If you have not set SPF and DKIM records they are bits of information you set up with whomever you bought your domain from. They are part of your DNS settings. They help email services know if your sending is legitimate. Let's dive into it!

Note: Ubico doesn't actually send emails itself. It simply tells Gmail to send your emails. This means that it'll use the gmail.com domain and Google already configured SPF and DKIM records for it.

What is SPF? How does SPF work?

SPF is an email validation system designed to prevent spam by verifying the sender’s IP address. It defines which IP addresses can be used to send emails from your domain.

So what apps should you include in your SPF - The general idea is to make sure all applications that send emails on your behalf (and are using their own SMTP, not yours) are included in your SPF. For instance, if you’re using Google Apps to send emails from your domain, you should put Google in your SPF. Here’s Google’s instruction on how to do this.

The first step is to check what is your current SPF record. You can do that using tools like:

When you type in your domain there (for instance I would input ubico.io), the tools will run some tests and show you your current SPF, or a notification that it hasn’t been set yet.

For instance if you are using Google Apps to send all emails from your domain, the line would look like this “v=spf1 include:_spf.google.com ~all”

No matter what domain hosting you use right now, these will be the following steps to validate SPF:

  1. Go to your DNS settings

  2. Create a new record

  3. Choose "TXT"

  4. Put "@" in name

  5. Put v=spf1 include:_spf.google.com ~all in value

And save it!

Here’s how to set up SPF for the most common domain hosts:

What is DKIM?

DomainKeys Identified Mail (DKIM) standard has been created for the same reason as SPF: to prevent the anyone from impersonating you as an email sender. It’s a way to additionally sign your emails in a way that will allow the recipient’s server check if the sender was really you or not.

By setting DKIM on your DNS server, you’re adding additional way of legitimizing your emails.

How to setup DKIM?

First, you need to generate the public key. To do that, you need to log in to your email’s provider admin console. The next steps may differ depending on your email provider.

If you’re using Google Apps to send your emails, here’s a step-by-step instruction. Google Apps email users, you should know that on default the DKIM signatures are turned off, so you need to turn them on manually in your Google Admin console.

After generating a new record, copy the host name and TXT record value and follow the following steps:

Go to your DNS settings

  1. Click on "Add new record"

  2. Choose "TXT"

  3. Put DNS host name that in "Name"

  4. Put TXT record from Google in "Value"

Here’s how to set DKIM in some of the other domain hosts:

If you’re sending lots of emails, whether it’s for marketing or for inbound or outbound sales, the reputation of your domain is crucial and you should take really good care of it. You don’t want your domain to get on a blacklist and your emails to end up in spam. Setting SPF and DKIM records properly on your DNS server is a necessary step towards the security of your domain and high deliverability of your messages.



Did this answer your question?