Understanding DKIM, DMARC, SPF, and CNAME Records

When setting up your Simplero sender domain, you need to verify certain DNS records to ensure email deliverability and security. Here’s a simple guide to understanding the purpose of each required record.

• DKIM

• DMARC

• SPF

• CNAME/Sendgrid

DKIM (DomainKeys Identified Mail)

Purpose: DKIM helps prevent email spam by verifying the sender's identity.

How It Works:

• Domain-Based Verification: DKIM ties itself to the domain name you’re sending emails from (e.g., sending from "calvin@simplero.com" means the domain is "simplero.com").

• DNS Records: Create specific DNS records on your domain that include a public key provided by Simplero.

• Email Signing: DKIM signs your emails using a private key. The recipient's email provider uses the public key in your DNS records to verify that the email was not tampered with during transit.

Key Points:

• Simplero provides the public key; you add it to your domain's DNS records.

• Each DKIM key lives on its own subdomain, allowing you to use multiple email providers without conflict.

Role in Email Sending:

• Authentication: Adds a digital signature to the email headers, allowing the recipient's server to verify the email’s integrity and authenticity.

• Security: Prevents email spoofing by ensuring emails are genuinely from the stated sender.

• Trust: Builds trust with recipients by confirming the authenticity of the sender, improving email deliverability.

DMARC (Domain-based Message Authentication, Reporting & Conformance)

Purpose: DMARC builds on SPF and DKIM to protect your domain from email spoofing. 

Role in Email Sending:

• Policy Enforcement: Allows domain owners to specify how email receivers should handle emails that fail SPF or DKIM checks (e.g., reject, quarantine, or allow them).

• Reporting: Provides reports on how emails are processed and any failures, helping monitor and improve email security.

• Alignment: Ensures that the domain in the 'From' address aligns with the domains used in SPF and DKIM, enhancing protection against spoofing.

Without a DMARC record, your emails are more likely to bounce because email servers don't have clear instructions on how to handle them, they are at a higher risk of being spoofed, your domain's reputation might suffer, and you lack the feedback needed to improve email delivery. Implementing DMARC helps ensure your emails get delivered successfully.

SPF (Sender Policy Framework)

Purpose: SPF prevents email spam by specifying which email servers are allowed to send emails on behalf of your domain.

How It Works:

• Domain-Based Verification: SPF ties itself to the domain name you’re sending emails from (e.g., "simplero.com").

• DNS Records: Create a DNS record listing the servers allowed to send email for your domain.

• Combining Records: If using multiple email providers, combine their requirements into a single SPF record.

Key Points:

• Simplero provides the necessary information for the DNS record; you include it in your domain's DNS settings.

• Combine SPF requirements into one record if using multiple providers.

Role in Email Sending:

• Authorization: Lists IP addresses and domains authorized to send email for your domain, preventing unauthorized senders.

• Prevention: Helps prevent spam and phishing by verifying that incoming mail is from an authorized server.

• Email Filtering: Assists email servers in filtering out unauthorized or malicious emails, improving overall email security and deliverability.

CNAME (Canonical Name) Records for SendGrid

Purpose: CNAME records alias one name to another, often used to configure custom tracking domains in SendGrid.

Role in Email Sending:

• Tracking: Configures a custom tracking domain that matches your sending domain, ensuring links in your emails are branded with your domain rather than SendGrid's.

• Brand Consistency: Maintains brand consistency in links and images within your emails, increasing trust and engagement from recipients.

• Verification: Verifies the sending domain with SendGrid, ensuring that emails sent through SendGrid appear to come from your domain, improving deliverability and authenticity.

Summary

• DKIM: Adds a digital signature to verify email integrity and authenticity. Simplero provides the public key for your domain’s DNS records.

• DMARC: Provides policies and reports to enforce and monitor email authentication.

• SPF: Lists authorized mail servers to prevent unauthorized email sending. You include these servers in your domain’s DNS records.

• CNAME/SendGrid: Configures custom tracking domains for branded and verified email sending.

-----

Notice anything wacky in this guide? Contact support by clicking the "?" button in your account, and we'll help you out.