A lot of fuss has been made about Gmail and Yahoo changing how they process incoming mails. The big news is that they are now ‘authenticating’ emails.

The truth is, they have always authenticated emails. The ‘new’ authentications they are insisting on, are not new. They have been the gold standard for years – but it is true that many of us have ignored them since they were superfluous and email was still delivered even without the necessary records.

Come February 2024, gmail and yahoo have announced that they are cracking down on unauthenticated emails – namely emails from gmail.com, yahoo.com, aol.com, etc. Any email that is not from a verified domain (like wpbarista.com) is ‘unauthenticated’.

If you DO have an email at your own domain name (myblog.com) you just need to check that the correct records are there to authenticate your email.

The three records you need to authenticate your email are:

  1. SPF
  2. DKIM
  3. DMARC

Are these new? Absolutely not. And if you have set up an email over the last year you probably have these records. But let’s do a quick and easy check to make sure.

Check & Create SPF Records

What is SPF?

SPF stands for Sender Policy Framework. These records are created on your dns zone. This is usually hosted at your host or domain name registrar. We host our dns zones on cloudflare for faster and more secure service.

The SPF record simply lists the entities that have permission to send email on your behalf. Every time you add a mail server – whether Mailchimp, Sendgrid, Google Workspace, your host, they will give you a code to add to the spf record. All codes must be added to the SPF record in order to be valid.

Test your SPF

Below is a testing widget. Enter your domain name and click the button!

You’re looking for a ‘valid’ record like this:

SPF look up result example

Create SPF records

These records can be easily created once you have gathered the right information. Gather these resources before you begin:

  1. Access to your DNS Zone. You will need to login and add/edit DNS records for all three authentication records: SPF, DKIM, DMARC.
  2. SPF Records. You need the IP address or domain of anyone allowed to send email. If you have your own host or server, you will have that IP address. If you are using a third party like Google Workspace, MS 365, Sendgrid – they will provide the records you need.

Then all you need to do is add a record to your DNS Zone. When you have the records (IP addresses and domains) then use this generator to add them all together in the correct format. Login to your DNS Zone and create a TXT record with the entries from the generator.

DKIM – Domainkeys Identified Email

What is DKIM?

DKIM stands for Domainkeys Identified Email. It works by adding a private key to your email and a public key to your domain name. When you send an email, the recipient’s email program reads the email key and checks the domain name for a matching key. If they match – the email is then accepted. If they do not match, the email is trashed or added to spam.

DKIM records are created and added to both the email program and the DNS zone. First party email providers like your host company, Google Workspace and MS office, will have created the private key for you. It will be in place on your server. It is not enabled yet. You need to fetch the matching public key and add it to your domain name. THEN you turn on ‘DKIM’ in your email provider.

Test your DKIM

Below is a testing widget. Enter your domain name and click the box “Detect all selectors”.

If you have a DKIM record, you will then see the selector and the public key. (Remember that the private key is attached securely to your email service provider already).

For WPBarista, we use Google Workspace, so our first record looks like this:

We also use Sendgrid as our SMTP provider (attached to our WP site) and for our transactional emails, so we also have selectors, “S1” and “S2”. They look like this:

Create DKIM Records

If you do not have any DKIM records, then you’ll need to create some with the help of your host and email service provider. These records are available for all emails that are on a domain name that you control, like wpbarista.com.

If you are using @gmail.com to send email, they will not contain a DKIM! It is time to upgrade!

Gather these resources before you begin:

  1. Access to your DNS Zone.
  2. Two matching keys – get these from your email service provider.

Then all you need to do is add the private key record to your DNS Zone. Your email service provider will have installed the public key into your email program. And you’re all done.

Run the test again to be sure they are recorded properly.

DMARC Creation

What is DMARC?

This is the one that most have not heard of before. It stands for Domain-based Message Authentication, Reporting, and Conformance. This is the entry into your DNS zone that tells your domain how to test authentication, and what to do with emails that fail the authentication process.

It is one line that can be easily created and added to your DNS Zone via one txt record.

Test your DMARC?

Use the form below to test your DMARC record. You only need a “valid” record – we recommend a ‘none’ setting and “easyDMARC report” can be turned off. If you wish to purchase their service, it will instead say “active”. The only thing you need is “valid” in the first box.

Create a DMARC Record

This record can be easily created in your DNS Zone. You can use this generator to create a detailed one (not recommended) or you can use the following (not strict) handling of spam:

Record: “v=DMARC1; p=none; rua=mailto:[email protected]

The above record says, in English, “Version 1 of DMARC policy, our policy is = NONE (do not reject emails), and email a compiled report to myemail”.

If you use the above record, be sure to change the email to your email.

Implement the above record, by editing your DNS Zone like so:

  1. add a new TXT record
  2. name is _dmarc
  3. record is as above

Save this record and run the tester again to be sure all is valid.

Conclusion

The bottom line is that email will not be delivered to your subscribers with gmail and yahoo email addresses unless you use an authenticated domain from which to send email. This is about YOUR domain – not your clients’ emails. They can use gmail and receive your emails if you set up your email correctly.

Our Maintenance clients, Domain and Hosting clients have their DNS managed by us and we will create or edit these records for you free of charge.

We are here to help anyone with a WordPress blog – purchase a support ticket if you need a hand with these records. We are here to help!

My name is Cathy and you can connect with me on Social Media @wpbarista if you have questions!

Beginner Checklist

If you’re starting out, you’ll love our comprehensive 52 point checklist for your website! Read through once, and then work on items one at a time as it comes up!

52 Edits Checklist – beginners categories

Cathy Mitchell

Single Mom, Lifelong Learner, Jesus Follower, Founder and CEO at WPBarista.