Email Deliverability Guide – Ensuring your emails reach the inbox

Why Emails Go to Spam

Ever wondered why your carefully crafted emails end up in the dreaded spam folder? It’s a common frustration, but understanding the reasons behind it is the first step to improving your email deliverability. Internet Service Providers (ISPs) and email providers use sophisticated spam filters to protect their users from malicious content, phishing attempts, and unwanted marketing. These filters analyze various factors, including:

Sender Reputation: Your email sending history matters. A poor reputation signals to ISPs that your emails are likely spam.
Email Content: Spam filters scan for spammy keywords, excessive links, and poor formatting.
Authentication: Lack of proper authentication (SPF, DKIM, DMARC) makes your emails look suspicious.
User Engagement: Low open rates and high spam complaints negatively impact your sender reputation.

This guide focuses on the critical role of DNS settings and email authentication protocols (SPF, DKIM, and DMARC) in ensuring your emails reach the inbox.

The Pillars of Email Authentication

Think of SPF, DKIM, and DMARC as the pillars that support your email’s credibility. Implementing these protocols correctly tells email providers that you are who you say you are and that you’re authorized to send emails on behalf of your domain.

SPF (Sender Policy Framework)

Verifies which mail servers are authorized to send emails from your domain.
Prevents spammers from using your domain to send forged emails.
Added as a TXT record in your DNS settings.

SPF is like a guest list for your email domain. It specifies which IP addresses are permitted to send emails using your domain name. When an email is sent, the recipient’s mail server checks the SPF record to ensure that the sending server is authorized. If the sending server isn’t on the list, the email is more likely to be flagged as spam. A properly configured SPF record significantly reduces the chances of spammers spoofing your domain.

DKIM (DomainKeys Identified Mail)

Adds a digital signature to your outgoing emails.
Allows recipient mail servers to verify the email’s authenticity.
Uses cryptographic keys to ensure the email hasn’t been tampered with during transit.
Added as a TXT record in your DNS settings.

DKIM is a digital signature that proves your email’s authenticity. It uses a private key to encrypt a portion of the email, and a corresponding public key is stored in your DNS record. When the recipient’s mail server receives the email, it uses the public key to decrypt the signature and verify that the email hasn’t been altered during transit. DKIM helps prevent email spoofing and phishing attacks by ensuring the email’s integrity.

DMARC (Domain-based Message Authentication, Reporting & Conformance)

Tells recipient mail servers what to do with emails that fail SPF and DKIM checks (e.g., reject, quarantine, or accept).
Provides reporting mechanisms to monitor email sending practices.
Helps protect your domain from being used in phishing and spoofing attacks.
Added as a TXT record in your DNS settings.

DMARC builds upon SPF and DKIM by providing a policy that tells recipient mail servers how to handle emails that fail authentication checks. You can instruct servers to reject, quarantine, or accept emails that don’t pass SPF and DKIM. DMARC also provides reporting, allowing you to monitor your email sending practices and identify potential issues. By implementing DMARC, you gain greater control over your email domain’s reputation and protect it from being used for malicious purposes.

Step-by-Step Guide to Setting Up SPF, DKIM, and DMARC

Before you start, you’ll need access to your domain’s DNS settings. This is usually managed through your domain registrar or hosting provider.

1. SPF Configuration:

Identify your sending sources: Determine all the servers and services that send emails on behalf of your domain (e.g., your email server, marketing automation platform, CRM).
Create your SPF record: Use the SPF syntax to define authorized sending sources. For example:
- This record allows emails from example.com and SendGrid. The mechanism indicates that any server not explicitly listed should be rejected.
Add the SPF record to your DNS: Create a TXT record with the following values:
- Name/Host: or leave blank (depending on your DNS provider)
- Type:
- Value: Your SPF record (e.g., )

2. DKIM Configuration:

Generate a DKIM key pair: Your email sending service or server usually provides tools to generate a DKIM key pair (a public key and a private key).
Add the public key to your DNS: Create a TXT record with the following values:
- Name/Host: This will be provided by your email sending service (e.g., )
- Type:
- Value: Your DKIM public key (a long string of characters)
Enable DKIM signing: Configure your email sending service or server to use the private key to sign outgoing emails.

3. DMARC Configuration:

Decide on your DMARC policy: Choose how you want recipient mail servers to handle emails that fail SPF and DKIM checks:
- : Collect data and monitor email sending practices without taking action.
- : Move failing emails to the spam folder.
- : Reject failing emails.
Create your DMARC record: Use the DMARC syntax to define your policy and reporting preferences. For example:
- This record sets the policy to (monitoring only) and specifies an email address for receiving DMARC reports.
Add the DMARC record to your DNS: Create a TXT record with the following values:
- Name/Host:
- Type:
- Value: Your DMARC record (e.g., )

Testing and Monitoring

After setting up SPF, DKIM, and DMARC, it’s crucial to test your configuration and monitor your email deliverability. Here’s how:

Use online SPF, DKIM, and DMARC checkers: These tools can verify that your DNS records are correctly configured.
Send test emails: Send emails to different email providers (Gmail, Yahoo, Outlook) and check if they land in the inbox or spam folder.
Analyze DMARC reports: Regularly review the DMARC reports you receive to identify any authentication failures and potential issues.
Monitor your sender reputation: Use tools like Google Postmaster Tools to track your sender reputation and identify any negative trends.

Additional Tips for Improved Deliverability

Beyond SPF, DKIM, and DMARC, consider these additional tips to enhance your email deliverability:

Maintain a clean email list: Regularly remove inactive or invalid email addresses.
Use double opt-in: Require users to confirm their email address before adding them to your list.
Avoid spammy content: Use clear and concise language, avoid excessive links, and don’t use ALL CAPS.
Personalize your emails: Tailor your messages to individual recipients.
Provide an easy way to unsubscribe: Make it simple for users to opt out of your emails.
Warm up your IP address: If you’re using a new IP address for sending emails, gradually increase your sending volume over time.
Be patient: Building a good sender reputation takes time and consistent effort.

Conclusion

Implementing SPF, DKIM, and DMARC is essential for ensuring your emails reach the inbox and protecting your domain from malicious use. By following the steps outlined in this guide and continuously monitoring your email deliverability, you can significantly improve your chances of landing in front of your audience.