All Collections
DNS records
FAQ: DNS recommendations
FAQ: DNS recommendations

In this article you may find the most common questions about SPF and DMARC records recommendations

Maksym Olkhovskyi avatar
Written by Maksym Olkhovskyi
Updated over a week ago

DNS settings greatly impact email deliverability. Properly configuring records like SPF, DKIM, and DMARC improves authentication, and reputation, and reduces the risk of being marked as spam. Our recommendations ensure optimal DNS configuration for enhanced deliverability and successful email marketing.


SPF


What does “a mx” in SPF recommendations mean?

A record in SPF

The "A" record in SPF is used to verify that the IP address of the sending server matches the IP address listed in the domain's A record. It helps validate the authenticity of the email sender and prevent unauthorized or spoofed emails.

There is also a setup that you may not have A record on the domain, then it is not necessary to add it. Its presence you can check with your domain registrar.

MX record in SPF

MX mechanism can be used within the SPF record to specify that the mail servers listed in the MX record are authorized to send emails from the domain. This helps validate legitimate email sources and prevents unauthorized email sending.

Why is the tilde (~) better than the hyphen (-) in SPF?

Using the (~) symbol in SPF indicates a soft fail, allowing the email to be accepted even if the SPF check fails. This provides some flexibility by marking the email as potentially suspicious instead of outright rejecting it. The "-" is chosen when less strict enforcement of the SPF policy is desired.

Why do we add/remove includes to the SPF record?

Adding inclusions to the SPF (for example: “include:_spf.google.com”) record is done to ensure the better and proper operation of your infrastructure. By including other domains or IP addresses in the SPF record, you grant them permission to send emails on behalf of your domain. This is particularly useful when you use third-party services or providers to handle email delivery.

However, there are cases when it is necessary to remove inclusions from the SPF record:

  1. When the record is too long: SPF records have a maximum length limit imposed by DNS providers. If the SPF record becomes too long due to multiple inclusions or complex setups, it may exceed the length limit. In such cases, removing inclusions can help reduce the overall size of the SPF record and ensure it remains within the allowed length.

  2. When the records are not necessary for your setup: As infrastructure and email configurations evolve, there might be instances where certain inclusions in the SPF record are no longer relevant or required. Removing unnecessary inclusions simplifies the SPF record, making it easier to manage and reducing potential complexities in the email delivery process.

In summary, adding inclusions to the SPF record ensures the proper operation of your infrastructure by authorizing additional domains or IP addresses to send emails on your behalf. However, when the record becomes too long or when certain inclusions are no longer necessary, removing them helps maintain a concise and efficient SPF record for your specific setup.


DMARC

Why reject better than quarantine in DMARC?

When it comes to DMARC policy, "reject" means emails that fail authentication are outright discarded, while "quarantine" marks them as suspicious and may place them in a separate folder. "Reject" offers stricter enforcement, while "quarantine" provides a cautious approach with the potential for false positives.

If you use email marketing tools that send emails through their infrastructure such as (SendGrid, Klaviyo, MailChimp, Zoho, Sendinblue, Sendpulse, etc). We advise you to use a "quarantine" policy for them.

What are the e-mails in the DMARС record and can they be combined?

In DMARC records, you can include email addresses to receive reports about email authentication. There are two types: "rua" for aggregate reports and "ruf" for forensic reports.

Can I add emails from different domains?

Yes, you can add email addresses from different domains in your DMARC (Domain-based Message Authentication, Reporting, and Conformance) records to receive DMARC reports. The email addresses specified in the "rua" (Reporting URI of Aggregate) and "ruf" (Reporting URI of Forensic) fields can be from any domain.

For example, if your domain is example.com, you can include email addresses from other domains such as reports@otherdomain.com or forensic@anotherdomain.com in your DMARC record. This allows you to receive DMARC reports at different email addresses from various domains for monitoring and analysis purposes.

Here's an example of a DMARC record with email addresses from different domains:

v=DMARC1; p=reject; rua=mailto:dmarc.monitor@ar.folderly.com,mailto:mailbox@yourdomain; ruf=mailto:dmarc.monitor@fr.folderly.com,mailto:mailbox@yourdomain; fo=1; sp=quarantine;

Why is redirecting to the main site important for Deliverability?

  • redirecting to the main site improves domain reputation and email deliverability

  • enhances brand recognition and familiarity

  • provides a seamless user experience and increases engagement

  • promotes consistency and transparency, reducing the risk of emails being marked as spam


Disclaimer: It is important to note that DNS email marketing recommendations may vary depending on the tools, platforms, and configurations used. The recommendations given here are general in nature and may not cover all possible scenarios or configurations. It is always recommended that you consult with your email marketing service provider, DNS administrator, or IT team to get accurate and customized recommendations for your specific email marketing infrastructure and setup. They can help with the configuration of your DNS settings.




Did this answer your question?