Summary
Proper email deliverability relies on correctly setting up SPF, DKIM, and DMARC records, along with careful management of IP ranges, bounce handling, and monitoring through Google Postmaster Tools. SPF authenticates sending sources, DKIM ensures message integrity, and DMARC defines how to handle authentication failures. Key considerations include using a single SPF record, precise IP range specifications, proper syntax for SPF, managing bounces, implementing DMARC, and continuous monitoring for changes and potential issues.
Key findings
- SPF and DKIM Fundamentals: SPF verifies authorized sending IPs, and DKIM cryptographically signs emails to ensure message integrity.
- SPF Record Configuration: Use a single, correctly formatted SPF record, avoiding multiple entries or broad IP ranges.
- DKIM Implementation: DKIM uses a digital signature to ensure the email was sent by an authorised domain, and the content hasn't been altered during transit.
- DMARC Policy: DMARC provides instructions to receiving mail servers on how to handle emails that fail SPF and DKIM checks.
- Google Postmaster Tools: Google Postmaster Tools helps monitor sending reputation, spam rates, and other deliverability metrics.
- Bounce Management: Proper bounce handling is essential for maintaining a good sender reputation.
Key considerations
- Dynamic Infrastructure: Keep SPF records updated to reflect any changes in sending infrastructure.
- Security and Forging: Avoid listing entire colo spaces in SPF records to mitigate forging risks.
- Monitoring and Adaptation: Continuously monitor deliverability metrics and adapt authentication settings as needed.
- DNS Lookup Limits: Be mindful of DNS lookup limits in SPF records and consider SPF flattening to avoid exceeding them.
What email marketers say
10 marketer opinions
Properly setting up SPF and DKIM records, along with DMARC, is crucial for email deliverability. The process involves creating TXT records in your domain's DNS settings to authorize sending mail servers, ensuring correct SPF syntax, handling bounce messages effectively, and monitoring email authentication metrics. Key steps include consolidating multiple SPF records into one, using 'include:' mechanisms appropriately, managing IP ranges carefully, and verifying setup with Google Postmaster Tools. Additionally, it's important to handle bounce messages promptly to maintain a good sending reputation and monitor authentication metrics for continuous optimization.
Key opinions
- SPF Syntax: Use the correct syntax for combining SPF records and utilize 'include:' mechanisms properly. Avoid multiple SPF records; consolidate into one.
- DKIM Signature: DKIM adds a digital signature, verifying the email's authenticity and ensuring content integrity during transit.
- Bounce Handling: Properly handle bounces (hard and soft) to maintain sender reputation; implement a feedback loop.
- IP Ranges: Manage IP ranges carefully and only include authorized IP addresses in your SPF record.
- Google Postmaster Tools: Create a separate TXT record for Google Site Verification and use Google Postmaster Tools to monitor deliverability.
- SPF flattening: Consider SPF flattening to prevent DNS lookup limits being exceeded.
- DMARC Implementation: Implement DMARC for policy enforcement and to handle emails failing SPF and DKIM checks.
Key considerations
- Infrastructure Changes: Update SPF records whenever sending infrastructure changes to avoid authentication failures.
- Monitoring: Consistently monitor email authentication setup and deliverability metrics for continuous improvement.
- Impact of Setup Errors: Incorrectly configured SPF records can impact deliverability and sender reputation.
Marketer view
Email marketer from Stack Overflow clarifies that the correct SPF syntax involves using 'include:' mechanisms to reference other domains' SPF records and that using 'ip4:' and 'ip6:' mechanisms should be limited to only the IP addresses that you directly control.
17 May 2023 - Stack Overflow
Marketer view
Email marketer from Sendinblue explains that DKIM adds a digital signature to your emails, verifying that the email was sent by the authorized domain and that the message content hasn't been altered during transit, thereby improving email deliverability.
10 Jul 2021 - Sendinblue
What the experts say
4 expert opinions
Experts emphasize the importance of precise SPF record configuration to prevent deliverability issues. Key aspects include avoiding overly broad IP ranges (like entire colo spaces), ensuring accurate bounce handling based on the 5321.from address, maintaining up-to-date SPF records reflecting infrastructure changes, and adhering to DNS lookup limits. Implementing DMARC to handle authentication failures is also crucial for maximizing deliverability benefits.
Key opinions
- IP Range Specificity: Avoid listing entire colo spaces in SPF; use directly assigned IPs to prevent potential forging and poor deliverability.
- Bounce Handling Alignment: Align SPF records with bounce handling practices, particularly concerning the 5321.from address and NGP inclusion.
- SPF Record Maintenance: Keep SPF records updated to reflect infrastructure changes and sending sources to avoid authentication failures.
- DMARC Implementation: Implement DMARC (starting with 'p=none') to manage emails failing authentication, optimizing benefits for mailbox providers.
- Common SPF Mistakes: Multiple SPF records and exceeding DNS lookup limits can cause issues.
Key considerations
- Potential Forging Risks: Broad IP ranges in SPF increase the risk of domain forging and can negatively impact Gmail deliverability.
- Sender Authentication Strategy: Design your authentication strategy with clear directives for handling authentication failures.
- Ongoing SPF Management: Regularly review and update SPF records as your email infrastructure evolves.
Expert view
Expert from Email Geeks asks if the domain is used in the 5321.from address and whether bounces are correctly captured and sent back to NGP. Suggests that if not, an SPF record including NGP values may not be necessary for that domain.
21 Sep 2024 - Email Geeks
Expert view
Expert from Email Geeks advises against listing an entire colo space in the SPF record due to potential forging risks and recommends listing only directly assigned IPs. Mentions the potential of poor delivery at Gmail because of this type of error.
11 Nov 2024 - Email Geeks
What the documentation says
6 technical articles
The documentation highlights the importance of SPF and DKIM as key email authentication methods. SPF verifies that emails are sent from authorized IP addresses for a given domain, preventing sender address forging. DKIM uses cryptographic authentication to verify the sender's domain and message integrity. Maintaining only one SPF record is crucial. Google Postmaster Tools provides essential insights into email sending reputation and deliverability, while RFC documents offer technical specifications for both SPF and DKIM implementations.
Key findings
- SPF Purpose: SPF authenticates email by verifying if the sending IP is authorized by the domain's administrators.
- DKIM Purpose: DKIM verifies the sender's DNS domain and ensures message integrity through cryptographic authentication.
- Single SPF Record: Maintaining only one SPF record for a domain is essential.
- Postmaster Tools: Google Postmaster Tools helps monitor email sending reputation and identify deliverability issues.
- RFC Specifications: RFC 4408 and RFC 6376 provide technical details for SPF and DKIM standards, respectively.
Key considerations
- Implementation Complexity: Proper implementation requires understanding technical specifications of SPF and DKIM.
- Authentication Benefits: Using SPF and DKIM improves email deliverability and prevents sender address forging.
- Monitoring Importance: Regularly monitor sending reputation through Google Postmaster Tools to ensure continued deliverability.
Technical article
Documentation from Google Workspace Admin Help explains that Sender Policy Framework (SPF) is an email authentication method designed to detect forging sender addresses during the delivery of email. SPF allows receiving mail servers to check that a message claiming to come from a specific domain is submitted by an IP address authorized by that domain's administrators.
12 Apr 2023 - Google Workspace Admin Help
Technical article
Documentation from RFC 6376 specifies the DomainKeys Identified Mail (DKIM) Signatures standard, outlining the technical details of how DKIM signatures are generated, verified, and used to authenticate email messages.
1 Feb 2024 - RFC 6376
Are SPF, DKIM, and DMARC as important in B2B as in B2C email marketing?
How can I gain access to Google Postmaster Tools when my ESP controls the subdomain?
How can I improve SPF alignment and email deliverability when using Hubspot?
How can I optimize my SPF record to stay within the lookup limit when using multiple email sending services?
How do I properly set up a DMARC record on Wix and when should I change the policy?
How do I properly set up DMARC records and reporting for email authentication?
How do I set up an SPF record when using multiple email sending services?
What are SPF, DKIM, and DMARC, and when are they needed?
