Emails Going to Spam in 2024: SPF, DKIM, and DMARC Explained

Posted by Adem on May 31, 2024

For anyone who relies on email for personal or professional communication, ensuring that your messages land in the recipient's inbox is crucial. A common issue many face is emails not arriving as intended, often ending up in the spam or junk folder.

Starting February 2024, Gmail and Yahoo will impose DMARC policies on bulk senders (those who send over 5000 emails per day) as well as SPF and DKIM records on all senders. However, it's advised that all senders configure their SPF, DKIM and DMARC policies to help future-proof the forever-changing nature of email deliverability constraints.

This means mastering email deliverability is now a necessity and it requires an understanding of email authentication protocols: SPF, DKIM, and DMARC. These protocols boost your email credibility and protect against phishing and spoofing attacks. Let’s dive into what these protocols are, how they work, and how you can implement them.

What is SPF and How Does it Prevent Spam?

Understanding SPF

Think of a sender policy framework (SPF) record as a bouncer for your domain's email. It’s a type of DNS TXT record listing all the servers authorized to send emails from your domain. Without SPF, SMTP (the standard email protocol) can’t authenticate the “from” address, making it easy for attackers to impersonate you.

How does SPF work?

DNS Record: You publish an SPF record in your DNS, listing the authorized IP addresses.
Email Sending: When an email is sent, the recipient's server checks this SPF record via DNS.
Validation: The server compares the sender's IP address with the SPF record. If there's a match, the email passes; if not, it fails.

What does an SPF Record look like?

Name	Type	Content	TTL
yourdomain.tld	TXT	v=spf1 ip4:192.0.2.0 include:spf.protection.outlook.com -all	6000

v=spf1: Tells the server this is a SPF record; along with the version.
ip4:192.0.2.0: Authorizes this IP (192.0.2.0) to send emails.
include:spf.protection.outlook.com: This is an example that authorizes Outlook to send emails on your behalf.
-all: Denies any IP not listed from sending emails.

Why is SPF important?

SPF helps prevent spammers from using your domain to send unauthorized emails. It ensures that only legitimate servers can send emails on your behalf, reducing the likelihood of your emails being marked as spam.

What is DKIM and How Does it Protect Emails?

Understanding DKIM

DomainKeys Identified Mail (DKIM) is like a wax seal on a letter, ensuring the email is from the claimed sender and hasn’t been tampered with. It uses public key cryptography to achieve this.

How does DKIM work?

Digital Signature: When an email is sent, a private key generates a digital signature, added to the email header.
DNS Record: The corresponding public key is published in your DNS.
Verification: The recipient's server retrieves this public key to verify the signature. If it matches, the email is authentic.

Example DKIM DNS record

Name	Type	Content	TTL
default._domainkey.yourdomain.tld	TXT	v=DKIM1; k=rsa; p=	6000

default._domainkey.yourdomain.tld: Specifies the selector and domain.
v=DKIM1: Tells the server this is a DKIM record; along with the version.
k=rsa: Indicates the key type (RSA).
p=: The public key used for verifying the signature.

Why is DKIM important?

DKIM ensures your email content hasn’t been altered during transit and verifies the sender’s identity, providing an extra layer of trust.

What is DMARC and How Does it Work?

Understanding DMARC

Domain-based Message Authentication Reporting and Conformance (DMARC) builds on SPF and DKIM. It tells receiving servers how to handle emails that fail these checks and provides reporting for better monitoring.

How does DMARC work?

Policy Specification: Publish a DMARC policy in DNS, specifying actions for failed SPF/DKIM checks (e.g., reject, quarantine, none).
Alignment Check: Ensures the "From" header matches the domain in SPF and DKIM.
Reporting: Generates reports on authentication results and potential malicious activity.

Example DMARC DNS Record

Name	Type	Content	TTL
_dmarc.yourdomain.tld	TXT	v=DMARC1; p=quarantine; adkim=r; aspf=r; rua=mailto@yourdomain.tld	32600

v=DMARC1: Tells the server this is a DMARC record; along with the version.
p=quarantine: Indicates that email servers should "quarantine" emails that fail the DKIM and SPF checks; considering them to be potentially spam. Other possible values for this include "none" (allows emails that fail to still go through) and "reject" (instructs email servers to block emails that fail)
adkim=r: Indicates that the DKIM checks are "relaxed". The other possible value is "s", for Strict.
aspf=r: This is the same as adkim=r (above) but for SPF records.
rua=mailto@yourdomain.tld: Specifies the email address to receive aggregate reports.

Why is DMARC important?

DMARC provides clear instructions for handling failed authentication attempts, enhancing email security and monitoring.

How to Implement SPF, DKIM, and DMARC for Better Email Deliverability

Implementing these protocols is essential for protecting your email infrastructure. Here’s a step-by-step guide:

Set up SPF:

Identify all IP addresses and third-party services sending email for your domain.
Create and publish an SPF record in your DNS settings (see the example above).

Set up DKIM:

Generate a public/private key pair.
Publish the public key in your DNS settings (see the example above).
Configure your email server to sign outgoing emails with the private key.

Set up DMARC:

Create and publish a DMARC policy in your DNS settings (see the example above).
Specify how to handle emails failing SPF or DKIM checks.
Set up email addresses to receive DMARC reports.

By implementing these protocols, you can significantly reduce the risk of your emails being marked as spam and protect your domain against malicious attacks.

FAQs on SPF, DKIM, and DMARC

Why are my emails going to spam?

Emails can end up in spam due to lack of proper authentication, suspicious content, sending behavior, or blacklisted IP addresses. Implementing SPF, DKIM, and DMARC improves deliverability.

How do I check if my SPF, DKIM, and DMARC are correctly set up?

Use online tools like MXToolbox or your email provider’s diagnostics tools. I personally love using mail-tester for a detailed analysis of email configurations.

What happens if I don’t implement SPF, DKIM, and DMARC?

Without these protocols, your emails are more likely to be marked as spam or rejected. Your domain is also more vulnerable to spoofing and phishing, leading to potential blacklisting.

Can I use SPF, DKIM, and DMARC together?

Absolutely. Using SPF, DKIM, and DMARC together offers a comprehensive approach to email authentication, greatly enhancing deliverability and security.

Conclusion

Setting up SPF, DKIM, and DMARC might sound technical, but it’s worth the effort. These tools help your emails land in the inbox instead of the spam folder, protect your domain from scams, and keep your email reputation intact. By following some straightforward steps, you can make sure your emails are safe and sound.

blog comments powered by Disqus

Testimonials

Excellent work, delivered in a friendly and consultative way throughout the whole process. For a small company such as my own it was great to be guided through the process, and all my requests were responded to and I felt involved from start to finish.

Phil Saville, Rook Systems

Thank you all for the hard work, it has paid off, it looks good. The logo is great to promote the practice and the website we can be proud of. Thank you again.

Biddy Arnott, Group Analytic Practice Ltd

The deliveries are now incredibly clear and there is no more admin work on this side which is excellent. It’s amazing really and I think our customers enjoy knowing exactly when they are getting it unlike nearly every other furniture company out there! Thanks for this.

Jonathan Haskins, Get Laid Beds

We found Antropy to be very responsive and approachable to work with. They gladly took our own designs and transformed them into an easy-to-manage website. Communication was easy and any requests for change were promptly done. Many thanks for the work!

John Caiger, Matraxis

Just wanted to say a big thank you for all your help and support thus far. You've been absolutely brilliant. You've given me absolute confidence that when there is a problem it is sorted which really gives me peace of mind.

Tracy, FLUX

Good to work with, very straight forward

Grant Berry, Home World

Thanks for your hard work, it's very much appreciated.

Colin Farndale, CJF Motorcycles

Wow, I am speechless. Thank you so much, this is perfect !!!! Thank you, thank you !!!

Marios Pantelli, Sewing Machine Company

After many years of trying to update my website, dealing with problematic code, delays, etc, I found Antropy about 10 years ago. I can not say enough great things about the quality of their coding and stability of my website along with the professionalism of their staff. I now have a well functioning website that has stood the test of time. Our site is an e-commerce site so that having it up and running is crucial to our business. On the rare occasion that there is a problem with the site, Antropy's team is quick and responsive to finding the problem and fixing it quickly.

Lynn Reznick, Off The Mark

Always helpful and extremely responsive to any request and once the project has been rolled out they continue to assist you with great help and advice to make the most of your website

Jamie Chandler, Newvotek

We worked with Antropy on our new webshop at kikgoes.nl in the past months. We have enjoyed working with them because of their extensive knowledge of Opencart and the rapid pace of development. We regularly added requirements to the projects and we've never had anything that couldn't be done. We look forward to working with Antropy again for new projects or adjustments to our webshop!

Joël van Daalen, Kik Cycleparts

Merged two previously HUGE separate sites (website and webstore) into one streamlined website with integrated store, with improved social media and mailing list results. Joe helped communicate complicated jargon into simpler terms, solved issues/queries quickly, and the follow up support has been invaluable.

Jo, Cold Spring Records

Excellent company with outstanding knowledge of opencart and how to get the best from it. If you are looking for a reliable and professional company to work with I wouldn't hesitate to recommend these guys.

Ashley Morrison, Lockertek

Firstly, thanks ever so much to you and your team for getting these two sites up and running. It’s a pleasure to work with people who are so helpful and responsive to our requirements. We’re very happy with both sites and all seems to be working fine.

Aidan, Nauticalia

Antropy not only gave freely of their time to talk with me, they had the patience to teach me as we went along. They came up with various ideas that allowed me to choose what I liked best and with their guidance we got exactly the website we dreamed about.

David, RC Geeks

We recently started using Antropy for our OpenCart website as internal IT is swamped and we needed back up and they have been great. Work is quick and efficient, we never need to ask for something twice and communication is good. Gives us confidence that when we need something to be done, it will be and to a high standard.

Dominic Old, The Wasabi Company

Thanks again for all your hard work on the 3D renders … the results have been fantastic and I look forward to working together again in the future.

Kim, Kimberley-Jane: Design

Very impressed with the quick service! There is nothing more we need help with right now but we would certainly use you in the future for other issues or alterations we may have. Thank you very much!

Jemma, Aquafayre

Taken on both smaller and large projects to a very high standard. Delivered on time, with a professional level of service. Always better than we envisioned. Staff are always ready to help with any issues we have. Really pleased with the results of Antropy, and hopefully we can do more business together in the future!

Josh, Toyland Toyshop

We are really delighted with the finished product, it has far exceeded our expectations... Many thanks again for your support and setting up what I feel is the best Alzheimer's website in the country.

Lynne, MK Alzheimer's