Setting up A DKIM and a DMARK, Your Emails won't be delivered without it

byTheCatherine

14K followers

3 months ago

Email communication is poised for substantial transformations. On the 1st of February Google and Yahoo are rolling out new authentication protocols and enhanced spam prevention measures. Best practices will then be mandatory.

Activating Email Authentication

A crucial element of Google's new requirements is the mandate for senders to implement DKIM (DomainKeys Identified Mail) authentication. Alongside DKIM, setting up a basic DMARC (Domain-based Message Authentication, Reporting, and Conformance) record is now essential. While it's strongly recommended for all senders to adopt DKIM and DMARC, this is particularly impactful for those sending emails in bulk. It's important to note that these updates will not affect customers who have already established DKIM and DMARC configurations.

When you send emails, services like Gmail, Outlook, AOL, and Yahoo need to check if the email is really from you or if it's fake, like from a spammer. This is true even if you use an autoresponder such as Getresponse or Aweber.

Before talking about how to prove your emails are legitimate, make sure your sending domain is valid. You should own the domain, it should be more than 30 days old, and linked to a real website, not just an empty page.

Also, your domain needs an MX record, which tells email systems where to send emails for your domain.

What is An Mx Record

An MX record, or Mail Exchange record, is a type of data in your domain's DNS (Domain Name System) settings. It specifies the mail server that is responsible for handling emails for your domain. Essentially, when someone sends you an email, the MX record guides that email to the right server where your email inbox is hosted. Each MX record points to a mail server and has a priority setting, which determines the order in which the servers are used to receive emails. This system helps ensure that emails are delivered correctly to your email address.

Got a valid domain with an MX record? Great, now it's time to authenticate your emails!"

How to Set up An Mx Record If you domain is hosted here

You will have to check with site support

How to do this from Namecheap or goDaddy

1. Log in to your domain name registrar (e.g. GoDaddy, Namecheap, etc). This is the service where you purchased and manage your domain name.
2. Find the section in the control panel for managing DNS records. This may be under a "Nameservers" or "DNS Management" menu.
3. Add a new MX record. You will need to enter:

• The domain name the MX record is for (e.g. yourdomain.com)
• The priority value - lower numbers indicate higher priority. A value of 0 or 10 is common for a primary MX record.
• The "points to" value. This is the hostname of your mail server that will handle email for your domain (e.g. mail.yourdomain.com).

1. Save the MX entry. It may take a few hours to fully propagate through DNS systems.
2. You can double check setup by looking up your domain on a site like mxtoolbox.com. It will list out the MX records that have been configured for your domain's email routing.

Is your sending domain valid and with an MX record? Time to authenticate it!

There are three proven ways to verify a sender's identity. These are SPF, DKIM, and DMARC. Normally, most autoresponders will have set up SPK, but it is worth checking that it is set up. You will have to set up your DKIM and DMARC yourself.

What is a DKIM

DKIM (DomainKeys Identified Mail) is like a digital signature for email. It helps prove that an email really comes from the sender it says it's from. Think of it like a company putting a unique seal on their letters. For example, a company named "Guatemala Artesania" would use their "guatemalartisania.com" domain to sign their emails, showing they really are from "Guatemala Artesania."

This is done by adding a special hidden signature to the email's header and then having a public key on your website. This key confirms that the signature is genuine.

How to Set up a DKIM pair in your autoresponder

1. Sign in to your email or hosting provider's control panel.
2. Look for a section related to DKIM settings or tools - it may be called something like "Manage DKIM," "Email Authentication," or "Domain Keys."
3. Open that section and begin the DKIM setup wizard. Your provider should have a step-by-step guide to generate the keys with a single click or button.
4. A public key will be displayed or offered for copy/download. This is the key you'll use in the next steps.

Here is an example of what a DKIM public key record would look like:

Host Name: dkim._domainkey.example.com

Record Type: TXT

TTL: 3600

Value: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiajKEvGhjl9JFe/YovA5eGOgvxYFM0ajJZXBxIDaWanguDpESeZdzA8chHiZ6FkNJEfOvbM4GmbiUJ5blX3cipcWYfFfsSc4dw0/0PRkMu5kYOxwm62FmLJ37LdmlDfqWDBv2u8ChRM3nHbvCoj5lz4tjfUcHfXTg6G9z/PvY9zezPeR97aV6W5H4OnuX/sesQqo6 TEAYmlvki8gn7HXtj6P ROhp

This includes the domain name (dkim._domainkey.example.com), record type (TXT), time to live (3600 seconds), and the public key value starting with "v=DKIM1;...".

The key value itself would be much longer than this example, but hopefully this gives you an idea of how the DKIM TXT record is structured when you go to add it in your DNS configuration.

1. The control panel will also automatically store and link the private key behind the scenes - it does not need to be copied anywhere.
2. Next, once you have the public key from step 3, simply log into your domain provider, find the DNS records, and add a TXT type record with your unique DKIM key value.

Integrating your email provider handles all the technical key generation under the hood. You just need to access their setup guide or wizard, grab the public key, and put it in a DNS record for linking.

Additionally, you can test a live email with mail-tester.com to ensure that DKIM is working.

What is DMARC

DMARC stands for "Domain-based Message Authentication, Reporting and Conformance". It is a tool that helps prevent spammers from sending fake emails that pretend to come from your domain.

For example, a spammer could send an email that falsely claims to be from "support@yourcompany.com". DMARC blocks these fake emails so your customers never see them.

Setting up DMARC involves creating special records in your domain's DNS settings. This lets email providers know that only your authorized servers can send emails from your domain.

If an email shows up claiming to be from you, the email provider checks the DMARC records. If the email is fake, DMARC causes it to be rejected or sent to spam. From February this stops being best practices and becomes mandatory/

DMARC also gives you reporting about who is sending emails from your domain. This helps you catch unauthorized use of your domain.

The great news is DMARC is free to set up. You just need to add the records in your DNS and choose an email provider that supports DMARC. This gives your domain an extra layer of email spoofing protection.

To implement DMARC and prevent domain spoofing:

1. Go to dmarcwizard.com and enter your company's domain name. Copy the long DMARC record value that is generated.
2. Log in to your domain name registrar account and locate the DNS Records section. Create a new TXT record.
3. Paste the DMARC record value into the TXT value field.
4. Ensure the TTL (time-to-live) is set to 3600 seconds.
5. Save the new TXT record and allow up to 48 hours for DNS propagation.

This will instruct email providers to reject any dubious messages pretending originate from your domain. No further action is needed apart from occasional DMARC record renewal.

Check your email provider's dashboard for tools to receive DMARC aggregate and/or forensic reports. This will help you monitor any blocked spoofing attempts from scammers misusing your company domain.

if all of this is too complicated or too techie for you then you will have to outsource the work to someone who can do this. It will not be possible to have an email list without this from February