At the bottom of this post you’ll find a webclass replay on how to set up DKIM & DMARC records for your domain.
Why DKIM & DMARC Are Now Vital For Email Marketing
If you are sending out emails to your own lists and subscribers (and you should be)…
… Gmail and Yahoo Mail are putting new protections in place, starting February 1st, to keep inboxes safer and less spammy…
…which means that anyone sending from any email/autoresponder platform will need to adhere to specific requirements to continue getting emails delivered to inboxes.
One of the new requirements is that if you send out bulk emails, such as from an autoresponder service like Aweber, GetResponse, Systeme, etc…
… your sender email address must be on a domain you personally own.
The days of using free email addresses from the likes of GMail and Yahoo for bulk email marketing are now over.
What is DKIM?
DKIM stands for DomainKeys Identified Mail.
It is an email security protocol that acts as a digital passport, verifying that an email genuinely originated from the claimed domain.
It’s also used to verify that the email’s contents were not tampered with during transit.
How It Works:
DKIM uses cryptographic public key cryptography to secure your emails.
The Signature: When your email server sends an email, it uses a secret private key to generate a unique digital signature embedded in the email’s header.
The Verification: The receiving mail server retrieves your domain’s corresponding public key, which is safely published in your public DNS (Domain Name System) records.
The Result: The receiver uses this public key to verify the signature.
If it matches, the email passes, proving it was not altered and confirming the sender’s authenticity.
Why It Matters
Prevents Spoofing & Phishing: It makes it significantly harder for scammers and hackers to impersonate your domain or send emails on your behalf.
Improves Deliverability: Major email providers (like Gmail and Yahoo) use DKIM as a primary trust factor.
Emails with valid DKIM signatures are much less likely to be marked as spam.
What Is SPF?
SPF (Sender Policy Framework) is an email authentication method that prevents scammers from forging your domain.
By publishing an SPF record (a list of authorized IP addresses) in your DNS, you tell receiving servers exactly which servers are allowed to send emails on your behalf.
How SPF Works…
The Allowlist: You create a DNS TXT record for your domain that lists the IP addresses or hostnames authorized to send your emails.
The Verification: When someone receives an email claiming to be from your domain, their mail server checks your SPF record.
The Result: If the sender’s IP matches your list, the email passes.
If it fails, the receiving server knows the email is spoofed and may mark it as spam or reject it entirely.
Why SPF is Essential
Stops Spoofing: It prevents attackers from sending phishing emails that look like they come from your legitimate business.
Improves Deliverability: Major email providers (like Gmail and Yahoo) enforce strict sender requirements and are more likely to deliver your emails to the inbox if you have an SPF record.
Foundation of Email Security: SPF works best when used alongside two other foundational email authentication protocols – DKIM & DMARC.
What Is DMARC?
DMARC stands for Domain-based Message Authentication, Reporting, and Conformance.
It is another email security protocol that verifies an email sender’s identity and tells receiving mail servers how to handle messages that fail security checks.
DMARC builds upon two other foundational email authentication protocols:
SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail).
How the Three Work Together…
To fully understand DMARC, it helps to see how it complements the other two checks:
SPF (Sender Policy Framework): Verifies where the email is coming from by checking if the sending server is authorized by the domain owner.
DKIM (DomainKeys Identified Mail): Uses a cryptographic digital signature to verify what the email says, ensuring the message wasn’t tampered with in transit (see section above for more info).
DMARC: Checks who actually sent the email by making sure the sender’s domain matches up across these systems.
It acts as the “policy” enforcer.
Why DMARC is Important: Without DMARC, anyone can spoof your domain – which means that a cyber-criminal can send an email that appears to come from your legitimate email address.
These spoofed emails are often used in phishing and malware campaigns.
By implementing DMARC, you protect your domain’s reputation, prevent your customers from being scammed, and ensure your legitimate emails are delivered reliably to inboxes.
The 3 DMARC Policies
When you set up a DMARC record (usually published in your Domain Name System (DNS) settings), you tell receiving servers (like Gmail or Outlook) what to do if an incoming email fails SPF and DKIM authentication.
You can choose from three levels of enforcement:
None (p=none): No action is taken against unauthenticated emails, but domain owners still receive reports.
This is usually the first step when setting up DMARC to monitor traffic.
Quarantine (p=quarantine): Emails failing the authentication tests are sent directly to the recipient’s spam or junk folder.
Reject (p=reject): The email is completely blocked, and it will not reach the recipient’s inbox at all.
The Reporting Feature: Another core benefit of DMARC is that it generates XML reports.
Domain administrators can receive daily reports showing exactly who is attempting to send emails on their behalf, which is highly useful for identifying legitimate third-party services (like Mailchimp or Salesforce) and spotting malicious spoofing attempts.
The New Rules For Send Out Bulk Emails (Email Marketing)
A “Sender” on domains such as gmail.com, yahoo.com will no longer be tolerated…
… and sending emails from a Gmail or Yahoo address will result in your emails not being delivered.
They’ll either be filtered out before they reach your subscribers or they’ll go straight to Spam.
These new rules will be enforced by Gmail and Yahoo Mail starting next month (February, 2024) and apply to all bulk senders everywhere.
Aweber ran a free webinar on January 17th to help email marketers get set up for the upcoming changes:
In this webinar you’ll be guided through the exact steps you need to take to make sure you’re in full compliance:
- where and how to get a domain name
- how to enable email authentication for your AWeber email sends (this process should be similar on other autoresponder services)
- what a DKIM & DMARC records are and how to implement them
- how to test that you’ve got it all right, and more!
As email marketers, we all have to make these changes.
Those who don’t will be left behind and will see their email marketing results drop through the floor.
If you want to set up a professional email account for free, check out this post (this is what I’ve done myself).
All the best,
Gary Nugent
Check out my Instagram posts and reels here:
Follow me (@imstrategies) on Instagram
P.S.: Don't forget, if you want to create an internet income of your own, here's one of my recommended ways to do that:
