Topic: SPF, DKIM and Why They Matter to Authors

Are you an author with a newsletter? If so, this post is for you. If not, why not? Newsletters are your best and most reliable way to promote your titles. But, hyping the importance of newsletters isn’t why this post exists. There are plenty of other posts and articles and seminars on the internet for that.

Note: If you’re on MailChimp or MailerLite or any other bulk mailing service and using a free internet email account (Gmail, Yahoo, Hotmail, etc) instead of a domain email, then what follows doesn’t apply to you. Thanks for stopping by though.

Just in case terminology is tripping up someone:
Domain Email = renee@dreneebagby.com
vs
Free Internet Email = dreneebagby@gmail.com

For those who are still here, you’re probably wondering what the hell SPF and DKIM are, and why they should matter if you have a newsletter that you send through a domain email.

SPF = Sender Policy Framework – says which servers (IPs) can send emails for your domain

DKIM = DomainKeys Identified Mail – says the message hasn’t been tampered with along the way

Both are email authentication systems used to help prevent spoofing, usually in conjunction with each other. If you’ve signed up for a bulk mailing service and wanted to use a domain email as your FROM address (recommended), you probably had to input SPF and DKIM codes into your domain’s DNS to validate you actually own that domain.

More than likely, if you were like me, you followed the instructions exactly as written and added the SPF text to your DNS. Then your bulk mailing service validated it, and that was it. Right? Wrong! So very wrong!

What the mailing service probably failed to mention in their instructions was that you can and should only have ONE (1) SPF record in your DNS. I didn’t learn that particular fact until I was researching SPFs and came across the Google help article that explained this tidbit under the “Add multiple servers to an SPF record” tab.

Okay, so just delete the other one and keep the one from your mailing service, right? Nope. Also, wrong. The existing SPF code is one you need and that’s probably provided by the service hosting your domain (see the definition of SPF above for why that’s important). You have to keep both. The way you do that is combining them.

Your SPF code has a beginning v=spf1 and an end ~all. Between those is where you put the code that resembles include:serverdomain.com. It would look something like this:
v=spf1 include:serverdomain1.com ~all
or
v=spf1 include:serverdomain1.com include:serverdomain2.net ~all
or
v=spf1 include:serverdomain1.com include:serverdomain2.net include:serverdomain3.org ~all

MAJOR Note: Check your syntax! Extra spaces can cause errors. Copy the code into a TEXT file (not Word) so you can see it in its entirety, delete any extra spaces, and then copy-and-paste that code into your DNS.

Right about now is when you should rush off to your hosting service and check your DNS to make sure you only have one SPF entry and that your SPF syntax is correct. Just remember to bookmark this post so you can return for more revelations.

On to more revelations…

Here’s why your SPF syntax matters.

Gmail raw message data with passing SPF, DKIM, and DMARC.

The above picture is one you may not recognize. Not many people, myself included before this last week, look at the raw data of the emails they receive. The above image is a screen capture from an email I sent myself from one Gmail account to another.

Here’s how to get there when using Gmail, though the steps are similar with other providers.

Step #1: Open up an email and locate the More Options menu.

In Gmail the location of the More Options menu in an email.

Step #2: Enter the More Options menu and click the Show Original option. In other providers, it might say “Raw Message.”

In Gmail, the link to show the original message

In Gmail, the first thing you’ll see is the first image I posted. You want that image to say PASS for the items listed. Sometimes, it lists three items: SPF, DKIM, and DMARC. Sometimes, it just shows SPF. It depends on the SENDER.

The quickest and easiest way to test your SPF and DKIM score is to send yourself (using a different email from the one on your newsletter account) a test email from your mailing list. If you don’t have a secondary email account you can use, work with a friend. Email them a test newsletter message, have them screen capture the original data if it’s not PASS, and then send you the picture.

The Authentication Results are what you should pay attention to if your score is anything other than PASS. You’ll find that in the BUNCH of code below the lovely table. (Note: Some email providers only show the bunch of code with no easy-to-read table.)

Note: I redacted the majority of the picture for privacy reasons.

In Gmail, the show original coded message (redacted)

In the above picture, on the line that begins spf=pass, it basically says this domain at a specific IP is designated as a permitted sender. That means you inputted into your DNS that this domain is allowed to send emails on your behalf. Without that permission, you end up with something like this:

SPF message that reads NEUTRAL
SPF code explaining why the neutral score.

The SPF line says that the designated IP address is neither permitted nor denied, which probably means there’s nothing in the sender’s DNS that “includes” that IP address. A score like that can land your email in the spam folder.

Note: Not all spam has SPF and DKIM errors. From sifting through my spam messages for images for this post, the majority all had passing scores.

The below image is a DKIM failure (even though the code states neutral, but whatever). This email was also in my spam folder and had a warning from Gmail that the contents might be hinky.

Original message with a DKIM that has a FAIL score
Original message code stating the DKIM is neutral because the body hash did not verify

Errors with your SPF and DKIM can land your email in the spam folder, or the service provider can reject your email outright, refusing to deliver it at all. So, you could be paying for a subscriber that’s not receiving your emails.

If your bulk mail provider has send logs, CHECK THEM. Find out if your emails are being rejected before they even hit the subscriber’s inbox and fix the issue, if you can. Email your provider for help. Believe me, I’m the last person who wants more work on top of everything authors already do (can’t I just write?!!), but this is for the health of your mailing list and ensuring the time you spend crafting emails isn’t wasted.

Thanks for your time. Hopefully, this was helpful and improves the health and open rates of your newsletters.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.