How to use SPF and DKIM
By using SPF and DKIM you help with minimizing SPAM worldwide. In addition, your newsletters achieve better delivery capacity. MarketingPlatform always recommends SPF, and for larger customers, also DKIM.What is SPF?
Let’s start by looking at what SPF is. SPF stands for Sender Policy Framework. It is about making a small change in the DNS settings on a domain.
- Purpose: To verify whether an email is legitimate or spam
- SPF contains information on host names and IP addresses
- The mail server that receives email checks SPF record in DNS lookup for a domain that the email claims to send from
- One changes a DNS record of TXT type
It is important that your SPF record is correct. Both in relation to your “handwritten” emails and newsletters. Otherwise, your company will find that emails are not delivered, end up in the SPAM folder or get a SPAM label in the inbox.
Many suppliers of email marketing solutions do not use the time on this setup, or they use a one-size-fits-all model, where the sender’s reputation is shared between all the customers in the company. Your company must be particularly careful in avoiding this solution. It means that the sensitivity to other email marketing suppliers’ customers becomes very high, but equally bad is the fact that you get connected to the supplier. If your company wants to change supplier, and your emails have been sent out as a firstname.lastname@example.org, your good reputation will, seen from, for example, Hotmail, Gmail and SPAM filter providers be inextricably linked to that provider.
At MarketingPlatform we take no shortcuts. We let you send from, for example, email@example.com, and recommend that you set up SPF correctly from your business domain.com and possibly also DKIM. In that way, your company earns itself “points” for good behavior, and your binding to MarketingPlatform does not become artificial. We would like to see you alone as customers of MarketingPlatform because we bring value to our business.
In the example above, we left mailmailmail.net to be the actual sender (SPF), while mailplatform.dk signs the email in relation to DKIM. Most often, the customer’s own domain will be both “sent by” and “signed off”, but in special cases, Gmail, Yahoo and other clients who can display the values may choose to add MarketingPlatform’s server address to the value greater than the sender’s domain.
To verify the setup of SPF, we recommend the MX Toolbox, see example here: https://mxtoolbox.com/SuperTool.aspx?action=spf:mailplatform.dk&run=networktools
The service from Dmarcian is a slight better than the MX Toolbox, it also validates on number of entries: https://dmarcian.com/spf-survey/mailplatform.dk
It is VERY IMPORTANT that the number of listings remains below 10. If this is not the case, the SPF record will, even if it is valid, fail, and you will be better off with no SPF record.
How to set up an SPF record
It is in fact quite simple and goes as a part of the domain administration. Therefore, access will typically be with an online or IT manager in larger companies. Several companies have outsourced this handling to the provider. Among the big Danish provider of domain names are FreeDNS, TDC (TDC Webmore), Dandomain, ScanNet, WannaFind, SurfTown and SpeedNames.
In practical terms, adding SPF is done by first defining the correct SPF string.
A string where MarketingPlatform alone sends newsletters from the domain looks like this:v=spf1 include:mailmailmail.net -all
Understandably, the SPF value above is read as follows: v means value which is equal to spf1 – that is, we define that here comes an SPF record which includes mailmailmail.net and forbids everyone else to send emails from that domain. In the real world, the domain is rarely used for anything other than newsletters. However, we recommend ~all at the end of the string, unless you are sure that no other mail servers are used for the domain.
How to find your existing SPF data
Dmarcian has created an excellent Wizard that reads your existing SPF values and prepares the work to define a new or correct existing SPF record.
In outsourced Domains is stated: mailmailmail.net
Often choose to send emails from the A and MX values. If your business applies hosted Outlook from Microsoft, this must be added: include:outlook.com include:spf.messaging.microsoft.com ((with Office 365 is: include:spf.protection.outlook.com) if Google Apps is applied (Gmail for businesses), this must be addedinclude:_spf.google.com
Examples of SPF records
If your business is using Google Apps and MarketingPlatform, the SPF string must be set up as follows: v=spf1 a mx include:_spf.google.com include:mailmailmail.net -all
If your business is using Outlook.com and MarketingPlatform, the SPF string must be set up as follows: v=spf1 a mx include:outlook.com include:spf.messaging.microsoft.com include:mailmailmail.net -all
Unfortunately, some companies do not have full control of, which mail servers employees use to send an email. If there are rejections with –all then ~all can be used. The technical explanation is that ~means soft fail while – means hard fail. An SPF record with hard fail is added much more value.
Contact your domain provider if you are unsure how to modify the SPF. At MarketingPlatform, we always help define your SPF record. Contact our support at firstname.lastname@example.org.
You can verify with Dmarcian if your SPF record is valid: https://dmarcian.com/spf-
DKIM setup and values
Let us start by explaining what DKIM is.
What is DKIM?
DKIM stands for DomainKeys Indentified Mail
- DKIM is a form of digital signature – a signature of an email that is sent
- DKIM allows you to associate a domain name with a sent email (i.e. an email sent from @ marketingplatform.com actually originates from MarketingPlatform)
- It is a protocol that allows an organization to take responsibility for sending a message in such a way so that it can be approved by email providers
- A DNS record of TNX type
A DKIM record consists of 2 different records. The actual encrypted value and a kind of verification value. DKIM consists of the public value that is added to your company’s domain and a value in the header of all emails sent with MarketingPlatform (if DKIM is set up). The value in the header of the email is the private value that is only found on our secured servers, combined with the sender’s and recipient’s email address.
While SPF tells who may send emails on behalf of a given domain, DKIM verifies that the sender is the right person.
Protodave has made an excellent validator for DKIM records: https://protodave.com/tools/dkim-key-checker/
Contact MarketingPlatform support at email@example.com to receive DKIM records for your domain.