Tag Archives: email marketing

Tech Talk from Saascoms

Why SPF, DKIM & DMARC in DNS are essential in Email Marketing

Introduction

In 2024, Google and Microsoft announced stricter email requirements for domains sending large volumes of email. Their goal? To protect users from spam and phishing by enforcing domain authentication via DNS. Now they are essential in email marketing for Google and Microsoft requirements.

Bulk emailers who send more than 5,000 messages per day from the same domain, or subdomains, to one of the consumer email platforms (hotmail.com, gmail, etc), will need to configure SPF, DKIM, and DMARC in their DNS records. If the domains are not correctly configured messages may be rejected or land in spam folders, even if they are completely legitimate.

Let’s break down what these protocols do, why they’re now required, and how to get compliant.

Essential in email Marketing – DNS Records

  • SPF checks the sending server IP.
  • DKIM checks the signature.
  • DMARC combines results and applies the policy.

SPF – Define Authorised Senders

Sender Policy Framework (SPF) is a TXT record that informs receiving servers which IP addresses or services are allowed to send email on behalf of the domain.

DKIM – Digitally Signs Your Emails

DomainKeys Identified Mail (DKIM) sign each email with a private key. The public key is stored in the sender DNS. This tells receiving servers the message hasn’t been tampered with and really came from the authorised sender. Saascoms provides unique records for each client domain.

DMARC – Enforce Policy and Monitor Abuse

DMARC (Domain-based Message Authentication, Reporting & Conformance) informs email providers how to handle messages that fail SPF/DKIM checks—and sends you reports about suspicious activity.

Google and Microsoft now require a valid DMARC policy from all bulk senders. Without it, your emails may be silently dropped.  The minimum policy setting is ‘p=none’, which should ensure sender emails are received by the recipient.

What’s Changing?

Both Google and Microsoft now require that bulk email senders:

  • Use SPF or DKIM to authenticate their email.
  • Publish a DMARC policy in DNS.
  • Use a domain they own (not @gmail.com, @outlook.com, etc.) for ‘from’ addresses.

Conclusion

If you are sending bulk emails from marketing campaigns to system alerts you must authenticate your domain via DNS. Google and Microsoft are now enforcing what should have already been best practice, it is now essential in email marketing.

  • Set up SPF and DKIM to prove you sent the email.
  • Publish a DMARC policy to enforce protection.
  • Monitor reports to stay ahead of abuse.

At Saascoms we’ve been advocating SPF and DKIM records for some time, it is important that your DMARC record is verified as compliant, and added if not. Organisations failing to do so will not only damage delivery rates, customer engagement and brand trust; it will eventually prevent emails being delivered. Our Mailmaster software is fully compliant and can support your email marketing objectives.

Contact Saascoms