DNS Records For Email Security

Nobody likes email spam. Email clients send some emails to spam folders or outright prevent delivery. While this may help keep your inbox from being cluttered, it can also stop your emails from being seen. In this article we’ll help give an understanding two DNS records that will help increase the chances of your emails being delivered (SPF/DKIM), as well as a useful record that helps prevent spam (DMARC).

DNS Records for Email

If you will use emails with your domain you will need MX records setup, along with few extra DNS records to prevent abuse in the form of spam or spoofing. Read more about SPF/DKIM/DMARC records here. Remember, when you purchase a domain through WP Harbor you get unlimited DNS updates, so setting up records like this for you is free!

SPF Records

SPF stands for Sender Policy Framework. This is a TXT record that is used where your DNS is managed. You may only have one SPF record.

Spammers can take control of your email and send messages as though you are the one that sent them. This is generally called “spoofing.” If you begin to receive responses or delivery failure messages for emails you never sent, there is a good chance that someone is spoofing your email.

Click Here To Read A Great Article On SPF Records.

To help prevent this, email clients will check to see if the SPF record and outgoing mail server information match. If they don’t, they either flag the message as spam or reject delivery.

While an SPF record can help prevent spoofing and help get your own emails delivered, it cannot prevent all spoofing and delivery problems. It is still a very important tool in your overall email delivery.


DKIM Records

DKIM stands for Domain Keys Identified Mail. This is a TXT record that is added to your domain’s DNS host records. DKIM is an authentication method that gives the email recipient’s email client something to check whether the message was really sent and authorized by the owner of the domain that sent it.

Click Here To Read A Great Article On DKIM Records.

DKIM places an encrypted signature in the header of the message. This creates something called a Hash Value. By using the public key listed in the domains DNS the receiving end can verify the signature. It deciphers the Hash Value by using the public key and then recalculates the Hash Value. If the keys match, it then knows that the email is authentic and unaltered.

DKIM along with SPF will go a long way in helping the smooth delivery of your email messages. If you have been having problems with email delivery or want to protect against it becoming an issue, let us know and we can add these records to your DNS.