Making Sure Your Emails Get Delivered, Rain or Shine
April 25th, 2024 by Gage Pacifera
As email providers have been increasing scrutiny of email traffic to cut down on spam, Harmonic Northwest has been seeing more requests to help configure email systems to ensure that company emails are getting through to customers. A lot of times these requests come as a result of companies seeing their marketing emails going straight to recipients’ spam folders or notifications from a website vanishing into thin air.
The specific solution to these problems depends on the situation, but I’ll go over a few common threads we’ve been seeing and scenarios that Harmonic Northwest has addressed.
The Holy Trifecta of Email Deliverability: DKIM, SPF and DMARC
Most of the email deliverability issues we’ve been seeing stem from missing or incorrectly configured DKIM, SPF and DMARC records. Email providers have explicitly called out strict requirements to have these three types of records set up properly in order for an email message and the email sender to be consider legitimate. I’ll go over what these are and summarize some typical fixes below.
SPF refers to a DNS TXT record that lists out servers that are allowed to send emails from your domain.
For example, if you use Outlook for your company email, MailChimp for marketing emails and have a WordPress site that sends contact form notifications, your SPF record will contain references to those three sources. If a malicious actor attempts to spoof your email and send out messages from a server not on that list, email services will see that and mark those emails as potentially fraudulent.
DKIM is a little more complicated—it refers to a secure key pair that validates an email message as being authentic where part of the key is contained in a DNS TXT record for your domain (the public part) and the other part of the key is on the server sending the email (the secret part). If you have multiple services sending emails out using your domain, then you’ll likely have multiple DKIM records.
For example, let’s say your WordPress site sends out notifications to a company email address when someone fills out a contact form. To ensure that message reaches the inbox of your office staff, you’ll need to make sure that 1) your server is configured to serve up DKIM keys, 2) that there is a properly configured DKIM key on the server that gets used for those outgoing notification emails and 3) that there is a corresponding DKIM entry in your DNS TXT records.
DMARC is the simplest of the three: it is a relatively straightforward DNS TXT record that tells email services what to do when emails are judged to be invalid. With the help of a DMARC record, you can get notifications about emails that are getting denied with useful information for debugging.
Troubleshooting Website Notifications
When working through email issues related to messages coming from a website or web application, typically we are looking into the hosting situation to make sure a good DKIM record is set up and then editing DNS entries to make sure we have a matching DKIM record and properly configured SPF and DMARC records. Most popular hosts already have the baseline DKIM technology in place and you just need to know where to look to find the DKIM key that you need on the DNS side. This is case for hosts like Dreamhost, Bluehost and SiteGround. With more customized server setups for a host like DigitalOcean, there might be extra work to do to ensure the server has the correct suite of packages and the proper setup in configuration files to link the DKIM key to the outgoing emails.
Email Deliverability for Marketing Campaigns
In the case of email marketing systems like MailChimp, there are configuration steps that need to happen within the administration panel of the account as well as the addition of DNS records (provided by the email service) at your domain registrar. Often times these involve using CNAME records instead of TXT records. These configuration steps are generally well-described by the service and usually easy to implement.
Third Party Email Services
While we generally prefer to set up DNS records and tweak server settings to allow emails to be sent directly from a website or application server, sometimes we choose to send email via a third-party service like SendGrid, MailGun or Postmark. In this case, we will typically install plugins or packages that link a site or application’s email functionality to this third party sender and update some DNS records as directed by the service. Once connected, the service handles the more technical parts of your email setup to ensure you are in compliance with deliverability standards.
Using a third-party service can be advantageous in several circumstances:
- The sending server has been blacklisted due to previous email history
- The sending server does not support DKIM authentication or is otherwise unsuitable for sending emails
- The client would like better visibility into statistics around email deliverability
- The client doesn’t want to deal with “server stuff”
Send via External SMTP
Sometimes we set up a connection to send emails from an email account within a company’s existing email system. This can simplify the setup process as you don’t need to sign up for a third party email service or update any DNS records or server settings.
For example, maybe you’re using Outlook for your company email. You can create a user called “notifications@mydomain.com” that is a dedicated address for sending out notifications from your website. In this case we can connect to your Outlook SMTP server, log in as that particular user and send out emails as though they were being sent by that user.
There are downsides to doing it this way. If the password for this email account is ever updated by a staff member or if the account is ever deleted, that would cause the email sendouts from the website to fail. The connection may introduce speed and reliability issues and depending on the quantity of emails being sent, costs for the email service could increase. Also, by using an email address on your primary domain (i.e. not a subdomain), there are risks for damaging the reputation of your primary domain… more on that below.
Protecting Your Domain Reputation by using a Subdomain
Let’s pretend for a moment that a website you manage is behaving badly, perhaps due to a bug or malicious activity, and sending out a large quantity of emails that are being classified as junk. This can have implications for your entire email domain. If notifications@mydomain.com is deemed an untrustworthy sender, other addresses on the domain (like janedoe@mydomain.com) might also end up getting lumped into this category.
To avoid this risk and protect your primary domain, you can set up your website or email list to send from a dedicated subdomain. You might choose a subdomain like “email.mydomain.com” to use with your email campaigns. Then if messages sent from notifications@email.mydomain.com get deemed spammy, the reputation of the subdomain will take a hit but the primary domain will remain unscathed.
In Conclusion…
Many factors can affect email deliverability and the reputation of your domain. I’ve touched on some of the more technical ones here, but there are more: the content of your messages, the validity of recipient email addresses, recipients marking your messages as spam, etc.
If you are having problems with email deliverability, get in touch and we can help get you pointed in the right direction.