SPF, DKIM, DMARC

The acronyms refer to standards and techniques to make mailing safer, for example, declaring which server is allowed to send an email for a specific domain or to sign the content of an email to verify its validity.

All those techniques are applied at the server level, specifically by the email server, with the support of specific entries in the DNS and they work only when you send emails using your domain.

Both the email server and the DNS cannot be controlled by the Newsletter plugin: you can configure them with the help of your hosting provider. If you use a professional delivery service, they have step by step instructions.

If you use a delivery service (Amazon SES, Mailgun, Sendgrid, Mailjet, …) it provides instructions to configure the SPF, DKIM, and DMARC.

SPF

The SPF is the simplest one, it is just an entry in your DNS used to declare which servers can send emails from a specific domain. It is usually set up even by the hosting provider to indicate the webserver as an allowed sender for the hosted domain. You can ask your provider about the SPF DNS record.

If the provider sets up the record only for their mailing service (when the provider gives you one or more mailboxes and the SMTP parameters), you probably should add to your blog an SMTP plugin and connect it with the provided SMTP service.

Read more on Wikipedia.

DKIM

DKIM is a signature added to emails. It is usually added by the service that delivers the email (your provider or the delivery service you are using).

DKIM requires an entry in the DNS the receiver uses to verify the signature it finds inside the message. Some email clients show a “Signed By” when they find the signature and it is valid.

Usually hosting providers do not offer DKIM, while professional delivery services do. Sometimes, a special configuration is needed, and sometimes it is fully managed by the delivery service.

You can even find plugins that add the DKIM signature to mail sent from a WordPress blog. This is prone to fail since the mail server (where the signature should be added) can change/reencode the parts of the email making the signature no longer valid. Be warned.

Read more on Wikipedia.

DMARC

DMARC is a standard that instructs the receiver how to behave when it receives an email from your domain that cannot be verified using the SPF or the DKIM. Moreover, it can specify an email address where a report can be sent with the results of those checks (warning: when this address is specified you can receive hundreds of emails).

As for the SPF and the DKIM, a special DNS record needs to be added.

Read more on Wikipedia.

Since February 2024, Gmail and Yahoo mail services announced new requirements for senders.
These new requirements for bulk senders (those who send more than 5,000 messages to Gmail or Yahoo addresses in one day) need to be satisfied or it may result in rejecting message delivery to their customers.

The three main requirements are:

  1. Authenticate your emails
  2. Enable easy unsubscription
  3. Ensure you’re sending only wanted emails

To help you, we have some hints for any point.

  1. Check or implement stronger email authentication, using standards like SPF, DKIM, and DMARC; it’s not an aspect that we can manage inside the plugin, so please refer to your email service provider documentation or support. Bulk email senders (sending close to 5k+ emails a day) will need to set up another security protocol, DMARC.
  2. We already include the dedicated header in the messages, and have a look at our revamped “One-click unsubscribe” options as described on the cancellation page.
  3. Send relevant messages to keep your spam rates as low as possible, avoiding users to mark your emails as spam.