If you landed on this page you are in email marketing and probably have email deliverability issues. Today I will show you what email DNS records you should add to make sure emails are delivered to your email subscribers.
There are 3 main records you have to add in order to work everything properly for email to be delivered: SPF, DKIM and DMARC.
What is SPF record
SPF record stands for Sender Policy Framework. This record will show what IP’s and hosts are allowed to send emails on behalf of your domain (if so). If there are no policies anyone can pretend to be “you” and send emails using your domain name.
How to add SPF record
In order to add SPF records you have to add a DNS (Domain Name Service) record. Depends from your specific case:
Let’s say you have bought a domain via Namecheap registrar and pointing all records to your server. Then you have to connect to your Registrar and add new records.
I usually like to point domain names from registrar to Cloudflare and just then to add all records.
You will need to add TXT type record where name will be your domain name
E.g. Name: example.com
If you want to send emails just from your own domain/IP then your record (value) should look like this:
v=spf1 mx a include:example.com -all
Sending emails via third party like GetResponse and others I suggest to search their knowledge base, because usually they care about customers and there will be an article about it with clear instructions. In my case
v=spf1 mx a include:_spf.getresponse.com -all
If you don’t plan to send emails via your own domain add the record below in order to stop spammers using your brand domain name.
Usually I use a third party email autoresponder, but still sometimes I need to communicate with email subscribers “one on one” as well. This is not really possible as most third party tools don't have a “chat” function to send emails forwards and backwards. In this case you want to add an SPF record from your third party plus IP of your website host. Now connect to your hosting and find out what IP address is used to host your website.
v=spf1 mx a include:_spf.getresponse.com ip4:192.168.0.2 -all
The operator “all” may be executed in four ways
Fail- Servers/IP’s/domains not included in this record will not be able to send emails. Anyone who try to send using your domain name will be rejected. (in most cases you will use this policy)
Softfail- If emails send using this operator and servers/ IP’s not included in the record, then emails still be delivered but marked. (not recommended)
Allow all servers to send email (I don’t recommend use this in any case)
Neutral- no policy at all (don’t use unless testing)
What is DKIM record
DKIM stands for DomainKeys Identified Email. This record validates that the company/domain has a right to send emails using special keys (public and private).
How to add DKIM record
You will need to add one TXT record to your DNS settings where “name” will be your selector and the value will be your public DKIM key.
When you’re using third party service then DKIM settings should be ready waiting for you to be added. Search knowledge base on how to access it and add (all instructions).
In my case I’m using GetResponse and can’t access private key, just a public key. So DNS record looks like this
Value: v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCoYdyGzjSszi4caBkAFgiHUCq9G9ooP62Bua78M9A0Ptr4zSYOPq+2fXqoNDbvVbkN4yGQNwGxecK3uCrSD5VMwk1DiYV99yg8mdYi5J2gftVp1sZ5mYaScO0aUy9AGkzUVWu3zl/D3azexMMOYR7MMo
What is DMARC record
DMARC stands for Domain-based Message Authentication, Reporting & Conformance. This record is like a rule, which identify if SPF and DKIM passed or failed and what to do next.
How to add DMARC record
You will have to add TXT record to your DNS.
There may be 3 policy configurations to this record
Monitor policy: p=none
None policy is good when you want just to monitor, gather reports and analyze.
Quarantine policy: p=quarantine
All emails which fail SPF and DKIM will be send to spam folder and will not reach recipient “inbox”.
Reject policy: p=reject
All emails which fail SPF and DKIM will not reach recipient at all (this is best policy to prevent email spoofing).
Means all aggregated DMARC reports about messages will be send to selected email address.
Means all failing or partially failing (SPF or DKIM) message reports will be send to selected email address.