One of the most common challenges that site owners face when starting their online journey is to ensure the reliable delivery of emails. Newsletters should end up in a recipient’s inbox but they do not. Instead, critical communication finds the spam folder. Luckily, the fix is not rocket science. Besides proper content hygiene, such as avoiding spammy subject lines or too many hyperlinks in the email body, all you need is a proper DNS configuration to ensure reliable email delivery.
What’s a DNS and which one to use?
A Domain Name System or DNS translates a human-readable site address such as unakriti.com to its internet address that browsers and websites understand. Similarly, a DNS also translates a human-readable email ID such as [email protected] to an address that email clients and servers understand.
Now, WordPress or no WordPress, DNS servers have standard nomenclature to define address records. So, no matter the name service resolver your site relies upon, you can follow along with this guide. For its simple and intuitive interface, we use and recommend the free Cloudflare DNS.
What DNS records ensure reliable eMail services and how to generate these?
Irrespective of where you host mailboxes, or which eMail service provider (ESP) you use to send newsletters or notifications, verify that you have the following DNS records to take care of things like eMail receipt, delivery into an inbox (and not the spam folder), security, or domain reputation. If any of these are absent, add them. Do not worry if these records seem weird. Let us just figure what they do, look like, and how to get the respective values.
- MX Record for Inboxes: Mail Exchange or MX specifies the mail server that hosts your eMail inboxes. When someone sends you an eMail, this record ensures that it is delivered to you. For a sender, an MX record is like ‘driving directions’, if you may, to reach your inbox. Example MX record:
How to get the value of MX record: Your email host will provide this. So, consult your service provider’s (e.g. Gmail/GSuite) documentation. For Yandex, it is
mx.yandex.net. Some transaction email providers such as Amazon SES may need a separate MX record to specify the ‘mail from’ domain.
- SPF Record to Avoid Sender’s Domain Forgery: Sender Policy Framework or SPF protects against eMail domain forgery. An SPF record establishes the origin and route of your eMails. An SPF record prevents spammers to send eMails from a non-existent mail ID of your domain. This record should specify the origin for all your emails – newsletters, transaction emails, and regular business correspondence. We use Amazon SES for transaction emails and newsletters, and Yandex Connect for regular business correspondence. Example SPF record:
|TXT||yourdomain.com||v=spf1 include:_spf.yandex.net include:amazonses.com ~all||Automatic|
How to get the value of an SPF record: Consult your service provider’s (e.g. Gmail/GSuite) documentation. For Yandex, the value is
_spf.yandex.net and for Amazon SES, it
- DKIM Record to Avoid Sender’s eMail ID Forgery: DomainKeys Identified Mail or DKIM protects against eMail address forgery. DKIM private key encrypts the sender’s eMail, which the receiver decrypts using the public key from your DNS. In other words, a DKIM record prevents spammers to send eMails from a valid mail ID of your domain. Example DKIM record:
|TXT||mail._domainkey||v=DKIM1; k=rsa; t=s; p=a very long alphanumeric string||Automatic|
How to get the value of a DKIM record: Consult your service provider’s (e.g. Gmail/GSuite, Mailchimp, etc ) documentation. This is a distinct record for each service provider. That is, even for the same domain name, Amazon SES and Yandex will have separate DKIM values. Additionally, some transaction email providers such as Amazon SES will require DKIM-specific CNAME records too.
- DMARC Record to Develop Sender’s Reputation: Domain-based Message Reporting and Conformance or DMARC builds upon SPF and DKIM records to help senders and receivers communicate and develop trust over time. Example DMARC record:
How to get the value of DMARC record: This is a domain-property level DNS record. You will need a domain name and a valid email ID to create this using a DMARC record generator tool.
Please note that SPF, DKIM, and DMARC records provide assurance and not a guarantee of reliable delivery into the intended recipient’s eMail box. Spam filters also consider message content, for instance, to decide whether the final destination of an eMail should be a primary inbox or any other folder. But these DNS records set you up for enhanced reliability.
How to test DNS records for email sends?
Ensuring reliable email delivery requires diligence. So, after all the work, is there a way to test whether the configuration is working or not? Yes, there is a simple one. After you have defined the necessary DNS records, send a test newsletter or a test notification (transaction email) from your site. For instance, we sent a test email from Wordfence plugin to a Gmail ID.
Next, head over and log in to your Gmail account. If your site has been configured properly to send emails out, you should see a new email from your site. Click it open and look up the message headers as depicted above. When everything is set right, the eMail header will show SPF, DKIM, and DMARC with the PASS labels.
Need help with a site?
We can help create beautiful WordPress blogs and sites. Our modular approach offers secure sites while optimizing operating costs and performance. Head over to our page on website design and development plans and get started.
Disclaimers: (1) Maps, wherever used on this site, serve a representational purpose only. Unakriti does not endorse or accept the boundaries shown, names, or designations used by map providers. (2) This story/article is based on the personal opinions of the author. Unakriti is not responsible for the accuracy, completeness, suitability, or validity and it does not assume any responsibility or liability arising out of use of any information provided herein.