{"id":2464,"date":"2023-07-12T11:17:13","date_gmt":"2023-07-11T23:17:13","guid":{"rendered":"https:\/\/ingot.nz\/?p=2464"},"modified":"2023-07-12T11:19:52","modified_gmt":"2023-07-11T23:19:52","slug":"navigating-the-spam-protection-sandwich","status":"publish","type":"post","link":"https:\/\/ingot.nz\/navigating-the-spam-protection-sandwich\/","title":{"rendered":"Navigating the SPAM protection sandwich"},"content":{"rendered":"

Ever experienced spam? Not the porky canned goodness. The all annoying scams and unwanted content that gets flung around the interwebs.
\nWhat’s even worse is when your own legit emails get blocked as spam. Whether you’re sending from your email client or website, let’s breakdown how to ensure your emails get sent on time, straight to the recipients inbox.<\/p>\n

Spam protection starts with your domain<\/h2>\n

Your domain is your sender reputation, so you need to ensure you are protecting it from spam AND being seen as a spam sender.
\nWe a start with understanding SPF, DKIM, and DMARC: the essential Email Authentication Protocols to protect your domain. Ensuring the authenticity and security of messages is crucial.<\/p>\n

This is where email authentication protocols like SPF (Sender Policy Framework), DKIM (DomainKeys Identified Mail), and DMARC (Domain-based Message Authentication, Reporting, and Conformance) come into play. Grab a cuppa and let’s explore these protocols and their significance in safeguarding your email integrity… and how to add them.<\/p>\n

Where do these records go?<\/h2>\n

All of these protocols are added to your domains DNS. That’s the Domain Name System and it’s the phonebook of the internet. It communicates who you are and how to reach you.<\/p>\n

You control these settings through your domain registrar. You would need to login to your domain account, access the specific domain and then add the appropriate DNS records. When we are talking about spam protection, these are either CNAME or TXT records. CNAME records redirect one URL to another and TXT records contain information about your domain that tells external network server how to handing outgoing email and requests from your domain. The DNS record is broken up into 2 or 3 parts depending on your domain registrar. These are the Hostname or Host, Alias or Value or Target and an optional TTL field. This last one stand for Time To Live and tells the domain registrar how long to keep this record saved, before it rechecks to see if the information has changed. This can be dictated in min or seconds. These look something like the below.<\/p>\n\n\n\n\n\n<\/colgroup>\n\n\n\n
\u00a0Name or Host<\/strong><\/td>\n\u00a0Type<\/strong><\/td>\n\u00a0Value or Target<\/strong><\/td>\n\u00a0TTL (optional)<\/strong><\/td>\n<\/tr>\n
\u00a0@ or example.yourdomain.com<\/a><\/td>\n\u00a0TXT or CNAME<\/td>\n\u00a0something.com<\/a><\/td>\n\u00a05min<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

 <\/p>\n

SPF specifies who can use your domain to send emails<\/h2>\n

SPF (Sender Policy Framework) is an email authentication protocol that helps prevent email spoofing and unauthorized use of your domain’s identity. SPF relies on DNS (Domain Name System) records to publish a list of authorized sending mail servers for a specific domain. When an email is received, the recipient’s mail server checks this SPF record to verify if the sender (and this could be your website or email client) is authorized to send emails using your domain. These records specify the allowed IP addresses or hostnames that can send mail for a domain, reducing the risk of spam or fraudulent messages.<\/p>\n

Your SPF record is normally something simple like “v=spf1 include:_spf.google.com ~all” if you use Google Workspace<\/a> or ” v=spf1 include:spf.protection.outlook.com” if you use Microsoft Outlook<\/a>. Your email client will have documentation on what this record should be. This isn’t always the only thing you want to specify.<\/p>\n

To enhance the effectiveness of SPF, you can add additional parameters to the SPF record. These parameters include:<\/p>\n