Skip to content
Sign Up for FREE
Sign Up for FREE
Ben Brown, CTOJune 24, 20202 min read

DNS, DKIM, SPF, Oh my!: The technology behind deliverability and how to use it to your advantage

deliverability techI want to talk about deliverability. Before you run away, give me a minute to explain. Everybody has their own feelings about deliverability and what it means to them. At the base level deliverability can really be broken into two areas. Delivery to a mail server, and delivery to the inbox. These may sound like the same thing, but really, they're quite different. One is all about the tech, and one is all about the content. Since I'm a tech guy, today we're going to talk about the tech side and what it takes to get your email to at least make it to the server (for tips on the content side, see here!).

When people hear the words, "Deliverability Technology", they immediately start having visions of complicated acronyms. You're probably picturing DKIM, SPF, DNS and many others floating around in a nebulous cloud. Let's pull a couple of those out and talk about what they really mean, starting with the glue of the internet: DNS.

Domain Name System, or DNS, isn't really a deliverability technology. DNS binds the entire internet together. The DNS record is similar to a Facebook page. It stores all the details about a specific domain, like Just like a Facebook page includes business descriptions, phone numbers, addresses and posts, your DNS record includes web servers, email servers, validation tools, and other domain details. The DNS serves as the public advertisement for all your business technical details.

Now that we know about DNS, let's talk about some details that we can add to a DNS to help improve your delivery. The most basic of these is Sender Policy Framework, or SPF. SPF is a simple tool for a marketer to tell the world just who can send an email. Think of SPF like a permission slip you send to school with your child. You're telling the world that you have permission for another server to send your email. Every time a server accepts a piece of email, the server asks for a copy of the permission slip. This permission slip is stored in your DNS so that everybody can see it.

After you've handed over permission, you want to make sure nobody has stolen it. That's where DKIM comes into play. DomainKeys Identified Mail, or DKIM, is a method for certifying that your mail is coming from somebody you trust. DKIM secures your mail by creating a signature with a special key. This key is sealed and only the computer sending the email has the secret key, and attached to your DNS is a secret decoder ring. When an email is received by a server, that server uses the decoder ring to check the message and make sure the sender signed the message with that special key.

All of this technical talk may seem confusing or challenging, but it doesn't have to be. Bottom line, SPF and DKIM are just little snippets of text that you attach to your DNS. If you have a website, you have a DNS server. All of the hard configuration should be handled by your ESP (Electronic Stability Program), so once that's done, simply add a few text entries on your DNS. Once you've added these text messages to your DNS, you have taken the first critical step down the path of reliable deliverability.