Campaign Email Settings
Originally developed at Yahoo!, DomainKeys Identified Mail has become a global standard in email security and is, together with its sister SPF, and CNAME, absolutely necessary to implement by anyone serious about mailing, especially if you want to send campaign emails.
In this article, we’ll show you how to setup your DNS record to make your email more secure and improve deliverability.
There are 3 key areas of the DNS record required in order to send Campaigns from Tracker.
- DKIM Record - This is the Domain Key record that will authorize your domain against the emails we send
- SPF Record - This is the main reference for received emails to ensure your domain allows sending from our servers
- CNAME Record - This is a redirection record that will authenticate our campaign domain against your own
What you'll need before you begin
Every domain (e.g. tracker-rms.com) has a DNS Record, normally hosted by the company you bought the domain from originally. This contains the instructions for that domain, for example the web server to point to when people want to go to your website (www.tracker-rms.com --> IP 123.321.123.321).
You will need to have access to make changes to this DNS record for your domain in order to edit or add entries within it.
What is DKIM?
DomainKeys Identified Mail, or DKIM, is an authentication protocol that links a domain name to a message. The protocol allows you to sign your email with your domain name. The purpose of the DKIM protocol is not only to prove that the domain name has not been usurped, but also that the message has not been altered during transmission.
DKIM is in theory quite simple. It relies on asymmetric encryption and therefore works with any tool developed for such a use. First one has to generate a private/public key pair. Then the public part of the key has to be put as a TXT record to the domain which is used as the sender address. The private key is then used to create a signature for each email. The signature is basically a hash code and computed by taking the content of the email and combining it with the private key using a security algorithm. The signature is then saved as a header of the email.
When a receiving SMTP server detects such a header, it looks up the public part of the key by asking the domain name system (DNS) for the TXT record. One of the beauties of asymmetric encryption is that the keys are like brothers: they share DNA. Using the public key, anyone can tell whether the email was sent by the owner of the domain or not. If this check fails or if the header and therefore the signature does not exist, many email service providers raise an alarm and may, depending on the volume of email sent, decide to mark this email as spam or even to block the sender IP address.
Why should you use DKIM?
The reason is quite simple: along with SPF, CNAME and DMARC, these are the main protocols for verifying the identity of senders. This is one of the most effective ways to prevent phishers and other scammers from posing as a legitimate sender, whose identity they could impersonate using the same domain name.
But this is not the only advantage. In fact, the implementation of these protocols improves email deliverability. Thanks to these protocols, your emails will be better identified by ISPs (Internet Service Providers) and your recipients’ email clients, which improves the chances of your emails reaching your contacts’ inbox and not the Spam folder.
These protocols have become the standard in the email world. A message sent without DKIM, CNAME and/or SPF can be considered suspicious by the different email analysis tools.
How your email appears is important.
Sending from our Campaigner without settings up DKIM/CNAME/SPF means the emails From field will appear like this:
From: John Doe <email@example.com> On Behalf Of John Doe (firstname.lastname@example.org)
By setting up DKIM/CNAME/SPF (or sending from your own Mail Server of course), this will appear as follows:
From: John Doe <email@example.com>
This clearly looks far more professional to the recipient.
How to set up DKIM with Tracker
To define Tracker as a legitimate sender, you must configure your SPF, CNAME and DKIM for each of your sending domains (e.g. yourdomain.com).
Full instructions can be found in Tracker within the Tools & Settings > Lead and Campaign Settings page.
Setting up DKIM with Tracker is very simple. Below you will find the public key to register through your website host interface. There, you can integrate the public key into your registration area.
|Type||Host||Value (as one long string with no line breaks)||TTL|
How to setup SPF with Tracker
You will already have an SPF record within your DNS Record which might look something like this:
v=spf1 a mx include:spf.protection.outlook.com ~all
There should be only one SPF record for a domain and therefore you will need to insert the following into your existing SPF record. Do not create a new SPF record:
An example for a full SPF record with the above included might therefore end up looking like this:
v=spf1 a mx a:tracker-campaigner.com ip4:18.104.22.168 include:spf.protection.outlook.com ~all
How to setup CNAME with Tracker
A new CNAME record is required to link your domain to ours. There is also a process to complete to link our domain back to yours but we will automatically detect and complete this for you once these details have be completed and verified.
Please note that the dot (period) at the end of the Value is important.
How to verify your DNS Record in Tracker
Once the above instructions have been completed you will need to verify them within Tracker so that Tracker can activate sending emails from the Campaigner, and also tell our campaigner to construct the emails in a way that maximizes deliverability.
To do this, go to Tools & Settings > Lead and Campaign Settings and go to the Campaign Email Authentication section.
- Tick the option called I will manage my own campaign email authentication to display the domain information
- Enter your domain name in the Domain field provided (do not include the www as this is not part of the domain)
- Click the Generate Keys button to create and display the required keys summarized above
There are helpful fields to allowing copying of all of the above settings within this page and an indicator next to each to tell you whether the DNS Record has been successfully verified by Tracker. These will appear as green "ticks" if the details are correct.
Once all indicators are green, please click the Save Settings button at the top of the page. This will store the verified details and allow the campaigner to be used.
If any of the details are still showing a red "X" then please recheck the details for that record carefully. Note that DNS Record changes can take up to 24 hours to take effect and be accessible by Tracker so waiting can also sometimes be the solution.