Oftentimes, keeping your customers or prospects informed on your latest offers can be quite demanding, if not downright difficult! With SPAM filters getting stricter by the day, you run the risk of not having your carefully-crafted newsletter delivered or buried in the SPAM folder.So what is there to do? Is there a way to make sure your emails will reach their intended targets? Well, the first thing that affects your email delivery rate can be found in your email client settings. If the settings are not correct, SPAM filters will pick up your emails, regardless of how you build them. To improve email delivery, you must check your SPF, DKIM DNS records settings. These are used as a method of authentication by email servers
What are SPF and DKIM?
If you’re not a technical person or you’ve never dealt with email settings before, it’s extremely likely that these are only gibberish. So let’s have a look at each and explain what they do.SPF or Sender Policy Framework is the protocol that checks you are who you say you are. This is the one preventing people sending emails in your behalf by identifying which IP addresses are the ones belonging to your domain.For example, if you wouldn’t have SPF set up, the communication between your email server and the server of the person you’re sending the message to, would go something like this:
You: Hello Person_name, I am Adrian.
Person: Hello, what’s your ID?
You: I don’t actually have one, but you should absolutely trust me.
Person: I am sorry, but in this case I can’t let you in. Without proper ID, I can’t know you are who you say you are
After this conversation between servers, your email will be denied delivery. Now, let’s imagine you do have the SPF set up. Here’s how the discussion would go:
You: Hello Person_name, I am Adrian.
Person: Hello, what’s your ID?
Your: Here it is, I have a list of accepted IP addresses, declared by the owner of this account.
Person: Ok, let me check… Yes, everything seems in order. Your message will be delivered.
How to set SPF on your server?
The SPF is easy to set up. All you have to do is make sure all the email clients you’re using, with an SMTP different than yours, are included in the SPF. For instance, if you’re using Google Workspace, you should put Google in your SPF. Other apps to include in your SPF:
Your businesses website (so the forms would work properly)
Email marketing platforms, e.g Mailchimp
Line of Business Software or ticketing system, e.g Autotask
Any other websites that email out with your domain
Email signature management, e.g Black Pearl Mail
The first step towards setting your SPF, is to check if you already have a SPF record and if it’s correct. You can use a tool like MxToolbox to give you the result; When you type in your domain in this tool (for instance I would type in onsitehelper.com), the tools will run some tests and show you your current SPF, or a notification that it hasn’t been set yet.Since the settings are different from one administrative console to another, it’s difficult to have a clear set of instructions for SPF setting. But, it’s mostly about pasting a properly structured line of text in the right place in the console.For instance, if you are using Google Workspace to send all emails from your domain, the line would look like this:v=”spf1 include:_spf.google.com ~all”Now,if you’re using more apps (one for newsletters, one for your support messages, and one for special offers), the line will be a bit longer, because you will have to include all the other apps. Or if you don’t use Google Workspace but a server from another host, for instance Office 365, the line will look different.The best idea is to ask someone who knows how to set an SPF, as they will know how to correctly write the line and where to insert it.
What is DKIM?
Moving on with the settings, we reach DKIM, or DomainKeys Identified Mail standard. Its role is similar to the one of SPF, and it can be seen as an additional identification process. This way, if someone manages to go past your SPF, they will hit a wall with DKIM.DKIM works as an additional signature, included in the header of your message, and the identification process happens during the encrypting and decrypting of it. For this, you need two keys:
A private key which you use to encrypt your messages;
A public key which resides in your DNS records and decrypts the hidden signature in the header of your message.
As long as the private key is only known by you, the DKIM system will not fail in providing secure authentication. Now, to set up the DKIM in your server’s records, you must insert the information about the public key. This comes as a txt record that must be placed at the right location in order to be effective.For this, you must first generate the public key (this is done from your email provider admin console). Now, depending on your email provider, the steps that follow will be different.Quick tip: If you’re using Google Workspace to send emails, here’s a step-by-step guide. You should also know that, for Google Workspace, DKIM signatures are turned off by default, so you need to turn them on manually in your Google Admin console.Once you have the public key, take the generated txt record and paste it in the right place into your DNS records. The final step is to turn on email signing, so your encrypted signature should be included. Here’s how to do it, if you’re using Google Workspace for sending emails.We advise you to ask someone who is skilled in setting DKIM in your DNS and email. This way you can be sure everything is done correctly and your emails will be stronger against any malicious activities. It will also improve your email delivery rate.
Domain reputation is crucial when you want to make sure your emails reach their intended targets!So, make sure you do everything in your power to stay away from SPAM filters. Setting SPF and DKIM records properly on your DNS server is quite a necessary step in this direction, so make sure to be up to date with everything.
DKIM has higher security requirements then SPF an example of this is a Gsuite business with a Google SPF record. A spoofer (someone pretending to email as you) could potentially use Gooogle's mail server to send out from and it would work as Google is allowed in SPF. If DKIM was used, the spoofer could not use this method as they would require the Google Workspace private key which can only be created from the Google Workspace admin console.
We know that, to a non-tech person, it may seem difficult to do all these settings, but to someone savvy in the niche, it’s quite easy. So, if you don’t have an IT guy to help you out, reach out to specialists. The team here at Onsite Helper is always ready to step up and give you a hand!
Onsite Helper services clients from a range of professions and we are experts at providing tailored integrated solutions that do not cost the Earth! We understand your business profession and from experience know what you’re generally looking for.
Fill out the form below so we can sit down and have a chat.
Ever wondered how your IT universe stacks up? Drop us a line, and we’ll help paint you a picture.
Our customers love us, we know you will too. Proven track record of customer satisfaction
Your Goals are our Goals
Get connected with Tech guys in the know
We will keep you up to date and communicate in plain english - no IT Jargon
When it comes to your business, security is our #1 priority!
OSH Managed Services Package Comparison
Cloud Hybrid Managed
Virtual CTO (Chief Technology Officer)
Service Level Agreement (SLA) Within 4 hours response