DNS Management + SPF/DKIM Configuration
For ensuring your emails land in your recipients’ inboxes.
What is the DNS Management + SPF & DKIM Configuration Service?
When you register a domain, you’re likely going to want a website and email associated with that domain such as email@example.com. To do that, you need to tell the internet which email service provider to send your email to and what the IP address of your web server is. DNS is the worldwide system that enables that.
To be completely transparent, punching in your web server’s IP address is pretty straightforward. It’s also a very black & white affair, you either got it right or you didn’t. It’s configuring your DNS records for your email providers where things can get a bit sticky.
Why your business needs this
There are 4 broad indicators that an email service providers use to determine if your email should be delivered to people’s inbox, their spam folder, or Gmail’s Promotions/Social/Updates folders.
- Your email sending behavior (going from sending 3 emails per day to 100 per day overnight will land you the spam hammer)
- The content of your email. (Looking at you Old Navy with your 50 images and 90 links in a single email)
- If your domain is listed in any of the spam databases including Microsoft and Google’s own proprietary spam databases.
- If you’ve properly configured your SPF and DKIM for your various email providers.
Unless you have a properly configured SPF and DKIM, your emails are likely landing in some of your recipients’ spam folder or Promotions folder. Imagine paying a marketing agency $3000/month to send out marketing emails just to find out they all go to spam. Imagine your sales guys’ frustration when they find out their emails aren’t going to their prospects’ inboxes because the business owner never properly deployed email security protocols.
SPF and DKIM may not be sexy but not having it set up properly can cost your business real revenue because your emails aren’t landing in inboxes.
SPF Explained in English
SPF is your way as the registrant or “owner” of a domain to tell the internet which email providers are authorized to send email on behalf of your domain. For my domain edwardkado.com, there are 3 different email services or stand alone servers allowed to send email from an firstname.lastname@example.org email address. Google Workspace, Amazon AWS SES (Simple Email Service), and my web server (to send contact form submissions to me). The SPF’s job is to make sure some schmuck can’t just go create an email@example.com email address at say GoDaddy and just start sending fraudulent invoices to my clients.
Without an SPF set up for edwardkado.com, anyone could spin up an firstname.lastname@example.org email address. The internet only knows to trust solely Google, Amazon AWS SES, and my web server because I said so via the SPF.
For the curious – If you head to https://whatsmydns.net type in edwardkado.com, and then select TXT in the drop down, then hit Search to see my current SPF record.
DKIM explained in English
DKIM stands for Domain Key Identified mail. In a sentence, it enables your domain to digitally “sign” your emails. What that means is your email server adds a digital signature to the header of your emails which matches against the public cryptographic key which is published on your domain’s DNS.
The way this works is simpler than it sounds. When setting up the DKIM, your email server creates two keys, a public key and a private key. Public key is just that, public, anyone can see it as it’s published on your domain’s DNS.
The way the private key is used is a bit more complicated but let’s take a crack at it.
When your DKIM-enabled email server is about to send an email, it encrypts the email using the private key and sends it to the receiving email server, the receiving email server then looks up the corresponding public key on your domain’s DNS. The receiving email server then decrypts the message using the public key. Because only the email server that created both the public and private key would have the private key, any receiving email server would then know the email is validated by the domain.
For the curious – If you want to see what a public DKIM key looks like. Head to https://whatsmydns.net, type in “google._domainkey.edwardkado.com”, then select TXT in the drop down and hit Search to see my Google DKIM Public Key.