SPF, DKIM and DMARC

This article provides a brief overview of SPF, DKIM and DMARC including what they are, and what's required to set them up when sending via SMTP2GO.

SPF

What is SPF and how does it work?
Sender Policy Framework (SPF) tells receiving email servers which servers are authorized to send emails on the domain's behalf. If SPF checks fail, the email won't appear legitimate and may then be quarantined, bounced or filtered to spam/junk.

What is the importance of SPF?
SPF helps prevent email spoofing and phishing attacks by ensuring emails from your domain actually originated from your authorized sending servers. Further benefits include increasing email inbox deliverability, and online reputation protection.

How do I ensure SPF is set up when sending via SMTP2GO?
SPF is automatically taken care of by us when you verify your domain on the "Sending > Verified Senders > Sender domains" section of your account. To verify your domain, we provide you with three CNAME records to add to the domain's DNS settings. SPF is covered by the first CNAME record which is the subdomain used for the return-path address we set on your behalf.

Note: You do not need to update your domain's existing SPF record. We moved away from that requirement in 2019 once switching over to VERP and details regarding that can be found in this blog article.

In rare situations, a recipient server may not be capable of processing emails received that use VERP (typically only found in older systems such as email-to-fax services and email-to-SMS services) so in that case, please see our Maintaining the Return-path article which covers how to handle that.

DKIM

What is DKIM and how does it work?
DomainKeys Identified Mail (DKIM) is an email authentication method that uses a digital signature to let the recipient server know that the message was sent and authorized by the owner of a domain.
DKIM digitally signs outgoing emails with a unique private key linked to your domain (included in the email headers) and receiving email servers use your public key (published in your DNS) to verify the signature. This confirms the email is authentic and hasn't been tampered with in transit.

What is the importance of DKIM?
DKIM helps to prevent email spoofing (e.g. someone impersonating your email address to send phishing emails) and protects your domain/brand reputation by ensuring your emails are recognized as legitimate which in turn helps to improve email deliverability.

How do I ensure DKIM is set up when sending via SMTP2GO?
DKIM is automatically taken care of when you verify your sending domain on the "Sending > Verified Senders > Sender domains" section of your account and is covered by the second CNAME record.

If you do not verify the domain (e.g. you verify a From address as a single sender email instead), SMTP2GO signs all emails with our own DKIM signature. This means that some recipients will see emails as being delivered “via smtpcorp.com” or “via smtp2go.com” in certain mailing clients such as Gmail. Those emails may potentially appear in other inbox folders such as "Promotions".

For further insights into DKIM, view our DKIM Deepdive blog post.

DMARC

What is DMARC and how does it work?
Domain-based Message Authentication Reporting and Conformance (DMARC) is an email security standard that leverages SPF and DKIM checks to perform a more advanced validation on emails received. Its purpose is to provide better email security and protect domains from being used by unknown or untrusted sources, such as cybercriminals attempting phishing or spoofing attacks.

DMARC checks against SPF and DKIM, which is what SMTP2GO handles automatically when your sender domain is verified. If there is a misalignment between those, the DMARC record directs the recipient servers on what to do with the email based on the policy set within the DMARC record e.g. quarantine or reject. Domain owners can choose to receive reports of failures so they can then take action to ensure only trusted senders can send on behalf of the domain. Overall, it helps to protect your reputation and keep recipients safe. 

What is required for DMARC when sending via SMTP2GO?
It's important to note that DMARC is not handled by SMTP2GO directly and is a separate TXT record you need to add to the domain's DNS settings. A more detailed overview of DMARC can be found in our "DMARC - Secure Your Domain" article. You can set up DMARC for your domain yourself or you can take advantage of the many DMARC providers available such as PowerDMARC.

From February 1, 2024, onwards, Google and Yahoo are requiring that a sender has a DMARC record if they are sending more than 5,000 emails per day. If you are sending around that level or more, then a DMARC record is now something you must have.

How to test SPF, DKIM and DMARC

Many websites provide free tools to test including MXToolbox, dmarcian and DMARCLY.

A simple way to test is by sending an email to the free mail tester website. An email address is given for you to send an email to and after sending, you proceed through the website to check your score and other metrics of the email. The results include a section regarding authentication where you can see detailed information for SPF, DKIM and DMARC.

A similar free service "About My Email" also provides comprehensive information to analyze an email.


If you have further questions or need assistance with SPF, DKIM or DMARC when using SMTP2GO then please contact our award-winning support team for assistance.

Was this article helpful?

...