM for you in this blog and it is not rocket science.
It will ensure that the domain through which you send emails doesn’t end up in the Blacklist of any Spam filters for the casualties that you have not committed. Spam Filters block mass emails of people who have not authenticated their SPF and DKIM records because there have been instances of forgery where frauds have faked the email addresses and sent emails on other person’s behalf.
What is SPF?
SPF, Sender Policy Framework is a security mechanism to avoid email spoofing and to confirm the recipient that the incoming email is from the email address that is authenticated and not a fraud. SPF works through the communications between the DNS (Domain Name System) (the phonebook of the Internet connecting web browsers with websites) of the two parties (the recipient and the sender) and ensures the recipient of the authenticated communication.
SPF is set up by adding it to your DNS. So, whenever you send an email, the DNS of the recipient will look into its list of SPF and verify if your SPF is present in its list. By this, the recipient will ensure that there are no chances of casualties and the email transaction is no less than a genuine communication.
Why is setting up SPF so important?
Here are few of the many reasons why setting up SPF is so important:
SPF provides Brand Protection:
Always consider your Domain name as a brand on the Internet, and whenever any email recipient receives an email from you, they associate your email to that brand. Emails are as important to your brand as your website is. Just as you set up security systems to protect your website, you should also do the needful to avoid any casualties on your important mean of communication. Email verification mechanisms like SPF not only keeps your email stream safe but also assures the recipients of an authenticated email deliverability. It protects your email channel from all the people that are impersonating your email address and protects your brand integrity.
SPF prevents Frauds
Spoofing emails has become easier with the advancements in technology leading to loopholes being explored by fraudsters. Cyber frauds through emails have exploded in recent time, and scamsters have managed to transfer billions of dollars by spoofing the emails.
It is not right to imagine that your company is immune to all this because of internal vigil system as the scamsters will find ways to defeat your firewall and send emails on your behalf. With SPF security mechanism, you can ensure that your security is confirmed and nobody is impersonating you.
Avoid Spam Filters
Spam filters are becoming strict day by day, and they are not leaving a single stone unturned. Whenever they find anything suspicious in an account, they add it to their spam list. With the SPF and DKIM set up in your DNS, you give spam filters one less reason to add you in their blacklist. This will help you increase your domain reputation and make your domain stronger.
How to set up the SPF in your Domain Server?
SPF record is a TXT record that lists the services of emails to send emails from your domain. You can add the SPF to your DNS by adding the TXT record and avoid being spammed. Your mail flow will not get affected if you have added the TXT to your DNS.
The following are the steps to set up the SPF:
Step 1 – Identify your domain host and sign in to your domain account.
Step 2 – Go to the Domain name or the Domain Management page and find your TXT records.
Step 3 – Check if you already have the SPF record. The SPF record begins with v=spf1.
Step 4 – Create the TXT record with the help of the below variables:
Name/Host/Alias: Enter @ or leave it blank. Your other DNS records might indicate which entry is correct.
Time to Live (TTL): You can enter 3600 or leave it as blank
Value/Answer/Destination: Enter v=spf1 include:_spf.google.com ~all ( This is the Variable for Google Accounts. In case of any other service users you need to check from their admin blog.)
Step 5 – Save the record. Your SPF record gets activated in 48 hours or less.
In case you already have an SPF record than skip this entire procedure from step 4 because having more than one SPF is not recommended since it creates an authorisation issue. It is recommended to use the same SPF for all the email services.
Steps to Verify your SPF record.
You can use the Google Gsuit Toolbox and follow the step beneath:
Step 1 – Visit https://toolbox.googleapps.com/apps/checkmx/
Step 2 – Enter your Domain name.
Step 3 – Click on “Run checks”.
Step 4 – Once the test is finished, click on Effective SPF Ranges.
You will get your SPF results.
There are many Service providers to check your SPF record like Mailchimp, Gsuite Toolbox. More or less, all of them perform a similar function to display the SPF record.
Another email authentication record is DKIM. Let us understand what it is all about.
What is DKIM?
DKIM, Domain Key Identificated Mail is another mechanism for email authentication. It uses an encrypted signature to verify that the email sender is the one who they say they are and gives a key to the sender’s recipient to check back with the sender DNS record. If you have set up DKIM, the recipient’s DNS can check who the email is from and guarantee No Fraud situation.
DKIM is an additional step for email authentication. DKIM sets up a domain name identifier to your message using cryptographic techniques to validate it as the receiver gets your email, which is different from SPF. They use a digital signature to identify is identify the IP address.
For all the reasons SPF is used, DKIM serves the same purpose to all the email service users. Email verification and authentication are the core purposes that DKIM solves and gives spam-free user-friendly communication services to the sender and recipient of the email.
Let us understand how to set up DKIM in your DNS system.
Steps to set up DKIM :
You can generate your Domain key after 24 hours of the activation of your Gmail account. You should be the super administrator to generate the domain key, or else you would not be allowed to generate the key.
Here are the steps that need to be followed to generate Domain key for email authentication:
Step 1 -Go to the admin page of the Email Service provider that you use and Open the tab Authenticate Email. For the Gsuite users – Open the Admin console Home Page> Gsuite> Gmail> Authenticate Email.
Step 2- Now you need to select the Domain that you want to generate the domain key for. Your primary domain will appear by default. In other cases, you need to select the domain from the down arrow under Domain.
Step 3– Select on Generate New Record.
In cases where your registrars don’t support 1024-bit keys then you need to change the key length from 2048 to 1024.
(Note- 2048-bit domain keys are more secure than 1024-bit domain keys. Hence unless otherwise recommended always prefer using 2048-bit domain keys.)
After that, Select Generate.
The text box displays the information that is used to update the DNS record. The public domain key is retrieved by the Email servers which are then used to validate the incoming messages.
Once you have generated the domain key, you need to add it to your DNS.
Steps to add Domain key to your DNS:
Step 1 – You need to sign in to the management console of your Domain Provider and open the page to manage the domains and update the DNS records.
Step 2 – Create the TXT record using the variables of name and values.
Step 3 – To see the name and value you need to create the TXT record, in the Admin console go to Apps > G Suite > Gmail > Authenticate.
Step 4 – Update the DNS record by adding the following:
In the first field, you need to enter the text under the DNS Hostname (TXT record name). Enter the TXT value in the second field.
Step 5 – Save your changes.
This will add the Domain key to your DNS.
After you have generated the Domain key and you have updated it to your Domain, the next step follows is to DKIM signing. Gmail will use its default DKIM signing if you don’t Sign in your own DKIM signature. Follow the below steps to update the signature for DKIM.
Always consider updating your Domain DNS record before turning on signing the DKIM signature.
Step 1– Now go to Apps> G Suite> Gmail from the Admin Console Manager.
Step 2– Select “Authenticate Emails”
Step 3– Select your domain where you want to sign in
Step 4– Click Start Authentication.
To confirm that DKIM signing is turned on, send an email message to someone who is using Gmail or G Suite. You can’t do this test by sending yourself a text message.
Open the message in the recipient’s inbox to be sure.
To Reply, click and you will get the original message
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mydomain.com; s=google;
This will be the Domain key in your header. If you find this in the recipient’s message, assure yourself that the domain key has been updated to your DNS.
The above were the steps to set up the Domain key in your DNS. Consider following all the steps for hassle-free email deliverability.
Domain-based Message Authentication, Reporting & Conformance, DMARC is the protocol that uses SPF and DKIM to authenticate the emails and verify that there is no Fraudulent activities while sending emails.
Hence, verifying your emails through this mechanism is a step taken towards legitimate email sending. Every business that sends cold emails should not wait for a warning from the spam filters before they authenticate their email address.
“Setting up SPF and DKIM is the easiest yet most powerful thing you can do to increase your email deliverability and overall domain reputation.”
– Piyush Patel (Co-founder SalesHandy)
So what are you waiting for? Go and prove that you are who you claim to be.
We hope that we were able to provide you with the insights about the email mechanism