You are all hyped and ready to send that email - but then - there is an error saying that there is something wrong with your DNS records. 😱
What does that even mean? What are actually DNS records? Should we be friends with them? 🤔
A DNS record is a database record used to map a URL to an IP address. DNS records are stored on DNS servers and help users connect their websites to the outside world. When the URL is entered into the browser and searched, this URL is forwarded to the DNS servers and then forwarded to the specific web server. This web server then serves the queried website specified in the URL or directs the user to an email server that manages incoming mail.
The following are the five major DNS record types:
Nameserver (NS) record.
Mail exchange (MX) record.
Mail Exchange (MX) records are DNS records required to deliver emails to your address. And those are the ones that we will discuss here.
Simply put, an MX record is used to tell the world which mail servers accept incoming mail for your domain and where to route mail sent to your domain. If your MX records do not point to the correct location, you will not receive email. Simple as that.
To make sure, that from the start, you have a good foundation for your email deliverability, you need to set up MX records - DKIM, SPF, and DMARC properly. That is why this is a must-step before running your first campaign or even sending any email.
So yes, you should be ready good friends with them 🧑🤝🧑
But before making any friends, let's get to know them.
An SPF record is a TXT record that is part of a domain's DNS (Domain Name Service). An SPF record lists all authorized hostnames / IP addresses that are permitted to send email on behalf of your domain.
SPF records are used to prevent spammers from spoofing your domain name. Recipient servers can determine whether or not an email they received came from an authorized server based on the SPF record you publish in DNS. They can then decide how to handle that email.
To summarize - it is step 1 of confirming that you are the sender of the email, that was sent by you.
Your provider can provide you with the record, but if you get stuck, there are many good SPF record creators on the Internet that will give you the code to write.Our favorite one: SPF Record Generator - which suggests an SPF record if you do not already have one. Then all you have to do is add this information as a TXT record in your DNS space.
What does an SPF contain?
A simple entry might look like this:
v=spf1 a mx include:_spf.abc.net include:_spf.abc.com ~all
Lets go into details:
v=spf1: This means that the record is an SPF record.
a: This mechanism means that all A records for the domain are checked to see if one matches. (A records are "address records" and tell your domain which server to use. They contain the IP address(es) of the server(s)).
mx: This mechanism means that all MX records for the domain are checked for a match. MX records are the names of the email servers that can receive email. For small businesses, MX records are usually provided by your hosting provider, and you only need to worry about them when you change hosting providers.
Include: This mechanism specifies other domains that are allowed to send emails for you. So if you use another service like Hubspot, SendInBlue, dotdigital, etc. to send emails, you can give them permission as well.
all: This refers to all other IP addresses, but you have several options to choose from:
-all means a hardfail. If the IP address sending the email was not found in the other mechanisms, the email delivery will fail. It means that the intended recipient will not see the email in his email account.
~all means a softfail. If the IP address sending the email was not found in the other mechanisms, the email delivery will end up in the recipient's spam folder.
Where should you set up SPF?
SPF record needs to be published into your DNS by your DNS manager.
Your SPF record needs to be published into your DNS;
Log in to your domain account at your domain host provider;
Locate the page for updating your domain’s DNS records (something like DNS management or name server management);
Select the domain of which you want to modify the records;
Open the DNS manager;
Log in to your domain account at your domain host provider;
Create a new TXT record in the TXT (text) section;
Set the Host field to the name of your domain;
Fill the TXT Value field with your SPF record (i.e. “v=spf1 a mx include: exampledomain.com ~all””);
Specify the Time To Live (TTL), enter 3600 or leave the default;
Click “Save” or “Add Record” to publish the SPF TXT record into your DNS.
Your new SPF record can take up to 48 hours to go into effect. For help adding TXT records, contact your domain host.
Test your SPF record with the SPF record Checker
Setting up the an SPF record is an essential part of your technical settings. Read more about how to check and validate your SPF record or directly test your SPF record by using SPF record Checker.
Should you include lemlist in SPF ?
You should not. You should include the applications that send emails on your behalf but use their own SMTP in your SPF record. On the other side, lemlist uses your SMTP to send your email, so it's more of a super-powered online email client than a bulk email-sending app.
However, the deliverability of emails sent by lemlist depends on the reputation of your domain. Setting SPF ( and the next 2 records) will help you protect your domain's reputation and thus improve the deliverability of your emails.
The DKIM (DomainKeys Identified Mail) record was created for the same reason as SPF: to prevent bad guys from impersonating email senders. It's a way to additionally sign your emails so that the recipient's server can verify whether the sender is really you or not.
By setting up DKIM on your DNS server, you can additionally tell your recipients "Yes, I'm the sender of this message".
Most often the questions are:
"Should I use DKIM for my emailing?" YES!
"Will it ensure my email gets to inboxes?" NO! But it helps - a lot.
DomainKeys Identified Mail (DKIM) is a method of associating a domain name with an email message that allows a person, role or organization to take some responsibility for the message.
Here is how it works:
- You send an email through your SMTP server.
- Your SMTP server, which has permission to send on behalf of your domain, adds a DKIM signature header to your email and sends it.
- The destination SMTP server receives the email, sees a DKIM signature in the email, and then looks for your domain's public signature through DNS.
- If the signature in your email matches the public signature in your email, then the email is "good".
Saying that the email is "good" means that the destination SMTP server knows that the email is from you, but the destination mail server SPAM will still evaluate your email based on its content. DKIM gives your email a lot of "good" SPAM rating advantages, greatly improving its inbox suitability.
Where to get it and where to put DKIM?
The key is often provided to you by the organization that sends your email, such as Google Apps, Postmark, or Microsoft Outlook. The key is either added directly to your zone as a TXT record, but if not, then all you have to do is add this information as a TXT record in your DNS space.
There are a lot of tools that you can use to verify the DKIM record like this one . This tool verifies that you have SPF and DKIM records. In the DKIM selector field, just add the first part from the subdomain your DKIM. For example, if your DKIM is at
google._domainkey.example.com, then the DKIM selector is “google”.
It is an email security measure that protects your domain from being used by bad guys and gives you better control over the deliverability of your emails. It is based on the SPF and DKIM mechanisms.
DMARC is an email authentication protocol. It is designed to give email domain owners the ability to protect their domain from unauthorized use, commonly known as email spoofing.
DMARC is a critical component of email cybersecurity that reduces a bad guy's ability to get an email threat to an end user's inbox. With DMARC, the company can create a record of who is authorized to send emails from their domain. This helps to prevent the misuse of a company brand in phishing campaigns.
You can use this DMARC generator but please have in mind that all records should be approved by your provider, so if there is any issue - you can ring an alarm to them and they can fix it.
Example of creating DMARC record in Godaddy as provider:
Once you added it, you can check here is the DMARC record in place or not.
Implementing the DKIM standard will improve email deliverability. Using the DKIM record along with DMARC (and even SPF) will also protect your domain from malicious email sent on behalf of your domains. In practice, however, these goals are more effectively achieved if you use the DKIM record along with DMARC (and even SPF). DMARC and DMARC Analyzer use both SPF and DKIM. Together they provide synergy and the best result for email security and deliverability.
If you need any additional explanation on it, please do not hesitate to reach out to support 💝