n this guide, we provide you with detailed information on how to improve your deliverability. If you want to learn what is SPF, SpamAssassin DKIM, DMARC, Reverse DNS, and how they can impact your email deliverability, you are in the right place.
What is SPF?
SPF stands for Sender Policy Framework. It’s an email authentication protocol that is published in the DNS records of a sending domain.
It gives a list of IPs, mail servers, and sending applications that are authorized to use this domain to send emails. As this list is public, the receiving server will be able to compare it with the IP or sending application of the incoming email.
- The receiver to verify the authenticity of the sender, to avoid spam or scam like phishing or spoofing.
- The sender to protect his domain from malicious and unauthorized activities that could affect its trustworthiness.
Why is it important?
As for any email authentication protocols, having SPF properly set improves the deliverability of emails sent from this domain. Indeed, some email servers can block the access to email with no SPF record published.
In the same way, your domain has less chances to be blacklisted or have a bad SpamAssassin grade if it has a SPF record published.
In a nutshell, having SPF properly setup will make your emails more secure while increasing your deliverability.
Example of SPF record
I own the domain “warmbox.ai” and I’m using Google Workspace to send emails, as well as Sendgrid for marketing purposes.
I will publish this SPF record in my DNS:
v=spf1 include:_spf.google.com include:sendgrid.net ~all
We can decompose this SPF record into 3 parts:
The version of the SPF protocol. It always stays the same.
The “list” of authorized applications and/or servers that can send emails with the domain “warmbox.ai”.
The mechanism used. Basically, it indicate what will happen if an email using the domain “warmbox.ai” is sent from an unauthorized sending application or IP.
In that case, the email that doesn’t pass the SPF test will be automatically sent to spam.
What is SpamAssassin?
Apache SpamAssassin is a filtering program that uses a variety of spam-detection techniques and provides a spam score to every email: 5 being considered as spam.
SpamAssassin is used by most ISPs (Internet Service Providers) and individual domains as a spam-filter. Meaning that a bad grade (4 or above) will impact severely your deliverability.
How is your SpamAssassin Score calculated?
SpamAssassin developers keep the factors involved in the score calculation public.
These are some key elements checked by SpamAssassin:
- Main Domain and IP blacklists/greylists/blocklists
- Collaborative spam identification databases
- SPF and DKIM protocols
- Header and Body content
- Broken or shortened urls
- Multiple sender reputation systems
However, SpamAssassin is a complex and dynamic program, including scores from other spam filters in its own score calculation.
What is DKIM?
DKIM stands for DomainKeys Identified Mail. It’s an email authentication protocol, using digital signature attached to the header of email. In a nutshell, when DKIM is published in the DNS records of a domain, it will display a public key that the recipient email servers can match with the encrypted key in the signature.
- The receiver to check if an incoming email is authentic (i.e. hasn’t been modified by any third party since being sent).
- The receiver to verify that the email has been sent from an address associated with the right sending domain.
- The sender to prevent “domain spoofing”.
Why is DKIM important?
As for any email authentication protocols, having DKIM properly set improves the deliverability of emails sent from this domain. Indeed, some email servers can block the access to email with no DKIM record published.
In the same way, your domain has less chances to be blacklisted or have a bad SpamAssassin grade if it has a DKIM record published.
In a nutshell, having DKIM properly setup will make your emails more secure while increasing your deliverability.
What is DMARC?
DMARC stands for Domain-based Message Authentication, Reporting & Conformance. It’s an email authentication protocol, using Sender Policy Framework, (SPF) and DomainKeys identified Mail (DKIM) to prevent “domain spoofing” and other malicious activities.
It is published in the DNS records so that any receiving email server can authenticate incoming emails. It also details the sender policies on how unauthenticated emails should be treated by ESPs (Email Service Providers).
- The owner of a domain to signal in DNS records which security protocols (SPF, DKIM, or both) are implemented when sending email from that domain.
- The sender to define how to handle outgoing emails that didn’t pass the SPF and/or DKIM authentication(s). Either it can send them in spam for quarantine, or block them.
- The sender to monitor its sending domain activity through detailed reports.
Why is DMARC important?
DMARC is an extension of existing email authentication methods like DKIM and SPF. It makes sure that no unauthenticated users will be able to send email from your domain, protecting your brand and the trustworthiness of your domain.
Along with SPF and DKIM, DMARC has a positive impact on deliverability as major ISPs (Internet Service Providers) considered sender with DMARC set up as more trustworthy.
In the same way, your domain has less chances to be blacklisted or have a bad SpamAssassin grade if it has a DMARC record published.
In a nutshell, having DMARC properly setup will make your emails more secure while increasing your deliverability.
What is Reverse DNS?
A Reverse DNS lookup is a query that will retrieve the domain associated with a given IP address. It’s simply the opposite of the well-known DNS lookup which gives IP addresses associated with a domain.
Reverse DNS lookup is commonly used by email servers to track down malicious messages and spam, as it can identify and verify the domain of an incoming email.
Why is it important?
Reverse DNS lookup is a key element of the security protocol used by email servers to protect recipients from malicious emails.
Not all sending servers are supporting Reverse DNS lookup, but those that don’t are more likely to be blocked by receiving servers. This affects negatively your deliverability.
Yet, all major ESPs (Email Service Providers)’s servers do provide Reverse DNS.
How to setup Reverse DNS for your server
You need to publish a PTR record on your server to enable Reverse DNS.
What is a DNS PTR record?
A DNS pointer record (PTR for short) provides the domain name associated with an IP address. A DNS PTR record is exactly the opposite of the ‘A’ record, which provides the IP address associated with a domain name.
When a user attempts to reach a domain name in their browser, a DNS lookup occurs, matching the domain name to the IP address. A reverse DNS lookup is the opposite of this process: it is a query that starts with the IP address and looks up the domain name.
What are some of the main uses for PTR records?
PTR records are used in reverse DNS lookups; common uses for reverse DNS include:
Anti-spam: Some email anti-spam filters use reverse DNS to check the domain names of email addresses and see if the associated IP addresses are likely to be used by legitimate email servers.
Troubleshooting email delivery issues: Because anti-spam filters perform these checks, email delivery problems can result from a misconfigured or missing PTR record. If a domain has no PTR record, or if the PTR record contains the wrong domain, email services may block all emails from that domain.
Logging: System logs typically record only IP addresses; a reverse DNS lookup can convert these into domain names for logs that are more human-readable.
What Is Domain Age?
Not all domains are equals when it comes to email deliverability. One important factor taken into account by spam filters and Email Service Providers is the domain age.
It shows how long your domain has existed.
How does domain age impacts my deliverability?
As a rule of thumb, the older is your domain, the better will be your deliverability. Indeed, most ESP will consider that brand new domain are less trustworthy than aged ones.
Domain that has been created less than 3 months ago are more likely to have deliverability issues than older ones. Yet, having an old and well established domain doesn’t mean that your deliverability will be high.
It’s only one factor among others. And it is important to always keep in mind that an healthy email activity is the best way to keep a high email deliverability.
What is a List-Unsubscribe Header?
List-Unsubscribe is an optional email header that allows email recipients to opt-out of receiving emails without clicking through an unsubscribe link or marking a sender as spam or junk.
It is displayed next to the email sender information.
Why is it important?
List-Unsubscribe Header is a user-friendly way to offer an opt-out for your recipient. Thus, they won’t have to search for a unsubscribe link in your email body.
Offering such feature in your emails is a good way to avoid that your recipients mark your email as spam to not hear from you again. Which is very damageable to your email deliverability.