Improve your email deliverability with DMARC, SPF and DKIM

Categories Email Marketing

Spam email messages have been a plague since email became popular. Email providers, such as Gmail, have to make very difficult (and frequently incorrect) choices about which messages to deliver and which ones might harm users. As an email marketer, this can lead to messages not reaching their desired location, the inbox of your subscribers.

Amazon Simple Email Service, which EmailOctopus uses to deliver your emails, has very good delivery out of the box. Afterall, SES is used by household names such as Netflix, Uber and The Washington Post to deliver marketing and transactional emails. Although deliverability is already high, it’s always recommended to set-up additional safeguards to ensure emails aren’t incorrectly flagged by email providers. In the past few years, the following technologies have emerged that help you as a sender work with receiving mail servers to ensure that your mail gets where it needs to be. They are:

  • Sender Policy Framework (SPF)
  • DomainKeys Identified Mail (DKIM)
  • Domain-based Message Authentication, Reporting, and Conformance (DMARC)

Together, in simple terms: SPF, DKIM, and DMARC control which servers can send as your domain (SPF), authenticate a message, proving that you sent it (DKIM), and instruct recipients what to do if one or both of those checks fail (DMARC)

How to verify your domains

The instructions below are a walkthrough on how to add SPF, DKIM and DMARC to your Amazon SES account (which will then be picked up by EmailOctopus).

In this process there will be significant changes made to your DNS settings, we’d advise that you take great care and have sufficient technical knowledge to make these changes. It’s well worth familiarising yourself with how to make DNS changes before starting this guide. We also recommend keeping your DNS tab/window open, throughout the walkthrough.

Verify a new domain

First, we’ll need to log in to the AWS dashboard and navigate to the Amazon SES dashboard.

  • Click on the Verify a New Domain button.
  • Enter your domain name (domain.com)
  • Tick Generate DKIM Settings
  • Click Verify This Domain

DKIM

Generate DKIM DNS Entries

  • Now you should see the following screen with all of the DKIM DNS entries listed (NOTE, your values will be different from the screenshot).
  • Download the CSV containing the DNS records, and open it.

Apply records

  • You will need to apply the DNS records to your DNS. Instructions on how to do this for a few DNS providers are below. Often the DNS is hosted with the same company as that who provided your domain name.
    Godaddy
    1and1
    Enom
    Cloudflare

Verification Emails

  • Upon returning to the SES dashboard your domain should be listed as pending.
  • Once Amazon has completed verifying your domain they’ll send you an email notifying you of the success. This should take less than 5 minutes. You will receive an email for both Domain Verification and completed DKIM set-up.

Custom MAIL FROM Domain

Next up, you will need to set-up a custom Mail From domain. This will allow Amazon SES to mark emails as “coming from” your domain rather than from Amazon.

  • Click on your domain in the SES domain dashboard.
  • Click on Set MAIL FROM Domain
  • Create a new subdomain to use as your MAIL FROM domain. We use
    e.emailoctopus.com in this example.
  • Copy the DNS settings which appear, in the same way as you copied the records previously
  • Once Amazon is able to verify the DNS settings they will send you an email telling you that it has been successfully verified.

SPF-DMARC

  • Go to https://dmarc.postmarkapp.com/ to create your free account. This account will receive the daily ISP reports, which will then be sent to you on a weekly basis.
  • Enter your usual email address to receive your DMARC status reports
  • Enter the subdomain, as set-up previously, in the send reports about this domain field.
    Our example was e.emailoctopus.com
  • Now you should see a screen similar to this:
  • Copy the above DNS records into your DNS providers settings, and save them.

That’s it!

  • You’re now ready to send from your domain. You should be able to use any email address belonging to your domain.
    We use [email protected]

Thanks to Chrisanthropic for the inspiration on this guide. If using Route53 as your DNS provider we recommending viewing his guide.

1 thought on “Improve your email deliverability with DMARC, SPF and DKIM

Leave a Reply

Your email address will not be published. Required fields are marked *