What's a Domain ID Card?
What if I told you that you, as a domain owner, are not allowed to send emails from your domain. Yes, even if you own the domain, your sent emails can be seen as spam. You need to tell the world that the one sending emails from the domain is actually you, and not someone else impersonating you. This is exactly the purpose of your Domain security records: otherwise known as SPF, DKIM and DMARC records.
By using SPF, DKIM and DMARC, you make it easier for an email recipient to check if your emails were legitimately sent from you, the domain owner, or from someone who was authorized to send it. In this article, I’ll explain to you what SPF, DKIM and DMARC are, and why they are important for your email deliverability.
We often think of an email address as public information. Technically, it’s true, you can send an email to any mailbox in the world. There is nothing stopping you from sending an email to your most beloved celebrity without any hurdles.
At the same time, email is a trusted communication channel, which makes it accessible for scammers (remember the Nigerian prince scam email). So, email providers have a duty of protecting their users. They needed a way to make mailboxes less accessible for scammers.
One of the solutions that were introduced is, you guessed it, SPF, DKIM and DMARC records. They are records that are verified every time an email is received by a mailbox. Those records prove your identity as a sender. Using these records, the mailboxes became a restricted zone that you can only enter using your an authentic email sender. You need an identity card, a Domain ID Card if you will.
If you don’t have a proper Domain ID Card, the spam filter can’t trust your email, thus it can end up in spam to protect the user.
The scary part in all this is that spam filters could silently mark your email as spam for lack of proper Domain ID Card. So, unless you have heard of these Domain Security measures before, you wouldn’t be able to identify the issue, and you might waste a lot of time on other solutions.
Now that we established the importance of SPF, DKIM and DMARC for your email deliverability, let’s dive into each one of them, and explain it in simple words.
If I had to define SPF in one sentence for you as its user, it would be the following:
SPF is a list of IP addresses (servers) that are authorized to send emails from your domain.
To explain this, every server on the internet has an IP address that identifies it from other servers. It’s like the server’s social security number, or name. In that sense, SPF is a list of servers. So, what servers constitute this list?
When you send an email from say Google, you’ll be using Google’s servers to send this email, or in other words you’ll use Google’s IP addresses. Thus, Google IP addresses should be part of your own SPF list. Similarly, if you’re sending emails from any other email provider, you’ll need to add their IP addresses to your list.
Once you have put together your SPF list, you’ll need to add to your domain. By adding it, you’re stating that you, as a domain owner, give permission to these servers to send emails from your domain. It means that any other server (IP) that is sending emails from your domain doesn’t have authorisation to do so. The receiver of the email recognizes that the email sent to them wasn’t part of your SPF list. It means it's a security threat for the recipient, and deems it as a spam email.
In other words, if you don’t have a good SPF setup, it means that you, as the domain owner, don’t authorize anyone to send emails from your domain. All your emails can be considered as a security threat, and thus marking them as suspicious or throwing them in spam.
The same goes for an incomplete SPF setup. If you have outlook IPs authorized in your SPF list, but also send emails from a Gmail account, your emails sent from Gmail can be considered spam.
In short, you’ll need to list all the sending servers of your company, publish them in your domain’s DNS records, then keep an eye on it for any eventual updates.
We have worked with thousands of marketers in the past 4 years, and we understood how this task can be intimidating. We gathered all the technical knowledge behind all this in one automated tool that boils down to a copy paste to secure your domain. Mailsplit will help you with that.
However, SPF is not enough to secure your domain. I’ll explain to you the other two protocols to get the full picture of your Domain ID Card.
Again, if I had to define DKIM in one sentence for you as its user, it would be the following:
DKIM is a signature.
Yes, it is a very short and simple sentence that hides a lot of technical details behind it. I’ll leave some of these technical details to another article. For this one, I’ll briefly explain DKIM's concept. Back to the signature.
When you send an email, your sender encrypts your email content and header and signs it with a special signature. This enables the recipient to check if your content is authentic, and was sent by an authorized sender.
One way that scammers can use your identity is by changing your email content midway through the sending process. You can imagine how dangerous this is, as they can use the trust you built with your recipient to scam them. DKIM is the way to protect you, your domain and your recipients.
To protect your domain, you need to declare that the sender using a specific signature is allowed to send emails from your domain. Or in other words, publish a DKIM record for every sender using your domain. Otherwise, spam filters can mark emails with incorrect/unauthorized signatures as spam.
Again, if I had to define DMARC in one sentence for you as its user, it would be the following:
DMARC is your law text against unauthorized emails.
Now that you've defined who’s authorized to send emails from your domain, you’ll need to add an extra layer of security. DMARC is your way to tell recipients what to do with the unauthorized emails they receive. In DMARC words, this is called a policy, and you have three policy choices: none, quarantine, and reject. “None” means that you’re leaving the choice of what to do with the email to the server. “Quarantine” means that you’re requesting to mark the email as suspicious, which is equivalent to marking it as spam. “Reject” is telling the server to bounce the email altogether, it won’t reach the mailbox at all.
That is all! There are other technical details about this protocol, but I won’t bore you with them here. The most important thing is setting DMARC alongside SPF and DKIM. You don’t have to worry about any technical details while using Mailsplit, it will enable you to set up your SPF, DKIM, and DMARC records easily.
By using SPF, DKIM and DMARC, you make it easier for an email recipient to check if your emails were legitimately sent from you, the domain owner, or from someone who was authorized to send it. In this article, I’ll explain to you what SPF, DKIM and DMARC are, and why they are important for your email deliverability.
First, what’s the relationship between Domain security records and email deliverability (spam)?
We often think of an email address as public information. Technically, it’s true, you can send an email to any mailbox in the world. There is nothing stopping you from sending an email to your most beloved celebrity without any hurdles.
At the same time, email is a trusted communication channel, which makes it accessible for scammers (remember the Nigerian prince scam email). So, email providers have a duty of protecting their users. They needed a way to make mailboxes less accessible for scammers.
One of the solutions that were introduced is, you guessed it, SPF, DKIM and DMARC records. They are records that are verified every time an email is received by a mailbox. Those records prove your identity as a sender. Using these records, the mailboxes became a restricted zone that you can only enter using your an authentic email sender. You need an identity card, a Domain ID Card if you will.
If you don’t have a proper Domain ID Card, the spam filter can’t trust your email, thus it can end up in spam to protect the user.
The scary part in all this is that spam filters could silently mark your email as spam for lack of proper Domain ID Card. So, unless you have heard of these Domain Security measures before, you wouldn’t be able to identify the issue, and you might waste a lot of time on other solutions.
Now that we established the importance of SPF, DKIM and DMARC for your email deliverability, let’s dive into each one of them, and explain it in simple words.
SPF:
If I had to define SPF in one sentence for you as its user, it would be the following:
SPF is a list of IP addresses (servers) that are authorized to send emails from your domain.
To explain this, every server on the internet has an IP address that identifies it from other servers. It’s like the server’s social security number, or name. In that sense, SPF is a list of servers. So, what servers constitute this list?
When you send an email from say Google, you’ll be using Google’s servers to send this email, or in other words you’ll use Google’s IP addresses. Thus, Google IP addresses should be part of your own SPF list. Similarly, if you’re sending emails from any other email provider, you’ll need to add their IP addresses to your list.
Once you have put together your SPF list, you’ll need to add to your domain. By adding it, you’re stating that you, as a domain owner, give permission to these servers to send emails from your domain. It means that any other server (IP) that is sending emails from your domain doesn’t have authorisation to do so. The receiver of the email recognizes that the email sent to them wasn’t part of your SPF list. It means it's a security threat for the recipient, and deems it as a spam email.
In other words, if you don’t have a good SPF setup, it means that you, as the domain owner, don’t authorize anyone to send emails from your domain. All your emails can be considered as a security threat, and thus marking them as suspicious or throwing them in spam.
The same goes for an incomplete SPF setup. If you have outlook IPs authorized in your SPF list, but also send emails from a Gmail account, your emails sent from Gmail can be considered spam.
In short, you’ll need to list all the sending servers of your company, publish them in your domain’s DNS records, then keep an eye on it for any eventual updates.
We have worked with thousands of marketers in the past 4 years, and we understood how this task can be intimidating. We gathered all the technical knowledge behind all this in one automated tool that boils down to a copy paste to secure your domain. Mailsplit will help you with that.
However, SPF is not enough to secure your domain. I’ll explain to you the other two protocols to get the full picture of your Domain ID Card.
DKIM:
Again, if I had to define DKIM in one sentence for you as its user, it would be the following:
DKIM is a signature.
Yes, it is a very short and simple sentence that hides a lot of technical details behind it. I’ll leave some of these technical details to another article. For this one, I’ll briefly explain DKIM's concept. Back to the signature.
When you send an email, your sender encrypts your email content and header and signs it with a special signature. This enables the recipient to check if your content is authentic, and was sent by an authorized sender.
One way that scammers can use your identity is by changing your email content midway through the sending process. You can imagine how dangerous this is, as they can use the trust you built with your recipient to scam them. DKIM is the way to protect you, your domain and your recipients.
To protect your domain, you need to declare that the sender using a specific signature is allowed to send emails from your domain. Or in other words, publish a DKIM record for every sender using your domain. Otherwise, spam filters can mark emails with incorrect/unauthorized signatures as spam.
DMARC:
Again, if I had to define DMARC in one sentence for you as its user, it would be the following:
DMARC is your law text against unauthorized emails.
Now that you've defined who’s authorized to send emails from your domain, you’ll need to add an extra layer of security. DMARC is your way to tell recipients what to do with the unauthorized emails they receive. In DMARC words, this is called a policy, and you have three policy choices: none, quarantine, and reject. “None” means that you’re leaving the choice of what to do with the email to the server. “Quarantine” means that you’re requesting to mark the email as suspicious, which is equivalent to marking it as spam. “Reject” is telling the server to bounce the email altogether, it won’t reach the mailbox at all.
That is all! There are other technical details about this protocol, but I won’t bore you with them here. The most important thing is setting DMARC alongside SPF and DKIM. You don’t have to worry about any technical details while using Mailsplit, it will enable you to set up your SPF, DKIM, and DMARC records easily.
Updated on: 01/12/2023
Thank you!