We could bet that you as a marketer already know acronyms SPF & DKIM but what do they mean and how can they benefit you? Looks like it is the perfect time to learn about SPF & DKIM and set them up in your DNS records for your email server to have a better control over your email deliverability.
SPF (Sender Policy Framework) is an email authentication protocol that allows the owner of a domain to specify which mail servers they use to send emails from that domain. Brands that send emails publish SPF records in the DNS (Domain Name System). These records list which IP addresses are authorized to send email on behalf of their domains.
During the SPF check, email providers verify the SPF record by looking up the domain name, listed in the “envelope from” address in the DNS. If the IP address sending email on behalf of the “envelope from” domain isn’t listed in that SPF record, the message fails SPF authentication.
Reasons to implement
If a domain publishes an SPF record, spammers and phishers are less likely to forge emails pretending to be from that domain, because the forged emails are more likely to be caught in the spam filters that check the SPF record. Therefore, an SPF-protected domain is less attractive to spammers and phishers. Because an SPF-protected domain is less attractive as a spoofed address, it is less likely to be blacklisted by spam filters and so ultimately the legitimate email from the domain is more likely to get through to your customer.
Duplicate SPF TXT records
Commonly violated aspect of SPF is that one domain may only have a single SPF record. Why are multiple SPF records so common? Part of the cause is that when an organization deploys different services, each provider often instructs them to create an SPF record. For organizations that have multiple SPF records this is easily resolved by merging the records into a single statement. For example, if you had the following two records to authenticate:
Two SPF Records
“v=spf1 include:_spf.google.com ~all”
“v=spf1 include:mailgun.org ~all”
Two SPF Records Combined
“v=spf1 include:mailgun.org include:_spf.google.com ~all”
DKIM (DomainKeys Identified Mail) is a protocol that allows an organization to take responsibility for transmitting a message in a way that can be verified by the mailbox providers. This verification is made possible through cryptographic authentication. The primary advantage for e-mail recipients is that it allows to reliably identify a stream of legitimate email, thereby allowing domain-based blacklists and whitelists to be more effective. This is also likely to make certain kinds of phishing attacks easier to detect.
DKIM lets an organization take responsibility for a message while it is in transit. The organization is a handler of the message, either as its originator or as an intermediary. Their reputation is the basis for evaluating whether to trust the message for delivery or not.
Adding SPF & DKIM records
Below you will find a list of the most popular DNS providers. While pressing DNS provider name you can find tutorials or basic information on How to add the given records to your provider.
Important note: when you search for a tutorial on how to add records keep in mind that you need to look just to the TXT format parts.
Don’t know who your DNS provider is? You can easily find it out here.
To check if your records are added correctly, we recommend you to follow this link and paste your domain name in both SPF and DKIM parts. If something is not correct, you will be able to see all errors there.
Domain signature at Omnisend is free of charge if you are a PRO plan user. Rest of the clients will pay a $89.99 one time fee.
Keep in mind that we are using different infrastructure for Campaigns and Automation emails, so please come to decision, what kind of emails you would like to send through those domains in advance.
Important note: To add SPF and DKIM records you need to think of a domain name you would like to use. You will need to add our provided records to your DNS so we recommend using your store name. Also, for Automation emails we will ask you to sign a subdomain so you will need to decide what kind of subdomain you would like to use. It could be @news.domainexample.com; @email.domainexample.com; @shop.domainexample.com and etc.
Always remember, using authentication will not guarantee that every email will reach your client’s inbox - you need to focus on improving your email deliverability! However, it preserves your brand reputation and makes sure you have the best possible chance of having your messages reach their intended destination.
Something is wrong with DKIM records
If you are using GoDaddy as your DNS provider and while checking if the records are added correctly you can not see any information about DKIM, take a better look at the "Name" part. We are providing you with a fully-qualified name that ends with your domain name, DO NOT include your domain name in the “Name” field when you add the TXT record. If you are given something._domainkey.yourdomain.com only enter something._domainkey. in the “Name” field.
SPF records are not found
- It is a common issue if you have more than one SPF record added in your DNS. In such cases, we recommend you to combine those records. Go back to Duplicate SPF TXT records part where you will find an example on how combined records should look like.
- If you are trying to add SPF record for Subdomain, skip the main domain and include only Subdomains' name in a "Name" part.
- Also, in some cases you might be asked to add only the @ symbol instead of the record name.