Table of contents of the article:
As of November 2022, Gmail has introduced a new policy that now requires email senders to be authenticated by an SPF (TXT) or DKIM record or messages risk being marked as spam.
Since the introduction of this new policy last November, more and more of our customers have seen their emails marked as spam, or even rejected outright, by Gmail experiencing errors like the ones in the screenshot below:
Here is the official statement released by Google (Gmail):
Email authentication requirements for sending to Gmail accounts
As of November 2022, new senders sending emails to personal Gmail accounts must set up either SPF or DKIM. Google randomly checks new messages from the sender to personal Gmail accounts to verify their authentication. Messages without at least one of these authentication methods will be rejected with a 5.7.26 error, or marked as spam. This requirement does not apply to you if you are an existing sender. However, we recommend that you always set up SPF and DKIM to protect your organization's email and support future authentication requirements. To ensure that your messages are not marked as spam or rejected by Gmail, you will need to add the respective SPF (TXT) record of your mail server in your DNS zone.
SPF (Sender Policy Framework)
SPF, or Sender Policy Framework, is an email authentication protocol designed to prevent identity theft via email, also known as "spoofing." This powerful protocol allows domain owners to define, in a specific and certified way, which e-mail servers are authorized to send messages on behalf of their domain.
The functioning of the SPF is based on a key operation: when an e-mail message is received, the recipient's mail server not only reads the content of the message, but also checks the SPF record of the domain from which the e-mail is received. email comes. This record is basically a list of servers that are allowed to send mail on behalf of that domain.
The SPF protocol then analyzes whether the mail server that sent the message is one of those listed in the SPF record. If the server is not among those authorized in the SPF record, the protocol flags the message as potentially dangerous. Based on the recipient's mail server policies, the email may then be marked as spam, quarantined, or even rejected.
Properly implementing the SPF protocol is a critical step in protecting your domain and the reputation of your email address while ensuring that your communications reach their intended recipients. Recall that a proper implementation of the SPF is a policy increasingly considered by major email service providers, including Gmail, to filter incoming email traffic.
DKIM (DomainKeys Identified Mail)
DKIM, or DomainKeys Identified Mail, is an email authentication standard that plays a crucial role in maintaining message integrity and confirming the authenticity of the sender's domain. This system provides a sort of "digital seal", an imprimatur that identifies and confirms the origin of the message.
The way DKIM ensures the authenticity and integrity of a message is quite unique. Every email sent from a DKIM-enabled domain is digitally “signed” with a private key unique to that domain. This digital signature is then inserted into the message header in the form of a DKIM record.
When the recipient's mail server receives the email, it checks the signature using the sending domain's public key, which is available as a public record in the domain's DNS zone. If the signature is valid and the message has not been altered in transit, the mail server accepts the email.
Using DKIM offers a powerful tool for ensuring that legitimate email messages are delivered as they should, while preventing them from mistakenly ending up in spam folders. This helps build your domain's reputation as a reliable source of email, facilitating the delivery of future communications. Additionally, using DKIM helps prevent identity theft and other types of email fraud, thus protecting both your recipients and the reputation of your domain.
What are the correct SFP and DKIM values?
Each email service provider has specific SPF and DKIM records, which represent a kind of unique 'fingerprint' for each e-mail server. If you are using a dedicated instance acting as a mail server using, for example, Plesk or cPanel, you may need to get the SPF and DKIM records directly from the control panel. These records should then be pasted into the DNS zone setup for your domain, which you should have access to.
If you are not comfortable with these technical operations and you fear that you will not be able to correctly retrieve the SPF and DKIM records and configure them in the DNS zone, we recommend that you contact your hosting provider. Alternatively, you could contact our system assistance service: we are ready to solve this problem for you within about an hour.
Having SPF and DKIM properly set up is crucial, especially for email delivery to Gmail. Correctly configuring these authentication protocols offers several advantages:
- Higher probability of delivery: Emails sent from a domain with valid SPF and DKIM records are less likely to be marked as spam, thus improving the likelihood that your messages reach the recipient's inbox.
- Better domain reputation: Mail servers that properly verify SPF and DKIM authentication help build a positive reputation for your domain, which can improve email delivery in the long run.
- Protection against phishing and spoofing: SPF and DKIM help prevent fraudulent activities such as phishing and email spoofing, thus protecting your domain and your recipients from possible threats.
- Compliance with Gmail policies: As mentioned earlier, Gmail has introduced new policies that require SPF or DKIM authentication for new senders. Having these records properly set up is therefore essential to maintaining the ability to send emails to Gmail users.
How do I solve the problem if I'm not a technician?
If technical terminology such as SPF, DKIM and DNS seem confusing to you and you don't feel comfortable attempting to configure these elements yourself, don't worry, you're not alone! Understanding and correctly implementing SPF and DKIM configurations can be a challenge if you are not an IT professional. But there's no need to worry, we're here to help.
Our system assistance service is available for you. Our experts can help you set up your SPF and DKIM records correctly, ensuring your emails are delivered as expected and don't end up in your recipients' spam folder. Even if the problem seems complex, in many occasions we manage to solve it in an hour or even less.
Don't let setup issues keep you from reaching your customers through email. If you're having trouble delivering email to Gmail or other email service providers, please contact us. We'll do our best to resolve your issue as quickly as possible, so you can focus on what really matters: your business. Contact us now and let us take care of your email problems.