SPF, DKIM, DMARC Records and Google
We have been receiving a number of support requests recently from panicking customers asking us a number of questions about abbreviations that they had previously never come across.
They have heard on the grapevine that beginning in February 2024; Gmail and Yahoo will be getting stricter with email senders and will require any bulk senders sending more than 5,000 emails per day to have valid SPF, DKIM and DMARC records in place.
Non-bulk senders aren’t required to have a DMARC record in place but should still have valid SPF and DKIM records set up to ensure emails have the best chance of reaching the recipients’ mailbox.
So what does it mean for you and, if needed, how do you get those pesky DNS records set up?
So to tackle the first talking point – the DMARC record for senders sending more than 5,000 emails per day.
Side note: D9 Hosting doesn’t allow bulk sending on any of our shared, reseller, or VPS plans and any bulk sending from dedicated servers must fully comply with the CAN-SPAM act.
DMARC (domain-based message authentication reporting and conformance) is used to tell receiving mail servers how to handle emails that appear to have come from your domain name but don’t confirm to your SPF and/or DKIM record. You can also choose to have reports of any mails that don’t conform to your DNS and/or DKIM sent to a designated email address.
Even though a DMARC record is only require for bulk senders (for now) it still isn’t a bad idea to set one up anyway even if you only send low volumes of mail.
The easiest way to do this is to first build your DMARC record using this handy tool. Once built, it will look something like our example below:
v=DMARC1; p=quarantine; rua=mailto:[email protected]; aspf=s;
You then need to add the DMARC record to your DNS zone. If you host your DNS zone with D9 Hosting then you can add this record by logging into cPanel and clicking on the “Zone Editor” icon.
From there click on “Manage” next to the domain name you wish to add the record for and proceed to add a new “TXT” record. You can add the record in the format below – remember to enter the record you generated in the previous step and NOT the one in the screenshot below, the screenshot below is a generic example.
Once you have added the record, click on save and your DMARC record is good to go.
Next up lets cover SPF and DKIM records.
A SPF (Sender Policy Framework) record defines IP addresses that are allowed to send email from your domain name. If a receiving mail server receives an email from your domain that hasn’t originated from an IP address listed in your SPF record it will fail the SPF check and will likely be placed in the receivers spam folder or be rejected altogether.
A DKIM (DomainKeys Identified Mail) record adds a digital signature to outgoing emails. Receiving mail servers that get messages signed with DKIM can verify messages actually came from the sender, and not someone impersonating the sender. DKIM also checks to make sure message contents aren’t changed after the message has been sent.
If your DNS zone is hosted with D9 Hosting then you should find these records have already been set up for you automatically. You can check if this is the case by logging into cPanel and clicking on the “Email Deliverability” icon. From there click on “Manage” next to the domain you want to check.
If you see a message saying that either the SPF or DKIM records are invalid simply click on the “Install suggested record” button to install the needed DNS record for both SPF and DKIM and you’re all set.
If you would like a more detailed guide on setting up SPF and DKIM records using cPanel then please check out the guides below.
How to install a SPF record in cPanel
How to install a DKIM record in cPanel
Note: If you host your DNS zone with a 3rd party such as Cloudflare then you can copy/paste the DNS records shown in the SPF and DKIM management page in cPanel into the 3rd party DNS zone file.
If you want to verify any of your DMARC, DKIM or SPF records have been successfully added then you can use this 3rd party verification tool.
With all of the three mysterious DNS records in place you should now be able to get your emails through to Gmail and Yahoo inboxes but if you would like a more robust solution, we do offer business class exchange online or Google Workspace mailboxes. Please get in touch for more details.