Email Verification Explained

by | Feb 6, 2024 | Newsletter

This month, I have done more email verifications than any other type of project.  A lot of my clients are confused and feel it’s too hard to figure out how to do it, so they just come to me with their hands in the air saying, “Help!”

Why are so many email sending platforms requiring verification of your domain?  

It’s all about deliverability.  A verified domain has a much higher chance of being delivered to someone’s inbox.  If an email is not verified, it will most likely end up in spam or junk and not ever be seen.

So, what is email verification?  

There are basically 3 records we’re looking at when it comes to email.  They are SPF, DKIM, and DMARC.  They sound really scary and technical, but they basically help the email browser to know if the email is coming from the domain it’s claiming to come from.  With all of the scams out there trying to pretend they’re someone else, this is becoming increasingly important.  

So, we just set the records to say, these are the servers I use to send email.  If anyone tries to send email from this domain using another server, they are probably spam.  

So, although it’s a pain, it is a quick fix and can take about 20-30 minutes to resolve.  

If you’re wondering about your email deliverability, it may be helpful to check and see if your domain has these records.  You can do a quick check using a tool such as https://mxtoolbox.com/SuperTool.aspx where you can enter your domain and see which records exist and which ones are missing.

Let’s look at each record one by one and see what it does.

First, the SPF record.

An SPF record defines the trusted servers for your domain. It tells the world which servers you’ll be sending email from. It also states what to do if the email is not from one of those trusted servers.

An example of an SPF record could look something like this:

“v=spf1 +a +mx include:sendgrid.net -all”

The first part, says which version of SPF record this is. In this case, it’s SPF1. This just gives us the set of rules that the record will use in email verification.

The second part, +a and +mx is saying these records are qualified senders. Basically, if it’s in an A record or an MX record for this domain, it’s a good server.

The next part says to include the next domain as well, for instance if you use another carrier to deliver your email.

The last part is the all statement, which says what to do with everything else that hasn’t been defined.

  • If you use -all unspecified servers are not authorized (emails will be rejected).
  • If you use ~all unspecified servers are not authorized, but emails will be marked and accepted.
  • If you use +all any server is authorized (quite undesirable option).

Next, the DKIM record.

DKIM records provide the public key for the email signature that is used by the receiving email server. This is a proof of legitimacy for the email. It’s a way to check that the server is really the server it says it is. You get the configuration for the DKIM record from your email service. These records are often added as a CNAME record or a TXT record.

What about DMARC?

DMARC records are cool because they tell receiving servers what to do with emails that don’t align with SPF or DKIM records. There are 3 choices, do nothing, quarantine, or reject. It also allows you to have reports sent back to any email address so you can see how it is working.

Typically, DMARC records look something like this:

"v=DMARC1; p=none; rua=mailto:dmarc@yourdomain.com"

The first part, is much like the SPF record. It’s a version number for which rules to follow. The second part is the instructions for what to do with the messages that are not in line with the SPF and DKIM records. There are 3 choices: none, quarantine, or reject. Then, there are other options for more advanced users. Finally, there is a place to send reports. This is the rua=mailto: part. The email address entered here is the place the reports are sent. For the reports, I would recommend setting up a separate email set up for email verification reports, such as dmarc@yourdomain.com so that you don’t have tons of reports going to an active email account that someone is using as a regular email.

If this all seems too technical, it would be a good idea to hire someone to take care of it for you. It can be done fairly quickly, so the cost shouldn’t be too much. And, knowing that your email is going to work uninterrupted and have good deliverability is worth the cost of hiring someone to take care of the email verification that is being required more often these days. Schedule a call today.

Be my friend!

I have a list of friends that I email daily. Want to join my friends list? I share random stories about things in my life and share lessons I've learned about business and life. It's my favorite part of each day.  It helps me connect with the people I'm helping each day.