In any case, it's time to learn a little about what SPF and DKIM are and how to set them up in your DNS records for your email server if you want to have better control over email deliverability. I will also show you where in Djetlić you can check if they are installed correctly.
I'll do my best to explain it in simple terms, which not only developers will understand.
What is SPF? How does SPF work?
Simply put, the Sender Policy Framework (SPF) is a security mechanism created to prevent bad guys from sending email on your behalf. The essence of the mechanism is communication between DNS servers… and that's when it all starts to sound scary! But don't panic. I'll try to make it as simple as possible.
Let's say you sent an email to Joza. But how does Joza's DNS server know that the email was actually sent by you? Unless you have SPF set up on your DNS server.
SPF defines which IP addresses can be used to send email from your domain. So let's imagine two possible server "conversations". To make everything easier, let's assume that your name is Stipe.
Scenario 1 – You don't have SPF set up.
Stipe's server: Hey, Joza's server. I got a new message from Stipe.
Joza's server: Hello Stip's server. What is your SPF?
Stipe's server: Yeah, about the SPF... Who cares, really. I do not have it. Trust me, it's from Stipe.
Joz's server: If you don't have SPF, I can't be sure this was sent by Stipe. Give me Stipe's allowed IP, so I can compare it with yours.
Stipa's server: I don't have a list of Stipa's allowed IP addresses.
Joz's server: Then I don't want your message. Delivery refused. Sorry mate…
Subscribe to new posts!
Scenario 2 – You have SPF set up.
Stipe's server: Hey, Joza's server. I got a new message from Stipe.
Joza's server: Hello Stip's server. What is your SPF?
Stipe's server: Here, here is my SPF. There is a whole list of IP addresses that Stipe himself has declared as being able to be used on his behalf.
Joz's server: Ok, let me see... And the message you have for me was sent from IP 64.233.160.19. Okay, it's on the list. Everything looks good. Give me the message, I'll show it to Joza. Thank you!
I apologize to all the tech-savvy readers of this blog for this ignorant oversimplification. Forgive us dumbasses and remember that we envy you for your super-analytical mind.
Anyway, the lesson of those two short dialogues is: set your SPF. If you don't, you run the risk of your email being hacked or spoofed, or you could end up looking like a bad guy and all your emails won't be delivered.
More emails in your main inbox
What apps should you include in your SPF?
The general idea is to ensure that any applications that send email on your behalf (and use their own SMTP, not yours) are included in your SPF. For example, if you use Google Apps to send email from your domain, you should put Google in your SPF. Here are Google's instructions on how to do it.
But it's important to check if Google is the only app you should "allow" in your SPF. To manage our support emails and AcyMailing to send our newsletters. We include both in our SPF.
Should I also include the 8Core server in my SPF?
Not. As I mentioned, remember to put in your SPF record applications that send email on your behalf but use their own SMTP. 8Core Hosting provides the possibility to set all DNS records and spf through the user interface for each user, i.e. domain separately, in order to avoid possible errors or possible abuse
However, the deliverability of emails sent by your server depends on the reputation of your domain. Setting up SPF and DKIM will help protect your domain's good reputation and thus improve the deliverability of your email.
How to set up an SPF record on your server step by step?
The first step is to check what your current SPF record is. You can do this using tools such as:
If you are a user of 8Core services, spf and DKIM are automatically set for you, but you always have the option of adding changes as desired through the 8Core user interface.
When you enter your domain there (for example, I would enter 8core.hr), the tools will run some tests and show you your current SPF or a notification that it is not set yet.
What are the next steps?
Depending on your domain host, the steps will vary. Basically, it's about pasting a properly structured line of text into the right place in the console.
For example, if you use Google Apps to send all emails from your domain, the line would look like this:
"v=spf1 include:_spf.google.com ~all"
The “v=spf1” part of the record is called a version, and those that come after it are called mechanisms.
Now let's see what each part means exactly.
v=spf1 this element identifies the record as SPF
include:_spf.google.com this mechanism includes email servers that are authorized servers
~all this indicates that if an email is received from an unauthorized (not specified in the "include:") server, it is marked as a soft fail, which means it can be missed, but it can also be marked as spam or suspicious.
But if you use more apps than that (for example something to send newsletters, something to send support messages, etc.), the queue will be a bit longer because you'll have to include all the other apps in it. Or if you are not using Google Apps but a server from another host, for example, 8Core web servers, the line will look different.