DNS soup shows DMARC, DKIM, SPF, and DNS in pasta letters

DNS, SPF, DKIM, DMARC and other alphabet soup for Authors

There’s a ton of information swirling around about email deliverability in the author community right now, so let’s take a moment and breathe.

Let me answer the most important question right out of the gate: no, this isn’t the apocalypse for your email marketing. It may, in fact, be the biggest opportunity for growth you’ve seen.

If you haven’t read my articles on sharable newsletters, please do. I give you context in those posts that goes beyond just the alphabet soup. That’s because I generally try to stick to relatable “best practices” rather than getting deep into the weeds on the geeky bits.

But now, we need to go there, but just a bit, so we understand why we have to do the thing. And a big part of this is understanding the language.

What is DNS?

DNS stands for the Domain Name System. You know about domain names: those are the website addresses that we use, the ones we type into the address bar at the top of the screen.

The domain name system is the part of the internet that keeps track of what physical machine each website lives on. Websites move, and if you move from one hosting company to another, you’ll need to update the DNS so that your followers can still find you. Owning your own domain name gives you a professional appearance, and also allows you to control your space.

But the internet is full of killer robots trying to take your site down. They also love to intercept the traffic in the middle and re-route it.

Why it matters

Let me give you an analogy. A friend paid a bill by putting her payment in her mailbox. A villain came by, stole the mail, took the check and washed off the ink, rewriting it for a large amount and then cashed the check. The bad guys intercepted and changed her check.

On the internet, they like to redirect your fans to somewhere else. Somewhere evil. I’ve seen several instances where someone suddenly had a pop-up on their computer telling them to call technical support because their computer was infected. Let’s be clear: that’s not how technical support works. Please don’t call hackers and allow them access to your computer. And please don’t pay them for the privilege of destroying your computer. This sounds like something that would be obvious, but the people I know who have fallen for it are NOT stupid. They’re smart people. They were using the internet and thought they were going to one place. They believed they had gone where they intended. But they did not.

And the rest of those stories are very sad.

You are a responsible website owner. Protect your readers! You don’t want your people intercepted and taken somewhere else.

You also don’t want people sending out fake emails claiming to be you. One of my clients recently got a demand to pay a bribe in Bitcoin – from himself. No, he didn’t pay. But what that told us was that the email system had allowed someone to pretend to be him.

Your website hosting company maintains a series of “records” – just fancy lines of text – that give the needed information to email servers. These are called DNS records and include a few different lines that geeks call DMARC, SPF, and DKIM. Stay with me and I’ll help you understand.

How DMARC helps

DMARC is an acronym for Domain-based Message Authentication, Reporting and Conformance. Translating from the geek, that means a way to prove that this email comes from you. DMARC tells a person’s email system that you are a professional and that if the system can’t prove that the email came from you, you want it to… “quarantine” – stick it in spam, “reject” – throw it away, or “none” – just go ahead and deliver it, I don’t care. Yeah, we probably don’t want “none.” DMARC also allows you to request a report from each email system telling you what they did with all of your emails.

Those reports can be fascinating and confusing. Generally, I don’t recommend writers spend a lot of time trying to decipher them, but if you want to learn how, I’m happy to teach (students: ask in the forums).

Okay, so DMARC sounds good, but HOW do they know if it is really from us? That tells them what to do if it ISN’T from us, but how to we prove it?

Every email includes more information than what you see on your screen. (You can view the raw email from your email system if you are ever interested.) These extra bits are a record of how the system tried to prove that you are you. And that brings us to… SPF and DKIM.

What is SPF?

Nope, we’re not talking sunscreen. SPF stands for Sender Policy Framework. This is the one that says, “this email came from this server, this server is allowed to send things from my domain.”

When a big company’s email server gets an email, it checks to see where that email came from. Then it checks to see who that email says it is from. It checks to make sure that the big web server (hosting machine) is allowed to send email from that person. If the two don’t match, that is an SPF failure. It’ll then look at DMARC to see how you want that handled, but understand: DMARC is a suggestion. Most email servers in our modern environment are now going to say, “nope” and throw it out. It won’t get to spam. That email never existed.

So what is DKIM?

DKIM stands for DomainKeys Identified Mail. The important part here is: key. There’s a little bit of encryption added to your email. If the key at the end isn’t the same as the key that is supposed to be there, it means that while the email came from your server, someone grabbed it in transit and messed with it – like my friend’s check.

DKIM is another test that email servers are using. Just like we wish the bank had a way of proving my friend’s check wasn’t altered, email companies CAN prove that your email wasn’t damaged somewhere along the way. Fail the DKIM check and… yep…. you know the drill: “nope” that email gets tossed out.

A DKIM record looks like a secret code. That’s because it is.

How do I do this?

This is where it gets both super-geeky and not nearly as complicated as you might think. If you are sending emails from a wonderful hosting company, they may already have set these for you! This is why I start everyone out by recommending mail-tester.com in those older posts.

Send an email from the same server as your website is hosted on, and things shouldn’t be too bad.

AH… but what if you use MailChimp, MailerLite, or some other sending service? This is where the challenge comes in. You need to get those “records” on your server to match up. You need your hosting server to say that it is okay for your email service to send on your behalf.

In your website hosting, there will be a place to set up DNS records. I recommend that you contact your technical support for help here, or get a geek to hold your hand. You’ll need to get the information from your mailing list company and put it into the DNS records on your hosting platform.

This is one of the areas where I’ve really been seeing some of the hosting companies shine the last few weeks. They’re getting swamped with people needing help. But here’s the thing to understand: these geeks have been doing this all day. Your request won’t bother or confuse them.

Get the information from your newsletter program, take it to your hosting company or a friendly geek, and they’ll help you get the records in the right place.

Remember: if you are sending from something like the Newsletter plugin on your own website, you may just need to make sure the default records are set up, and some hosting companies have already done it for you.

Run the test!

Start by running mail-tester.com’s test. It will tell you if you have a problem with some of those records.

Maybe you’ll pass SPF and DKIM, but you need DMARC. The tester will suggest a record for you to use. Go back to your records and add that, again looking for your helpful geek.

That test may give you OTHER information as well, things that will help you make your emails better. You may learn little details like how to balance images and text in your email. There is a lot of useful information there.

Mail-tester.com will change the URL at the top of the screen after you run the test. That gives you the test results so that you can send them to your favorite geek.

How to find a geek

I once read a book that said to leave Diet Cola and Cheetos around to attract a geek. At the time, I was working in a tech support office, and we opened our drawers to pull out the Cheetos and Diet Cola. It was… hilarious.

In reality, some of this will depend on how you’ve picked your hosting company. If they have good support, they should help you with this. They know you’ll need help. Also, your email newsletter provider will have support to help.

If they don’t help, then ask your writer friends who has helped them. Obviously, you can also hire me to do it. If you are on “Deleyna’s List” and you are dealing with this, remember: this is included, so just get on my schedule!

The key is to understand why you are doing this. What is your goal, and how you can tell if you’ve succeeded. (Hint: 9/10 or higher on mail-tester.com will mean you’ve done it.)

Does this help? Do you have other questions? Ask in the comments or share your experience!

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *