SPF, DKIM and DMARC: What are they and why are they important?
In February 2024 Google will introduce many new requirements for bulk senders. Some of them are; to keep spam rates below 0.3%, to ensure users can unsubscribe with just one click (writers note: OMG! YES! No more annoying unsubscribe forms or a 10,000 word essay on why unsubscribing is bad for you), among other requirements.
These new rules for bulk senders have sparked email senders to implement SPF, DKIM, and DMARC email authentication methods. But what exactly are they and why are they important?
SPF, DKIM and DMARC: Why are they important?
SPF, DKIM and DMARC are the holy trinity of email authentication. These wonderful acronyms help prevent spammers, phishers and unauthorised parties from sending emails on your behalf.
Not only do they help prevent spammers from impersonating you but domains that have yet to set up SPF, DKIM and DMARC will find that their emails may often land in spam.
What are they and how do they work?
Send Policy Framework (SPF), like an employee directory, gives your domain a list of servers they send emails from and trust. This list contains all the IP addresses of the servers allowed to send from your domain, when an email is received your mail servers can check it against the SPF record before allowing it into the recipient’s mailbox.
For example “@newzapp.com” is our domain, within our SPF record are all the individual email addresses and IP addresses of our employees. So when we send an email to each other the mail server sees that we are within the SPF record and confirms that we are a safe sender.
DomainKeys Identified Mail (DKIM) adds an authentication layer that confirms the email has not been tampered with in transit.
More specifically a DKIM attaches two keys to an email, one private and one public, which are stored in a DKIM record. A private key acts as the digital signature confirming that the email is authenticated. The Public key is used by the receiving mail server to verify the sender’s private key was used.
Domain-based Message Authentication Reporting and Conformance (DMARC), while this sounds incredibly complicated is the most simple out of the three. DMARC instructs the mail server to reject or deliver emails that fail SPF or DKIM (or both). DMARC can also include instructions that inform the domain administration about which emails are passing and failing the checks. This gives the domain administrators the information to adjust their DMARC policies where needed.
Why are they Important
As an organisation that sends emails, SPF, DKIM and DMARC give you extra layers of confidence that your emails will reach their destination. Having a DKIM on your DNS (Domain Name System) tells those servers that the email you are sending through NewZapp, or another third-party email provider, is valid. The DKIM key unlocks the door to inboxes!
What does that mean in my inbox?
Let’s take a look at these two examples, the first is an email with a DKIM installed:
Everything was as you would expect, no “via” in the from box. A perfectly safe arrival in the inbox with no warnings.
So, let’s take a look at a fail…
We have a DKIM set up on our domain newzapp.com, so we can send out emails safely.
This failed email was sent by our marketing team, even the best in the business can have a bad day! Because the ‘from’ email address was spelt wrong. (newapp.com instead of newzapp.com) it failed verification, causing it to:
- Fail DKIM authentication setup on our newzapp.com domain
- Add a “via” message to the ‘from’ email address
- Issue a verification warning
- Arrive in my junk folder.
What did that mean to the campaign?
In short, an epic fail! The open rate was just 5%
The lack of authentication resulted in most of the emails going into junk and the problem was correctly identified by an eagle-eyed NewZapp customer the day after (gold star for them!)
To solve this problem we:
- corrected the ‘from’ email address so the DKIM worked
- created a segment of non-openers
- Made the Marketing Exec who sent the original email make the tea all day
- Resent the email to the new segment
The result was a 140% increase in opens!
How do I get my hands on these authentication layers?
If you are a NewZapp Customer, follow our help centre’s steps to set up your SPF and DMARC records: Setting up your SPF and DMARC records. (newzappcommunications.co.uk)
DKIM requires more groundwork, as such whether you are a NewZapp customer or want a better more secure way of sending, contact us at firstname.lastname@example.org and we will give you more information on purchasing a DKIM from us.
If you are not a NewZapp customer and want an email platform with security like Fort Knox Book a Demo and we will walk you through the platform and how it can benefit you.
Share This Post
Passionate in helping internal communicators reach and engage their organisation’s employees.
Most companies don’t think about deliverability until they have a problem and yet it’s one of the most important factors in email marketing.