DMARC, SPF, DKIM - Why these DNS records are so vital for Email Delivery

Email DNS (Domain Name Service) records are critical for email delivery. Without the four major components (discussed below), your company’s outbound messages likely won’t reach the intended inboxes. And even if they do, there’s a chance they’ll fall victim to phishing or spoofing scams that damage your brand. The following DNS records are vital for your email to work properly:

  • DMARC (Domain-based Message Authentication, Reporting, and Conformance): Email validation system designed to detect and prevent email spoofing (forged sender addresses used in phishing and spam efforts)
  • SPF (Sender Policy Framework): Email authentication method designed to detect spoofing via authorized domain list; component of DMARC
  • DKIM (DomainKeys Identified Mail): Email authentication method designed to detect spoofing via digital signature; component of DMARC
  • MX (Mail Exchanger): Resource record specifying mail server responsible for accepting email on behalf of a domain

Each of the above DNS records helps protect your company’s email reputation by providing safeguards to your outbound messages. To that point, achieving DMARC compliance is a vital step in ensuring your emails are delivered to your customer base.

What Is DMARC?

The importance of reaching DMARC compliance can’t be overstated. Essentially, your company’s email reputation relies on this protocol.

Once DMARC has been implemented, it allows you to:

  • Monitor, detect, and fix real-world problems with your email delivery
  • See the email volumes you’re delivering to inboxes (including which inboxes)
  • Identify threat emails perpetrating to come from your domain (i.e., spoofing/phishing)
  • Control the delivery of your email and defend against spoofing attacks

In addition to the above perks, DMARC lets you take full control of your email deliverability. To combat spoofing and fraudulent domain activity, as well as improve message delivery, implementing DMARC will put your business in control of getting your messages to inboxes and protecting recipients from phishing threats.

Otherwise, there’s no guarantee your emails will be received as desired. Discarding a common email records misconception will also boost your delivery rates.

Set It and Forget It?

Many people believe that once email records are set, they’re done with the process and the settings never need to be addressed again. This sentiment couldn’t be further from the truth. If you want your company’s email delivery rates to stay consistently high, routinely monitoring and adjusting your DNS records when necessary is imperative. There are several impactful issues that can arise if you ignore your settings. Some potential scenarios include:

Scenario 1: Your company’s Marketing Department adds a new email vendor, but they don’t update the approved sender list for SPF.

-Result: Email sent via the new system isn’t delivered and is subsequently blocked by all receiving mail servers.

-Solution: With DMARC implemented and by monitoring those records (via a service such as our Delivery Center), the Marketing Department is made aware of the problem and immediately corrects it.

Scenario 2: Your business’s System Administrator/Email Administrator/Consultant almost correctly sets up DKIM, but the DKIM-Signature in the email doesn’t validate against the public key.

-Result: DKIM predictably fails authentication tests and nobody’s aware of the problem,  which causes email delivery issues because DKIM performance tracking isn’t being done.

-Solution: By utilizing DMARC and through monitoring those records, the accompanying personnel are quickly aware of the delivery issues and fix the DKIM validation error.

Scenario 3: Your organization has DMARC fully setup with a 100% reject setting, so everyone thinks that’s ideal and nothing else needs to be done. The Accounting Department then adds a new invoice system/vendor with emailed invoices going out through that system. Unfortunately, the Accounting staff is unaware of any required system changes.

-Result: 100% of the email sent from the new system is rejected by the receiving customers’ mail servers; $500K of invoices isn’t payable until messages can be delivered.

-Solution: The necessity to monitor DMARC and overall email performance is apparent in order for potential issues to be detected and fixed immediately.


Learn how Delivery Center Helps Need Help Managing DMARC & Email Delivery?