In 2019, global email users amounted to 3.9 billion users (Statista, 2020). This figure is set to grow to 4.3 billion users in 2023. That’s half of the world’s population.
With such a ubiquitous channel for communication, companies rely heavily on email marketing to grow sales in the pursuit of cheaper conversions. But off late email marketing has actively acted as the breeding ground for phishing and spoofing activities.
With increased regulations, email marketing now goes far beyond simply blasting people with your promotional content in hopes to get sales.
While only a fraction of companies maintain their own SMTP servers to send emails, in most cases email marketers use third-party ESPs (Email service providers) to send emails. If you dig deep into how email marketing works, you can’t miss but notice these 3 terms;
SPF, DKIM, and DMARC
But what are these?
Let’s go step by step
SPF (Sender Policy Framework) is an authentication protocol that allows a domain owner to specify which mail servers are used to send emails from that specific domain. This is a TXT record in the DNS
v=spf1 ip4:22.214.171.124 ip6:2a05:d018:e3:8c00:bb71:dea8:8b83:851e include:thirdpartydomain.com -all
Now here v stands for version which is spf1 only, we haven’t yet upgraded to spf2.
Next to the version, there are IPs that one can send emails from
At last, it says “~all” which means that if the email comes from IPs other than listed in the SPF record then it will soft bounce the email and it will go in spam.
Here in the case of “+all” it will let all emails come through and “-all” means it will hard bounce the emails if that doesn’t originate from the mentioned mail servers.
All in all “~all” is always the best choice in most cases.
This was easy right?
The next one is DKIM
DomainKeys Identified Mail (DKIM), now this is also a TXT record that is used to prove the contents of the email and that the message hasn’t been tampered with. Think of it as a digital signature. It uses encryption to create a pair of private and public keys.
The private key resides on the mailing server and it encrypts the email body and header with this private key. The recipient server decrypts the message with the public key to validate that it’s the same message that was intended to be sent by the mailing server.
Pro Tip: Unlike SPF, DKIM can survive forwarding
You can view the original/raw message when receiving an email to see if the DKIM is passed or not.
Last up we have DMARC
Domain-based Message Authentication, Reporting, and Conformance (DMARC) enforces SPF and DKIM authentication and lets admins get reports about message authentication and delivery.
DMARC is used in conjunction with SPF and DKIM, and these three components work wonders together.
Essentially, a sender’s DMARC record instructs a recipient of the next steps (e.g., accept, quarantine, reject) if a suspicious email claiming to come from a specific sender is received.
Fortunately, the DMARC email authentication protocol is available to protect customers from unsolicited messages sent from your domain, which keeps your established reputation intact.
You can create your DMARC record by clicking on the following link. Just mention what you think should be done to emails if email fails DMARC and which email address should be reported about it.
There are 2 integral reports in the DMARC account;
Aggregate DMARC reports (RUA)
- Sent on a daily basis
- Provides an overview of email traffic
- Includes all IP addresses that have attempted to transmit email to a receiver using your domain name
Forensic DMARC reports (RUF)
- Only sent for failures
- Includes original message headers
- May include the original message
Note: You can set a different DMARC policy for your sub-domains
When a domain owner publishes a DMARC record into their DNS record, they will gain insight into who is sending email on behalf of their domain.
Implement a DMARC record through a CNAME record; https://mxtoolbox.com/dmarc/dmarc-setup-cname
Are you sending emails from your website domain?
Sending all types of emails directly from your primary domain might not be a very good idea. A better way to manage the reputation of a domain is to use subdomains for different kinds of emails and using specific SPFs that the sub-domain will use.
Eg: for transactional emails, use [email protected]
For support emails, you can use [email protected]
Pro Tip: It is always advisable to use a different domain for sending marketing emails especially cold emails as those don’t tend to perform that well. This way you could send emails without worrying too much about the domain’s reputation. A common way to get the right domain for sending cold emails is to add mailers.com at the end so If you own facebook.com then send emails from facebookmailers.com
If you need more insight into your emails, you can use Glockapps to monitor your domain’s reputation, email performance, and deliverability.
While there is nothing that can replace a well-thought email for increasing sales, a technical understanding of how emails are sent and authenticated comes in handy for a successful email strategy.