Email Deliverability

Understanding SPF Records

SPF records give mail servers permission to send mail on behalf of a domain. They can be designated as SPF or TXT records on the nameserver.

Hostname: @ OR [ma]
Value: v=spf1 a mx ip4:[ip address] ~all

Understanding DKIM

DKIM is a TXT record.

Obtain the record from the mail server. It looks like:

Hostname: [mailo.]_domainkey.[mg]
Value: k=[rsa]; p=[y6t7tfygjkbkhygu7t8…]

DMARC

DMARC is a TXT record.

Hostname: _dmarc.[mg]
Value: v=DMARC1; p=none;

Tests

Services

Checklists

DKIM

Validate: DKIM Validator tool

Understanding Errors:

SPF

Create an SPF record:

Test:

BIMI

Create a record:

Spam

Test:

DMARC

To pass DMARC authentication, a message must both Pass and Align for either SPF or DKIM. Even if a message passed authentication for both SPF and DKIM, it could still fail DMARC authentication if one of them does not “align.”

 

Record Generator:

Setup Guides

Test:

DMARC Tags

tagexplanation
vDMARC protocol version.
pApply this policy to email that fails the DMARC check. Can be “none”, “quarantine”, or “reject”. “none” is used to collect the DMARC report and gain insight into the current email flows and their status.
ruaA list of URIs for ISPs to send XML feedback to. NOTE: this is not a list of email addresses. DMARC requires a list of URIs of the form “mailto:test@example.com”.
rufA list of URIs for ISPs to send forensic reports to. NOTE: this is not a list of email addresses. DMARC requires a list of URIs of the form “mailto:test@example.org”.
rfThe reporting format for forensic reports. This can be either “afrf” or “iodef”.
pctThe percentage tag instructs ISPs to only apply the DMARC policy to a percentage of failing email’s. “pct=50” will tell receivers to only apply the “p=” policy 50% of the time against emails that fail the DMARC check. NOTE: this will not work for the “none” policy, but only for “quarantine” or “reject” policies.
adkimSpecifies the “Alignment Mode” for DKIM signatures and can be either “r” (Relaxed) or “s” (Strict). In Relaxed mode, authenticated DKIM signing domains (d=) that share an Organizational Domain with an emails ‘From’ domain will pass the DMARC check. In Strict mode an exact match is required.
aspfSpecifies the “Alignment Mode” for SPF and can be either “r” (Relaxed) or “s” (Strict). In Relaxed mode, authenticated SPF domains that share an Organizational Domain with an emails ‘From’ domain will pass the DMARC check. In Strict mode an exact match is required.
spThis policy should be applied to email from a sub-domain of this domain that fails the DMARC check. Using this tag, domain owners can publish a “wildcard” policy for all subdomains.
foForensic options. Allowed values: “0” to generate reports if both DKIM and SPF fail, “1” to generate reports if either DKIM or SPF fails to produce a DMARC pass result, “d” to generate report if DKIM has failed or “s” if SPF failed.
riThe reporting interval for how often you would like to receive aggregate XML reports. This is a preference and ISPs could (and most likely will) send the report at different intervals (normally this will be daily).

 

Related Posts

Ultimate Addons for Elementor causing infinite loading in Elementor
Disable auto-update Email Notifications causing critical errors