SPF, DKIM and Domain Keys

Automatr supports Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM), both of which result in higher email deliverability. To take advantage of these technologies, please be sure that all of the required DNS settings have been implemented.


For those that don't have a lot of experience with sending a lot of email, here's a brief explanation of what we're talking about and why SPF and DKIM are really, really important to you.

How Email Works

When you send email to your friend Jane, your device (laptop, cellphone, etc.) doesn't talk directly to her device. Instead, email that you send goes to your email server. Your email server talks to Jane's email server and forwards along the message. Her email server saves it for her until she's ready. Then, when Jane checks her email, her device talks to her email server and downloads the message. It's a simple and elegant system that works.

Evil Spammers

Unfortunately, evil spammers have figured out how to muck up the works. Have you ever received an email that said it was from Jane but when you opened it, it was full of ads or (OMG!) viruses? Somebody is pretending to be Jane by putting false information into the "headers" of a spam email. The "header" is the hidden part of an email that says which server it came from and who sent it. It's kind of like the envelope of an email.

SPF to the Rescue!

Sender Policy Framework solves that problem. SPF allows you (or, perhaps, your server admin) to publish a special record called an "SPF record" on your Domain Name Server. (Your Domain Name Server is often handled by your registrar - like GoDaddy or Network Solutions.) 

This special record is available to the public and basically says, "The only email server that may send out email for us is our email server. All other email - even though it says its from us - is spam.". 

An SPF looks something like this: 

v=spf1 include:_spf.google.com ~all  

Kind of cryptic, isn't it? Here's what it's saying:

v=spf1 : The version of this SPF record is SPF 1. In other words, we use the standard SPF protocol.

include : The server address listed right after this is OK.

_spf.google.com : This is our OK server.

~ : The server listed right after this is bad. (Tilde is shorthand for "soft fail". Usually, this means that the emails will be marked as Spam or placed in the Spam folder.)

all : All servers that don't meet any previous criteria.

EXAMPLE: Let's say that Evil Spammer sends you an email from the server spams-a-lot.ru and uses a different domain in the From address, such as jane@yourgoodfriendjane.com. When your email server gets that email, it will check the SPF record for yourgoodfriendjane.com. Jane's email server says "No way! That's not from us!". So, your email server deletes the message. Tada! Spam stopped.

In short, SPF is a method for validating the message envelope.

OK, but what about the body?

It is orthogonal and complementary to DomainKeys Identified Mail (DKIM), which signs the contents (including headers).

In brief, SPF validates MAIL FROM vs. its source server; DKIM validates the "From:" message header and a mail body by cryptographic means.

About Sender Policy Framework (SPF)

Sender Policy Framework (SPF) is a simple email validation system designed to detect email spoofing by providing a mechanism to allow receiving mail exchangers to check that incoming mail from a domain is being sent from a host authorized by that domain's administrators. The list of authorized sending hosts for a domain is published in the Domain Name System (DNS) records for that domain in the form of a specially formatted TXT record. Email spam and phishing often use forged sender addresses, so publishing and checking SPF records can be considered anti-spam techniques.

Implementing SPF for your Automatr domain

About DomainKeys Identified Mail (DKIM)

DomainKeys Identified Mail (DKIM) is an email validation system designed to detect email spoofing by providing a mechanism to allow receiving mail exchangers to check that incoming mail from a domain is authorized by that domain's administrators. A digital signature included with the message can be validated by the recipient using the signer's public key published in the DNS.

DKIM is a method of labeling a message, and it does not itself filter or identify spam. However, widespread use of DKIM can prevent spammers from forging the source address of their messages, a technique they commonly employ today. If spammers are forced to show a correct source domain, other filtering techniques can work more effectively. 

Implementing DKIM for your Automatr domain





Sender Policy Framework. (n.d.). In Wikipedia. Retrieved August 8, 2014, from http://en.wikipedia.org/wiki/Sender_Policy_Framework

Domain Keys. (n.d.). In Wikipedia. Retrieved August 8, 2014, from http://en.wikipedia.org/wiki/DomainKeys_Identified_Mail