Improving deliverability with SPF, DKIM and DMARC records

DWQA QuestionsCategory: Best PracticesImproving deliverability with SPF, DKIM and DMARC records
Charley Support Staff asked 4 years ago
1 Answers
Best Answer
Robert Thanh Parker Staff answered 4 years ago

Using SPF and DKIM

To ensure the highest possible deliverability rates and that messages actually reach your subscribers’ inboxes, we require that all accounts enable SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail) on their accounts.

These technologies provide a level of ‘authorization’ for us to send your email campaigns. To enable SPF and DKIM, you will need access to add DNS records as shown below to your DNS servers. This allows third-party servers like Gmail, AOL, Microsoft and others to double check that we really are sending emails for you, by you and with your explicit permission. You can think of this as a digital signature, which helps to ensure recipient email servers don’t reject your messages because they think it’s a phishing scam, spam or something else.

You probably know how easy it is for senders claim to be someone they’re not. It’s easy to forge an email’s from address. SPF and DKIM authentication provide a way to prove an email isn’t forged. This helps receiving servers control inbound spam and make sure your emails have a higher chance to make it to the inbox and not the spam folder.

There are a couple different ways to authenticate emails, and we support the industry standards: SPF and DKIM. SPF allows a domain owner to add a DNS record that the recipient server cross-checks to help ensure the mail was being sent legitimately. DKIM, also uses a DNS record, but is slightly more secure as it embeds authorization information within the actual email itself. This makes it more difficult to forge. Every email we send out should have both SPF and DKIM authorization.

SPF

In your domain’s DNS settings create a TXT record. Enter:

Host/Name: @

Put @ symbol under host or name category. You may need to enter your domain. DNS editors vary. Contact your hosting provider if you’re not sure how to correctly enter this.

Value: v=spf1 a mx include:rekko.com ~all

DNS settings should only have 1 SPF record. If there is an existing SPF record, just add include:rekko.com to the existing record. Make sure it is added before any IPs.

DKIM

Create a TXT record in your DNS with the following values:

Host/Name: api._domainkey
Value: k=rsa;t=s;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCbmGbQMzYeMvxwtNQoXN0waGYaciuKx8mtMh5czguT4EZlJXuCt6V+l56mmt3t68FEX5JJ0q4ijG71BGoFRkl87uJi7LrQt1ZZmZCvrEII0YO4mp8sDLXC8g1aUAoi8TJgxq2MJqCaMyj5kAm3Fdy2tzftPCV/lbdiJqmBnWKjtwIDAQAB

DMARC

DMARC gives you some control and reporting feedback on your email deliverability. It works in conjunction to SPF and DKIM and provides options and feedback on message deliverability. More info.

Here’s how you create the simplest DMARC record to start:

  1. Create a TXT record.
  2. Host/Name: _dmarc
  3. Value: v=DMARC1; p=none;

That’s a good starting point- you can modify the DMARC record with options as needed. See DMARC.org for more information and options.

I am providing links below to some of the more popular domain providers with links to access your DNS Records. If it’s not listed here, search the help documents.

Amazon Web Services: Configuring DNS, Resource Record Types
BlueHost: DNS Records
Dreamhost: SPF, DKIM
ehost: DNS Records
GoDaddy: Add a CNAME Record
Google Domains: DNS Basics
Hostgator: Manage DNS records
Hover: Edit DNS Record
iPage: SPF & DKIM
inMotion: SPF Records
Name.com: Manage DNS
Namecheap: SPF & DKIM
Network Solutions: Edit DNS Record
Register.com: SPF Records
Squarespace: Advanced DNS Settings
Stablehost: How do I get to cpanel?