Purpose:
The purpose of this article is to provide information to Outreach Users regarding SPF records and DKIM.
Intended Audience:
- Outreach Users
What is SPF?
SPF (Sender Policy Framework) records give a mail server information about where an email should be coming from to prevent spoofing. When an email is received, the IP address of the sending mail server is embedded in the message, much like a postmark on an envelope contains the city it was sent from. An SPF record lists the IP address or IP range that the legitimate email server uses; if a mail comes from somewhere that isn’t listed in the SPF record, the incoming server can assume it was spoofed or otherwise illegitimate and reject it as spam.
Do I have an SPF record for my email address?
You can find out if this is already set up by asking your domain or mail administrator, but you can also do a quick check yourself to see if this record already exists. To do so, you can do a search for TXT records here:
https://toolbox.googleapps.com/apps/dig/#TXT/
Enter just the domain from your email address in the box on this page. For example, if your email address is gordon.schumway@outreach.io, you would enter just outreach.io in this box. You’ll get a result that looks like this:
The SPF record (if you have one) is the record that begins with “v=spf1”. However, you won’t know if this record is correct for your domain without checking with your email provider. If you send mail from many different sources, this record could be quite complex, but the major email providers provide some information about the correct records for their services. You can see the right records for Gmail here:
https://support.google.com/a/answer/178723?hl=en&ref_topic=2759192
You can see the right records for Office 365 here:
https://technet.microsoft.com/en-us/library/dn789058(v=exchg.150).aspx
Having the wrong record can be worse than no record at all, so be sure that this has been updated if you’ve recently changed email providers.
Help! My SPF record is incorrect or missing! How do I fix it?
If your SPF record is incorrect or missing, you’ll need to update this in your domain’s DNS records. To do this, you’ll need to check with your domain’s DNS provider, which is most often the registrar where you purchased the domain. Each provider will have different ways of entering this information, but they can all help in adding a TXT record to your domain containing the correct information. Once you’ve added or edited the record, it can sometimes take a few hours for the new record to propagate fully and be available to all mail servers. Your DNS provider can give you more information about this.
What is DKIM?
DKIM (Domain Keys Identified Mail) is the process of using public key cryptography to encrypt all or part of your email. Your mail server will use a private key to encrypt the data and receiving email servers can get the corresponding public key to decrypt it, ensuring that your email is genuinely sent from your domain and hasn’t been altered. This will contribute positively toward your anti-spam score for mail providers that use this.
Am I already using DKIM?
This is harder to check, as you would need to know the selector for your DKIM key and this could be anything chosen by your mail administrator. If you have access to your domain’s DNS records, you can see if you are already using DKIM by looking for a record that looks like:
selector._domainkey 3600 IN TXT “v=DKIM1; k=rsa; p=[lots of random looking symbols]”
Where selector is the string chosen by your mail administrator to correspond with the DKIM policy activated by your mail service. If you are already using DKIM, it’s very important not to change any part of this record, as it needs to correctly correspond to your current mail policy.
How do I start using DKIM?
Much more so than SPF, this requires cooperation from your email provider, so the records and changes you might need to make will be specific to your provider. You can find the instructions for Gmail here:
https://support.google.com/a/answer/174124?hl=en&ref_topic=2752442
You can find instructions for Office 365 here:
https://technet.microsoft.com/en-us/library/mt695945(v=exchg.150).aspx
If you’re using another provider, you’ll need to work with your mail administrator in generating the keys and implementing the correct policy for DKIM for your service, in addition to providing the public key through adding a DNS record. Note that incomplete or incorrect records can render your email undeliverable to your recipients, so be sure to follow instructions carefully!
If I use SPF and DKIM, am I guaranteed not to get flagged for spam?
Not at all. There is no guarantee that you won’t be marked as spam by a receiving mail provider’s spam filter. These filters are dynamic and incorporate a variety of factors, including SPF and DKIM verification, an analysis of your message content, the reputation of your domain, and even the behavior of other users on the receiving domain. With that said, SPF and DKIM are a significant part of this filtering that is completely under your control and using these technologies properly will give your messages the best chance of reaching their intended recipients. If you’re looking for a good way of testing your overall spam score (which will include many of these elements), you can try a service like https://www.mail-tester.com/ to get a good baseline.