Each time you send an email, multiple aspects of your email setup are tested. Based on the outcome of these tests, the decision is made whether your email should be delivered to the recipient or rejected (bounced). We are able to test your email setup and help you identify the things you need to improve in order to maximize your email deliverability – and ultimately your campaign results.
This article serves as a brief guide to all those aspects that are tested. To help you navigate the article and find the necessary info, it’s broken down into items, each item representing a single aspect tested. Each item contains basic information about a potential issue, how it impacts your email deliverability, and the next steps to getting it fixed. It might be a bit overwhelming, but fear not, your IT guys will understand the instructions and know how to act on them.
On a side note, it’s not absolutely necessary to have all of these settings set up. Your emails might very well get delivered to their recipients regardless. Nevertheless, in the end, all the items listed here impact your overall spam rating. We strongly believe that taking care of these things increases the chances of you reaching your prospect. And we encourage you to set them up properly in order to maximize the results of your outbound campaign.
If you have any questions regarding the items below, please reach out to the Customer Success team.
MX
Mail eXchange records
MX records are a simple system that allows the owner of the domain to publish and the client to find the email server an email should be delivered to. MX records are published as a part of the domain’s DNS records.
If set inappropriately, the MX records might be treated as a weak indication that an email server is not authorized to send emails from an email addresses in that domain. It’s not very important but may impact your reputation nevertheless.
The Wikipedia article on MX record provides a more thorough overview of the topic.
Setting up MX records
To set up it up, the owner of the domain needs to publish the MX record as a part of the domain’s DNS record. Modern hosting providers offer wizards that allow you to publish these records in few simple steps.
You can validate your MX records automatically using a tool like MXToolbox or manually using the command line command: dig mx domain.name
Remember that DNS records may take up to 24 hours to propagate after an update.
Next steps
Contact the person responsible for the setup of your domain and hosting. They need to update your MX records so that they contain all the email servers that you’re using to send and receive emails.
FCrDNS
Forward Confirmed Reverse DNS
DNS is one of the most basic systems the internet is built upon. It allows the owner of the domain to publish and the client to retrieve the IP addresses of servers hosting the resources (e.g. website). E.g. when you type google.com in your browser, it looks up the DNS A record for that domain to retrieve the 216.58.209.46 IP address. It then connects to that server to request the resources you want to reach (e.g. the Google’s website).
There’s a system similar to DNS that works in reverse. It’s a pointer (PTR) record assigned to the IP address that points to the DNS A record of the corresponding domain. The client may perform a reverse DNS lookup (rDNS) to check the pointer from the server’s IP to the domain’s DNS A record, to help validate the server as authentic. Pointers are not published by the party using the IP, but rather by the ISP and they are relatively hard to establish.
How FCrDNS works
The FCrDNS check is based on the PTR and DNS systems. To do an FCrDNS check, we run a DNS lookup on the server’s domain. Then we run an rDNS lookup on the IP address retrieved with the DNS lookup.
The original domain name for which we run the DNS lookup should be exactly the same as the one pointed by the PTR record of the IP address. If these two do not match or if there are multiple domains listing the same server, it’s a strong hint to the recipient that the server might be used for sending spam.
Setting up FCrDNS
You can validate your MX records by using the DNS lookup tool and the reverse DNS lookup tool from MXToolbox or by using the command line commands: dig a domain.name and dig x ip_address
Next steps
If you’re using a 3rd party email provider, contact their support team and ask about the FCrDNS mismatch. The email provider is the one responsible and the only one with the power to change the records involved.
If you’re using your company’s own mail server, contact the administrator responsible for the email server, report the situation and discuss the ways to resolve it.
SPF
Sender Policy Framework
SPF offers a simple yet effective way to prevent email spoofing and SPAM. It allows the email recipient to ensure that the party that sent an email is authorized to do so.
Lack of an SPF record makes you a less trustworthy communication partner, but it also allows unauthorized parties to send emails in your name, which may impact your reputation or even get you blacklisted.
How SPF works
The working principle of SPF is fairly simple, the domain owner publishes a list of hosts (addresses of email servers) that are authorized to send emails in its name. This list is published as a part of the domain’s DNS record.
Upon delivery, the recipient may check the SPF records of the supposed sender’s domain to check whether the server the message originated from was authorized to send it.
The Wikipedia article on SPF provides a general overview, and the website of the organization behind SPF offers a detailed explanation of the concepts behind SPF as well as detailed instructions on creating and publishing a record.
Setting up SPF
The owner of the domain publishes the SPF policy as a part of the domain’s DNS record. Modern hosting providers offer wizards that will allow you to generate an SPF record and publish it in a few simple steps.
You can also use one of the publicly available generators, like the SPF Wizard. It will generate an SPF record for you as well as suggest the recommended settings. Once you have the record ready, publish it using the administration panel of your hosting provider.
You can validate your SPF records automatically using a tool like MXToolbox or manually using the command line command: dig mx domain.name
Remember that DNS records may take up to 24 hours to propagate after an update.
Next steps
Contact the person responsible for the setup of your domain and hosting. They need to update your SPF records so that all the email servers that you’re using to send emails are listed there.
DKIM
DomainKeys Identified Mail
DKIM is a method of email authentication. It allows the recipient of the message to verify that it indeed originated with the signed sender and was not altered along the way.
DKIM offers an effective way to prevent email spoofing. DKIM makes it much harder for the unauthorized parties to send emails in your name.
How DKIM works
DKIM is based on cryptographic authentication. The owner of the domain has a set of two keys. The private key is used to generate the email signature that is sent along with the message. The public key is published as a part of the DNS record. The recipient uses it to decipher the signature attached to the email. He can then check whether it matches the contents of the actual message delivered. If the details don’t match, it’s a clear indication, that the message has been forged.
The process is based on a basic cryptographic principle. It’s theoretically impossible to generate a matching signature without using the public key. In other words, everyone can decode the signature, by retrieving the public from the DNS record, but only the party in possession of the public key can generate a valid signature.
The Wikipedia article on DKIM provides a general overview, and the DKIM homepage offers a detailed explanation of the core concepts as well as detailed instructions on generating the keys, publishing the public key, and setting up your emails so they are signed with the private key by your SMTP server.
Setting up DKIM
Setting up DKIM consists of three steps:
- First of all, you need to generate a set of public and private keys. There is a variety of tools that will do that for you that you can use, like the DKIM Core key generator. For safety reasons, It’s recommended that you use at least a 512-bit key, while 1024- or 2048-bit keys are suggested.
- Once you have the keys ready, you need to deploy them. The public key needs to be published in your domain’s DNS records. Modern hosting providers offer wizards that will allow you to publish the DKIM record in a few simple steps.
- Finally, you need to set up your email server so that it generates and adds the digital signature to your emails, based on the private key. If you’re using a 3rd party email provider, refer to the instructions offered by them. If you’re running your own SMTP server, refer to the instructions for setting up DKIM on the server.
Remember that DNS records may take up to 24 hours to propagate after an update.
Next steps
Contact the person in charge of the setup of your domains, hosting and email accounts. They need to deploy DKIM in your domain and email accounts.
DMARC
Domain-based Message Authentication, Reporting & Conformance
DMARC is a system based on SPF and DKIM that helps the recipient verify that the message really originated with the claimed sender. It also allows the sender to establish a check policy and decide for the recipient what should be done if the messages received did not pass an SPF or DKIM check. Furthermore, it allows the sender to get feedback on the whole process.
Setting up DMARC can help you attain a good reputation for your email domain. As an added benefit, it will help protect your domain from phishing and spoofing attacks.
How DMARC works
DMARC is based on either SPF, DKIM or both. It allows the owner of the domain to specify if either (or both) can be used to authenticate the messages that are claimed to originate with a sender in that domain. If either the SPF or DKIM check fails, the DMARC check fails too. The domain owner specifies exactly what should be done with messages that failed the check.
DMARC also allows the domain owner to request the recipient to send reports of messages that failed the check.
The Wikipedia article on DMARC provides a general overview, and the DMARC homepage offers a detailed explanation of the core concepts as well as detailed instructions on generating and publishing the DMARC record.
Setting up DMARC
The owner of the domain publishes the DMARC policy as a part of the domain’s DNS record. Modern hosting providers offer wizards that will allow you to generate a DMARC record and publish it in few simple steps.
You can also generate the record with tools like Dmarcian. It will help you generate a DMARC record as well as suggest the recommended settings. Once you have the record ready, publish it using the administration panel of your hosting provider.
If you want the messages that failed the check to be quarantined or rejected, it’s a good idea to deploy such a policy slowly. Start by quarantining a small fraction of the emails, say 1-5% and increase it over time. Once you get to 100%, you may enable rejecting, again, starting with a small number and again, increase it over time.
You can validate your DMARC records automatically using a tool like Dmarcian or manually using the command line command: dig txt _dmarc.domain.name
Remember that DNS records may take up to 24 hours to propagate after an update.
Next steps
Setting up DMARC is not obligatory, but using it will have a positive impact on your email domain reputation. Contact the person responsible for the setup of your domains and hosting. Discuss using DMARC with them and choose the best option for you.
Blacklists
Blacklists are a simple mechanism that allows the users to share information on the email addresses, domains, IP addresses, etc., that should not be trusted.
How blacklists work
Blacklists are basically lists of email addresses, email domains, mail server IP addresses, or other entries that should not be considered as trusted. Upon receiving a message, the recipient may check with the blacklist server to find out whether the sender is listed on it.
If your email address/domain is listed on a blacklist, it may impact the deliverability of your messages or cause them to be flagged as spam.
Getting off blacklists
Reasons for getting blacklisted may vary, from falling a victim to an email phishing or spoofing, to being perceived as a spammer. The reasons will also change from blacklist to blacklist. Usually, this is caused by your email address/domain low reputation.
Blacklists publish information about how to get off the list. Usually, this will involve requesting to be unblacklisted, fixing what originally got you on the list, waiting some time, etc.
Keep in mind, getting listed repeatedly will make getting off the list harder for most blacklists.
Next steps
Refer to the blacklist’s website to find out what you did wrong and what you need to do to get off the list. Work on improving your email address/domain reputation. Learn more about the upkeep of your email address/domain reputation it in this article.
