We live in a world of acronyms. Email of course is a short-form of its full name which is Electronic Mail. With Email there are many acronyms and abbreviated technology names such as POP, IMAP, SMTP and so on.
Two Email (and DNS) related acronyms are well worth knowing about and using are SPF and DKIM. If you, like me, do a lot of business communication via Email, then we need to be sure that our sent email isn’t identified as spam for any reason. SPF and DKIM records can make our sent Emails be perceived as far more reputable by spam filters.
What is a SPF record?
Sender Policy Framework (SPF) is a means for the domain owner to specify which servers may send Email for the domain. Spammers often hijack/use unsuspecting third party email addresses to send spam messages. What spammers can’t easily do is send email using the same SMTP server that the domain/email address usually uses. If specific servers are identified as being designated to send email on behalf of a domain then the receiving email server is less likely to mark the message as spam (assuming that the message is sent from an authorised server).
SMTP records are added to DNS via TXT or SPF records.
What is a DKIM record?
A DomainKeys Identified Mail (DKIM) record is a means for the receiving Email server to verify that the message was sent by the email address that is specified as the sending Email address. When the message is sent, the sender attaches a digital signature to the message. The receiving server then checks the DNS records for the sending domain to see that that the electronic signature in the DNS record matches that in the email. Gmail, the biggest email provider, uses DKIM extensively with the likes of PayPal and Ebay; if a DKIM record isn’t present or is invalid for messages claiming to be from PayPal or Ebay the message is ‘eliminated’ (it doesn’t even appear in the recipients Spam folder).
A DKIM record is a text-like record added to the DNS for the domain.
A practical example of when to use SPF and DKIM records
I often get contacted by people who aren’t receiving emails sent from their WordPress Website. The problem is very rarely with WordPress itself but more likely the Webhost (although no Webhost will admit this!). How WordPress email works is that it uses the Webserver to send email. Whilst this is a very inexpensive and simple solution there are problems with it …
If you use shared hosting (which is the vast majority of Websites), you are sharing an IP address and server with many other Websites. You don’t know who else shares the server with you so you may be sharing with a spammer, a website distributing viruses, a pornographic website and the list goes on. Now, when an email is sent from your Website (such as via a contact form), the message is sent from the shared IP address, the generic SMTP details of the shared server, a generic email address (e.g. [email protected]) etc. In other words, there is very little unique information in the sent email proving to any webspam filters that your sent message is reputable. Conversely, if you shared a Webserver with, say a spammer, there is alot in common in your sent message as with messages sent by the spammer (the same IP address, same SMTP server …).
By using a third party service to send email from a WordPress Website, instead of the Webhost server, we can specify SPF and DKIM records and this will make Email messages sent from the Website seem far less ‘spammy’. The receiving Email server will be able to identify that email received from out Website is from an authorised Email address (via the DKIM record) as well as being sent from an authorised server (via the SPF record).
There we go. Hopefully DKIM and SPF make a bit more sense now. If you need assistance in fixing problems with email sent from your WordPress Website then contact me.