It's critically important, especially with the new Gmail and Yahoo updates in 2024, to authenticate your emails before engaging in any outreach, even if you send emails directly from your mailbox.
Why:
Deliverability: Emails without authentication can be rejected or placed in spam folders. These are mandatory settings enforced by mail providers.
Protection: Email authentication safeguards your emails from spoofing.
Note: Important!
If you are uncertain about how to perform these actions or if you lack access to your hosting website, please contact your IT person or someone who manages your domain.
You can also reach out to your hosting or mail provider support; they will assist you in configuring email authentication settings mentioned below.
What:
Email authentication consists of three parts:
SPF: Should include all mail servers (tools) that send emails on behalf of your domain.
DKIM: A digital signature that signs your emails and helps to verify their authenticity.
DMARC: Instructs the recipient's mail server on what to do with emails that fail SPF and DKIM.
Note: These are domain settings that are propagated across your entire domain, affecting all mailboxes associated with that domain.
Where:
your mail provider support or mail provider support section: contact them to get the correct SPF and DKIM values, since both of these records are specific for each mail provider.
your hosting website -> DNS: here you will add all 3 records. Your hosting website is a place where all your domain settings are located.
Note:
Reply is not an ESP (email service provider), that's why we do not provide our customers with SPF and DKIM. Those values need to be received from your mail provider.
Step-by-step guide
Step 1: Test your domain.
Firstly, you need to understand if there is anything to be fixed. You need to check your current domain settings.
Some useful tools that can help you:
Mail-tester tool: check the section "You are (not) fully authenticated".
Check out How to improve your Email Deliverability Score article to get Mail-tester report explained.
Step 2: fix your domain.
Note: Use the drop down arrow to expand the details.
SPF record
The correct record should follow several rules:
there should be only 1 record
should not exceed 10 DNS lookups
should contain all mail servers (mail tools) that send emails from your domain
Please, contact your mail or hosting provider support to troubleshoot any issue with SPF record that you may face.
DKIM record
DKIM is provided by your mail service, not by Reply.io. It's a pair of digital keys. One is stored at your mail provider's side (you don't see it), the second part is provided to you so that you can add it you DNS.
To get your DKIM and set in to your DNS, please, contact your mail provider. If you use the same mail and hosting provider, they will assist you with both steps.
If your hosting provider is different, you may need to take DKIM from your mail provider first and then ask hosting support for help.
DMARC record
DMARC record instructs mail providers what to do with your emails if they fail SPF / DKIM check.
There are 3 options of DMARC policy:
Policy | Type | Details |
p=none | soft | It instructs mail providers to do nothing with emails that fail authentication. Does not protect you from spoofing. |
p=quarantine | strict | It instructs mail providers to place such emails to spam. Protects you from spoofing. |
p=reject | strict | It instructs mail providers to reject emails that fail authentication. Protects you from spoofing. |
Note:
Important! Please, do not use strict policy unless you are sure you mail authenticated all mail servers that send emails form your domain with SPF and DKIM. If not, your deliverability from unauthenticated servers will be hurt.
How to set soft DMARC:
DMARC can be rather complicated. If you want to fully use it, consider subscribing to any DMARC deployment tool to monitor your DMARC reports.
Here is how you can set a very basic DMARC that can help you follow the requirements, but will not hurt you.
Go to your Namecheap -> Domain list -> select your domain -> Advanced DNS (see SPF record section to details) and add the following TXT record:
Type: TXT
Host name: _dmarc
TXT value: v=DMARC1; p=none;
โ
Step 3: Re-test your domain to see if everything is implemented properly.