To engage customers through email marketing, you need to include domain authentication methods. These methods increase your sender reputation and deliverability, allowing your bulk emails to pass inbox providers’ spam filters.
There are three main methods: SPF, DMARC, and DKIM. They are usually implemented as TXT (a type of DNS record in legible text form) records in your domain’s DNS settings.
All three records should be included to ensure the highest email security and deliverability.
SPF record contains a list of all the authorized email providers that can send emails using your domain. The receiving inbox provider analyzes your SPF record to see if the sender is authorized by your domain.
Here is the guide to setting up an SPF record on the “cortex” domain. SPF settings (as DKIM and DMARC) are highly provider-dependent, but the general process goes as follows:
Access your DNS settings and create/edit your SPF record. If there already is an SPF record, look for: “v=spf1”. An SPF record looks like this:
To add a cortex email provider, simply add your ESP with the “include” statement. The resulting record for the cortex domain should look like this:
Even though you use multiple providers, you need to have only one SPF record!
DMARC establishes a domain policy to deal with emails that fail DKIM and/or SPF checks. Therefore, in order to have a functioning DMARC record, you need both DKIM and SPF records.
Including a DMARC record in your DNS is highly advised. Some inbox providers (most notably Google) require a DMARC policy for the sender’s marketing emails to pass their spam filter.
Here is a guide to setting a DMARC record for the “cortex” domain:
Access your domain’s DNS settings.
Create a TXT record in your DNS. An example looks like this:
| Name | Type | Content | ||
|---|---|---|---|---|
| _dmarc.example.com | TXT | v=DMARC1; p=none; sp=none; |
“example.com” stands for your domain, “p” can be set to:
To properly set up DMARC policy for the cortex domain, the record follows:
DKIM works as an encrypted digital signature in the email’s header. It is verified by a DNS record with two parameters: decryption key and selector. Upon receiving your email, the receiver ESP extracts a public decryption key from your DNS. If the key works and the signature is decrypted, the email passes the DKIM validation check.
Here’s the guide to setting up a DKIM record for the “cortex” domain:
Add the DKIM record to your domain’s DNS settings by creating a TXT record. An example DKIM record looks like this:
| Name | Type | Content | ||
|---|---|---|---|---|
| loremipsum._domainkey.domain.tld | TXT | v=DKIM1; p=76E629F05X708EF665553333EEC3F5AE69B2362BECM40658267AB2FC3CB6CBE |
“loremipsum” stands for your specific selector, and “example.com” is your domain. Everything after “p=” sets the specific decryption key (in the form of hash text).
Go to your ESP and allow DKIM. This is provider-dependent.
For the “cortex” domain, put the following in the “Name” column:
Cortex must confirm the domain name after it is set on your side!
For every sender domain, you need a particular DKIM record.
These three records get your email message “accepted” by receiving providers, but they do not necessarily deliver it to the inbox. Many different spam filters scan and evaluate your email content afterward.