In recent years, email and communication over the internet have been on the rise, and by default, the risk of misuse and other harmful attacks increased too.
Those attacks can consider simply sending spam or unwanted content to a more serious behavior like spoofing. With that in mind, it is essential to set up the domain properly and prepare it for sending as a recognized and valid organization/individual. For that purpose, it is necessary to set up SPF, DKIM, and DMARC, while BIMI is a relatively new standard that increases the visibility of your messages in inbox.
All mentioned settings are in fact records that can be added and configured at the domain level in DNS (Domain Name System). Access to DNS is usually limited to the domain owners and persons with administrator permission.
Sender Policy Framework (SPF) is a security standard used to prevent email spoofing and protect email users from spam and phishing attacks. It allows the domain owner to publish a special SPF record in their DNS (Domain Name System) settings that specify which IP addresses are authorized to send emails on behalf of that domain. When the recipient's server receives an email, the server can check the SPF record to verify that the message was actually sent from an authorized IP address. If the message was not sent from an authorized IP address, the server can reject or flag the message as potentially fraudulent.
By using SPF, domain owners can help protect their domain from being used in spam and phishing attacks and ensure that their legitimate emails are delivered to the recipient's inbox. SPF is often used in conjunction with other email security standards, such as DKIM (DomainKeys Identified Mail) and DMARC (Domain-based Message Authentication, Reporting, and Conformance), to provide a comprehensive approach to email security.
SPF record example from a couple of main email providers:
Google services:
v=spf1 include:_spf.google.com ~all
Microsoft services:
v=spf1 include:spf.protection.outlook.com -all
Zoho Mail:
v=spf1 include:zoho.eu -all
That being said, adding Autoklose to the SPF record is unnecessary since we do not send from our servers. For better personalization and inbox delivery, we just initiate the process, which is then done by the email provider server.
There can be only one SPF record inside the domain configuration, so if the organization needs to use other services for marketing or transactional emails, those tools should be added to an existing record. Simply add a server or IP address using the "include:" like in the example below:
v=spf1 include:main_provider.com include: marketing_service.com ~all
DKIM (DomainKeys Identified Mail) is a security standard that protects email messages from being forged or altered in transit. It uses a combination of encryption and authentication to verify that an email message was actually sent by the domain it claims to be from and has not been modified during transit. This helps prevent spam, phishing, and other types of email fraud.
Similar to SPF, DKIM is set up inside the domain DNS:
The first step in setting up DKIM is to generate a key pair: a private key and a corresponding public key. The private key is used to create the cryptographic signature and must be kept secure and secret. The public key is published as a DNS record for others to use in verifying the DKIM signatures.
Once you have the DKIM key pair, you must publish the public key as a DNS TXT record for your domain. The DNS record contains information about the DKIM configuration, such as the key type, domain name, selector, and the public key itself.
The DKIM record typically looks something like this:
selector._domainkey.yourdomain.com. IN TXT "v=DKIM1; k=rsa; p=your_public_key"
selector: This is a string that helps identify the specific DKIM key for the domain. You can have multiple selectors if you want to use different keys for different purposes (e.g., one for marketing and another for transactional emails)._domainkey: This is a fixed string that indicates the location of the DKIM record in the DNS hierarchy.yourdomain.com: Replace this with your actual domain name.v: The version of DKIM being used. Currently, it's always set toDKIM1.k: The key type. DKIM commonly uses RSA keys, so this is usually set torsa.p: The public key itself.
When you send an email from your domain, your email server signs the message with the private key corresponding to the selector used in the DKIM DNS record. The signature is then added as a DKIM-Signature header to the email.
When the recipient's mail server receives your email, it performs a series of checks, including DKIM verification. It retrieves the public key from the DKIM DNS record using the domain and selector from the DKIM-Signature header. The recipient server then validates the DKIM signature using the retrieved public key and confirms that the email has not been altered since it was signed.
If the DKIM verification fails or the DKIM signature is missing, some email servers may mark the message as potentially suspicious or treat it as more likely to be spam.
Setting up DKIM in DNS records is crucial in enhancing email deliverability and ensuring that your emails are not flagged as spam due to email spoofing or tampering. It adds an extra layer of trust and authentication to your email communications.
DMARC (Domain-based Message Authentication, Reporting, and Conformance) is a security standard that helps protect email users from spam, phishing, and other types of email fraud. It works by building on the existing DKIM (DomainKeys Identified Mail) and SPF (Sender Policy Framework) standards to allow domain owners to specify how they want their emails to be authenticated and what should happen if they fail authentication.
DMARC uses a special DNS record that is published by the domain owner and specifies how the recipient's server should handle messages that fail DKIM or SPF authentication. This record can be used to instruct the recipient's server to reject or quarantine the message, or to allow it to be delivered with a warning to the recipient. By using DMARC, domain owners can help protect their domain from being used for spam or phishing attacks and ensure that their legitimate emails are delivered to the recipient's inbox.
BIMI (Brand Indicators for Message Identification) is a new email standard that aims to help businesses and organizations protect their brand and improve the security and authenticity of their email communications. It allows a domain owner to publish a special BIMI record in their DNS settings containing a verified logo for their brand. When a participating email provider receives an email from that domain, the provider can use the BIMI record to display the verified logo next to the sender's name in the recipient's inbox.
This helps to improve the visibility and recognition of the sender's brand and also provides a visual indication to the recipient that the message is authentic and has passed certain security checks. BIMI is still a relatively new standard and has yet to be widely supported by email providers. Still, it has the potential to become an important tool for protecting and promoting brand identity in the digital world.
SPF, DKIM, and DMARC are crucial and required for good email delivery and the overall health of the email account and domain. At the same time, BIMI helps with message visibility in the recipient's inbox.
All these security settings are created on the domain level, inside DNS, and outside of the Autoklose platform. Autoklose just initiates sending, which is then done by the provider or custom-made user server, so it is not necessary to mention Autoklose in any record. Since this is a domain-specific setup, most information can be found in the email provider knowledge base and public articles, but it is always good to discuss potential issues with their support teams as well.
— — —
If you have any questions do not hesitate to initiate a live chat.
Happy klosing! :)
Your autoklose.com team!
— — —
To learn about sales, customer acquisition, business strategy, and more, read our 50,000 subscribers strong blog.
Join over 10,000 followers on LinkedIn, to learn just released success stories from around the world of business.