DNS Records and Emails:
Why a Proper Setting Helps Improve Deliverability
When you’re sending business newsletters, transactional emails or any other email communication, you know the importance of deliverability. Reaching your destination is vital to delivering your message. But often, an incorrect (or worse, missing) DNS parameter setting can cause your communication strategy to fail.
The correct setting of DNS records in email systems is both essential and underestimated.
SPF, DKIM, DMARC… the terms are complex but not as complicated as you might think.
In this article, we’ll see how a string of code entered in the right place can help improve (a lot!) your deliverability, saving you the kind of headaches that have cost many marketers sleepless nights.
You’ll learn:
- What DNS records are;
- The role of DNS records in email systems;
- How DNS records can enhance your deliverability.
You’ll also see why some email systems are more effective than others and learn the main risks you might encounter while sending your emails. Most importantly, you’ll learn how to prevent these problems before they arise. We’ll provide some practical examples too.
DNS: The System That Enables Web Browsing
You might already be familiar with IP addresses. They’re numbers assigned to every device with web access and are used to identify PCs, servers or printers connected to the Internet.
The DNS (Domain Name System) associates a domain name with an IP address. It’s like a giant phone book containing the contact details of everything online, including both devices and servers.
Enormous databases, called DNS servers, store and manage all the information needed to find a domain on the network. These sets of information are known as DNS records. They’re entries that allow search engines to find the IP address associated with a domain name.
There are several types of records. Each record communicates a different piece of information, allowing each IP address to link to its domain name.
For example, the domain name ‘google.com’ is connected to the IP address ‘172.217.14.195’.
Both lead to Google. Try it and see!
The main function of DNS is to link, or translate, names into numbers. By bringing the language of computers closer to the words used by people, DNS prevents internet users from having to memorize long and complicated sets of numbers.
But what exactly happens when you search for a website using a domain name?
The process works something like this:
- The browser sends an information request to the DNS server;
- The server answers the browser, providing the IP address linked to the domain name;
- The browser, knowing exactly who you want to reach, provides access to the website.
This mechanism also plays a key role in email exchange.
Email: How DNS Enables Information Exchange Between Senders and Recipients
Behind the functioning of email services we always find the same actor: the DNS system.
Why? Because emails are sent from one domain to another.
When users send a message, they direct their email to a specific domain, including the @ symbol.
Once the Send button has been pressed, the delivery server has to figure out which server the message should be sent to.
Here’s what happens:
- The outgoing mail server requests information about the recipient, or incoming, server;
- The recipient server asks for information about the outgoing mail server and the sender domain.
This data exchange and transmission are enabled by specific DNS records.
Spam control systems always verify that the name of the server matches its IP address. Or to put it in more technical terms, they ascertain that the host name resolves to the IP address of the server in question.
If this check fails though, the message might be considered spam and won’t be delivered. It’s as though you’ve received a mis-addressed package you weren’t expecting from a sender you don’t recognize. There’s a good chance you’d send it back.
In the previous section we mentioned the different types of DNS records. Some of these are essential to:
- Ensure the emails exchange and increase deliverability;
- Maintain the good reputation of the domain sender and delivery server;
- Protect you against spam and identity fraud.
The three most widely used DNS records are: SPF, DKIM, and DMARC.
The SPF Record Identifies IP Addresses That Can Send on Your Behalf (and Limits Phishing and Spoofing)
SPF, or Sender Policy Framework, is an email authentication protocol that prevents the imitation of sender addresses. It stops people using fake addresses, protects you against spoofing and phishing, and prevents messages being reported as spam.
This type of DNS record identifies the email servers authorized to send email on behalf of your domain. The record lists all servers with a particular ‘sending license’, allowing only specific IP addresses to send your messages.
As a domain owner, you declare that all your emails are carried by certain servers. Any other messages, traveling along other channels, should be considered fake.
Incoming mail servers query the SPF record and check that incoming emails that appear to be sent by a specific sender really have been sent from a server authorized by the sender’s domain owner.
So, an SPF record defines the IP addresses allowed to send on behalf of a specific domain. They also tell the receiving server what to do after checking the messages.
Imagine, for example, that a private party is held at a nightclub. At the door, the security runs controls, letting in only the people who are listed. The recipient server acts like a bouncer and the SPF record is the guest list. The server refuses emails that come from an IP address or sender not listed in the SPF record.
It’s possible to create only one SPF record for each domain, but you can also allow multiple servers or third-party senders in the same record.
Without SPF records, spammers would have a much easier time sending emails using fake sender addresses and persuading recipients to share sensitive information.
DKIM Records: a Double-Key Authentication System That Avoids Message Manipulation
Like the SPF protocol, DKIM, or Domain Keys Identification Mail, is used to prevent scammers from spoofing their email identities.
We can describe SPF as a ‘message certification’ service. The system checks whether the email comes from the stated source and whether its content has been altered.
By placing this record among the DNS of its domain, the sender receives a digital signature that guarantees the identity of the sender and the source of the messages. At the same time, it notifies the recipient server that the content of the email has not been intercepted and manipulated.
How does the process work?
Emails are encrypted as they are sent and the destination server is told how to decrypt them.
Imagine that Sam wants to persuade John, an employee at ‘HereisanexampleSPA’, to send him confidential business information. By sending an email that appears to be from ‘Peter@hereisanexamplespa.com’ Sam could make John believe he works for the same company.
Spammers and scammers may try to impersonate a domain when sending emails. This protocol makes that fraud much harder.
By using encryption to digitally sign emails, the DKIM system proves to the recipient’s servers that the message has been sent by the domain owner, and provides a key to verify the signature.
Let’s take a closer look at the process.
The DKIM protocol generates two types of keys to digitally sign an email and authenticate its origin:
- A private key that allows the sender to sign the message;
- A public key that lets the recipient verify the signature.
Each recipient email server can query the DKIM record and receive the public key that verifies the digital signature in the email header. This process ensures that the message has been sent from the domain owner, and guarantees the email has not been manipulated while in transit.
It’s a bit like the wax seals that used to be applied to letters. They prevented messages from being opened by someone while en route.
If signatures don’t match, the message will be considered illegitimate. It won’t be delivered or will be reported as spam.
The DKIM system is a powerful shield against attempts to steal information or identity.
Processing Non-Authorized Emails: the DMARC Protocol Explains How to Proceed
DMARC, or Domain-based Message Authentication, Reporting and Conformance, is the protocol which standardizes the SPF and DKIM authentication systems, extending their functions.
The DMARC system defines how the recipient should handle incoming messages depending on the results of the DKIM and SPF checks. It tells recipient servers what to do with emails once they have been classified as legitimate or rejected.
In other words, DMARC records are DNS records which provide clear instructions to servers.
An example might be: ‘If a message fails SPF and DKIM checks, don’t deliver the email.’.
These instructions are required because although email systems administrators try to be careful about unauthenticated emails, the DMARC protocol helps them handle messages when an SPF or DKIM check (or both) fail. If an email fails the check, DMARC specifies whether to deliver the message anyway, block it, or report it as spam.
This data distribution mechanism provides stricter message management, making email review easier for email providers.
Working together, these three authentication systems act as background checks on email senders, verifying that they really are who they claim to be.
A Proper DNS Setup Can Improve Your Delivery Rate… and Do a Lot More
So paying attention to the correct configuration of DNS parameters is crucial. The delivery of your emails depends on it.
The right setup of specific DNS records in your sending domain will allow you to:
- Improve your deliverability;
- Preserve the reputation of your domain and the server you have chosen to send;
- Protect yourself from cyberattacks.
Without a proper DNS record configuration, there’s a good chance the emails you send will be rejected or reported as spam. This means that a large number of the messages you send will not reach your recipients, making your delivery rate plummet dramatically.
In the long run, your domain’s reputation will be damaged. Over time, bounced or spam emails can compromise a domain’s ability to reach recipients’ inbox, leading to serious communication issues, wasting time and money.
Cyberattacks are an additional danger that should not be underestimated. Attackers may use your domain name to create email addresses to attempt spamming, spoofing, phishing, and other kinds of fraud.
With SPF, DKIM and DMARC records, you can set up a proper protocol to authenticate your emails and make it much more difficult for scammers to imitate your domain.
If you are using turboSMTP and you have not yet configured the DNS records needed for authentication, read this guide to set them up in a few minutes.
If you don’t feel comfortable doing this yourself, you can ask your email provider to do it for you.
Looking for a professional SMTP server to take your delivery rate to the next level?
Trust turboSMTP to deliver your emails. It’s reliable and easy to use, and 100% GDPR compliant.
TABLE OF CONTENTS
- DNS: The System That Enables Web Browsing
- Email: How DNS Enables Information Exchange Between Senders and Recipients
- The SPF Record Identifies IP Addresses That Can Send on Your Behalf
- DKIM Records: a Double-Key Authentication System That Avoids Message Manipulation
- Processing Non-Authorized Emails: the DMARC Protocol Explains How to Proceed
- A Proper DNS Setup Can Improve Your Delivery Rate… and Do a Lot More
Do you want to improve the performance of your email campaigns?