Problems with sending to Gmail: Setup SPF and DKIM
Since May 2022, Google has tightened SPF control over emails sent to Gmail and returned the emails with an error message that the verification of at least one of the two parameters SPF or DKIM was not successful.
Here is an example of an error after sending to Gmail:
—–OriginalMessage
From: mailer-daemon-register.it ?mailer-daemon?register.it?
Posted on: March 2022
A: xxxx xxxxxx
Subject: Delivery status notification
This is an automatically generated delivery status notification.
Delivery to the following address has failed:
* xxxxx.gmail.com
Reason: This has failed at host paganini04.register.it Delivery to the following recipient: xxxxx.gmail.com
The error returned by the remote server is:550-5.7.26 This message has no authentication information or fails on message internal id: Pk60n405wabJPk61n0HSA The original message is attached below.
The procedure to solve the problem is quite simple and consists of creating an SPF record or a DKIM record. These two records, configured on your domain’s DNS, will give you the ability to authenticate your messages.
What is the SPF?
SPF (Sender Policy Framework) is a type of DNS TXT record that lists all servers that are authorized to send emails from a particular domain.
How do I configure the SPF?
In your customer area, click on the desired domain (find out how to access your personal customer area here)
Now click on EMAIL
Click on ACTIONS at the top right and select SPF
Check the message that the system shows you:
SPF record set correctly: You do not need to perform any other operation, the SPF is already configured correctly
Absent SPF: The SPF is not available. To configure the SPF tab, click on Create
SPF out of register standard: The SPF is already set, but does not correspond to the standard register. If you use other providers for sending, remember that the record must contain all the correct values.
Domain on external DNS: You must update your DNS record manually. If you use register platforms for sending, remember to enter the default value.
Configuring the DKIM can be an alternative to creating the SPF for all cases where you want to send with your domain from an external SMTP to registries, e.g. an SMTP from another provider, an external bulk mail system, etc.
What is DKIM?
DKIM (Domain Keys Identified Mail) is a record created on DNS that enables the authentication of an email through a digital signature associated with that domain.
How do I configure the DKIM?
In your customer area, click on the desired domain (find out how to access your personal customer area here)
Now click on EMAIL
Click on ACTIONS at the top right and select DKIM
Activate DKIM and close the popup
The inclusion of the SPF provided by Register is valid and guaranteed in case of sending from our platforms.
If you use a different sender, we ask you to provide the specific SPF.
What is DMARC?
DMARC stands for «Domain-based Message Authentication, Reporting and Conformance». It was developed to reduce e-mail misuse. This technology is based on the specifications for DKIM (Domain Keys Identified Mail) and SPF (Sender Policy Framework).
Using the DMARC policy, you can specify that your emails are protected using the SPF (Sender Policy Framework) and DKIM (Domain Keys Identified Mail) procedures. You can also use this policy to define how the recipient should handle email messages depending on the results of the DKIM and SPF check and inform you as the domain owner of any misuse.
DMARC policies are added in the form of a TXT record. This entry is called a DMARC record. It is created with the subdomain name _dmarc (e.g. _dmarc.example.com). The content of the TXT record consists of tags that are separated by semicolons.
Structure of a DMARC record
Example: v=DMARC1;p=reject;pct=100;rua=mailto:beispiel@email.com
| Name of the tag | Example: v=DMARC1 | |
| v | v=DMARC1 | |
| p | p=none/quarantine/reject none: Recipient is asked not to perform any action. quarantine: The messages are marked as spam. reject: Emails are rejected | |
| pct | Percentage of emails to be filtered. This value specifies the percentage to be filtered using the DMARC policy. The specified value must be a number between 1 and 100. The default value is 100. | pct=100 |
| call | Email address to which the error reports are sent. | ruf=mailto:beispiel@email.com |
| rua | Email address to which status reports are sent. | rua=mailto:beispiel@email.com |
| sp | Policy for subdomains. | sp=none/quarantine/reject none: Recipient is asked not to perform any action. quarantine: The messages are marked as spam. reject: Emails are rejected |
| adkim | Determines how exactly the emails must match the DKIM signatures. | adkim=r/s r: Relaxed. Every valid subdomain is accepted in the DKIM email headers. s: Strict. The header of the emails must match the value d=name in the DKIM email headers exactly. |
| aspf | Determines how exactly messages must match the SPF signatures. | aspf=r/s r: Relaxed. Every valid subdomain is accepted in the DKIM email headers. s: Strict. The email header must exactly match the domain name in the «SMTP Mail FROM» command. |
Configuring a DMARC record
In your customer area, click on the desired domain (find out how to access your personal customer area here)
Then go to DOMAIN AND DNS
Click here on DNS configuration
Now select Advanced
And confirm the following message
- Click on Add entry
- In the Name field, enter the subdomain name _dmarc. with your domain name
_dmarc.yourdomainname.ch - Under Type, select the entry TXT
- In the Value field, enter the desired tags, which you can separate with a semicolon (;).
- Save the entry by clicking on Apply
