My email is bouncing!
Now what?
All of a sudden customers are saying "I'm not getting emails from you" or you're receiving bounce messages in your inbox for mails you normally send with no issues. You are not alone - millions of businesses are going through this right now.
The reason is probably a lack of DMARC and DKIM records in your email DNS settings. You probably don't know what these settings are, or what they're supposed to be but I guarantee if you don't have them your mail is currently bouncing at a lot of providers (gmail, yahoo, microsoft, etc).
How do I know if I have DKIM and DMARC set?
DMARC is easy - if you got to https://mxtoolbox.com and enter your domain name it will tell you if DMARC is set up. If it isn't your mail is probably bouncing. The results of an MXToolbox check should show THREE GREEN checkboxes. If any of those checks are red or yellow - something is wrong with your settings. The likelihood is that if dmarc is set up - so is DKIM, as one relies on the other.
What is DKIM?
DKIM is a protocol that email providers are using to ensure that mail sent by you is actually from you. They do this by signing each message using a certificate that your DNS (Domain Name Service) points to. The public part of the key is referred to in DNS and a private key is encoded with the message and added to the message by the mail server that is sending. The receiving server validates that private key against your public key before passing mail along. The DKIM doesn't guarantee your mail account wasn't compromised, but it DOES guarantee that spoofed mail sent from other mail servers is rejected.
领英推荐
What is DMARC?
DMARC is a method of reporting failures back to your domain. That way if someone is spoofing mail from you - you will know, but also if you have mail that bounces that shouldn't you'll have a way to determine why. In general, we only monitor this mailbox in the latter case. Spoofs and fake messages and spam happen all the time, but legit mail that bounces is a concern we want to address. We use the DMARC reports to do that. DMARC reports aren't "human readable" - they are sent as JSON data that needs to be interpreted. Generally, only an email expert can read these, or a tool designed to decode them.
So how do I set these?
You probably... don't. Unless you're an email and DNS expert setting these up is a multistep process that involves:
My recommendation is that your email provider assist you with this. You or they will need global access to your email tenant and access to the defender portal on Microsoft's site (if you use MS365), you need registrar access to your DNS records as well. Gmail and other providers have a similar setup. If you're using a generic free account like gmail.com or outlook.com you don't have to worry about this.
Is your mail provider also your web host? Well good luck - most web hosting services have only a rudimentary knowledge of how email works.
Does your website send out mail on your behalf (contact forms etc)? Be sure it's included in the SPF record, and that you either have a connector set up to validate mail from that site, or that you're using an authenticated login to relay the mail.
The good news is that in general, once these are set up, you are good to go - no additional attention or maintenance is needed, unless mails start bouncing again.
The bad news is that if you use 3rd party email tools like constant contact, hubspot, or mailchimp - you're going to need to go through all the same setup steps with their domains or your email campaigns may start bouncing.
CEO Evermight
7 个月Good post! It wasn't clear how you would set up a dmarc visualizer to analyze all the dmarc aggregate reports. If it helps, we created a 6 minute tutorial showing how to set one up with a free and open source platform called elasticsearch: https://youtube.com/playlist?list=PLPatHYWw1RVvny6uCbbWxqIeCdGm04iEO&si=gye3MobeP4LGbNG8 .