Are your emails not going through? Have your customers said that they never got your email, or keep going to their spam folders? It is likely because Gmail, Yahoo, AOL, Google Apps, and Microsoft Office 365 are BLOCKING your emails due to a lack of authentication or a strict DMARC policy on your email.
Email authentication requirements have ramped up in recent years, and for good reason. In 2019, 55% of all email sent was SPAM! Yikes. If you get a ton of scams and spam emails in your inbox every day, you’ll eventually change to a different email provider, right? Email providers want to keep you as a customer, so they add extra security to help keep your inbox free of SPAM via 3 things: DKIM, SPF, and DMARC. We’ll talk more about what those are later, so don’t get bogged down in acronyms.
When you send emails to your customers, you have to make sure that your email passes these email security tests. That applies to everywhere you send an email, including:
Email spammers can fake the email address that they’re sending from to pretend to be a person or business you are familiar with. For example, a scammer may pretend to be your bank or facebook.com to try to get you to click on a fake link and enter your login details to a fake form. Scary, right? That’s why email clients take authentication seriously!
Email authentication via DMARC, DKIM, and SPF make it harder for spammers to fake that email address. Let’s use Gmail as an example. When I (from my jollity.io email) send an email to your Gmail account, Gmail sends a message to my jollity.io DNS (Domain Name Service) provider saying
“Hey, I just got this email from this server claiming to be @jollity.io, is that legit?”.
My jollity.io DNS provider reviews the server that the email was sent from and either says
“Yep, that’s a real email, go ahead and deliver it”
“NO WAIT! We don’t recognize that server! That is suspicious! Send it to SPAM!”
OR in some cases may say “DON’T deliver it at all!”
In the above scenario, SPF and DKIM both tell Gmail (or your email server) if the email is legit or not. DMARC gives Gmail instructions for what to do if the email appears to be suspicious. Think of it as having a fancy alarm system with a fingerprint scanner for your email inbox: nobody gets in unless they’re authenticated.
Example of blocked emails
The solution, of course, is never simple! How annoying, right? Keep in mind that all this mambo-jumbo originates from protecting you and your email recipients against scammers and spam, so direct your anger towards those scam creeps :-). How you set up authentication to ensure that you can send emails that get to your recipients depends on which type of emails you’re trying to fix. I covered a few basics below. For other providers, you’ll want to search their knowledge base or contact them directly. Or if you don’t want to mess with any of this, then reach out to us at Jollity via chat, support ticket (existing clients), or email and we’ll help you get it setup.
Google Apps has a pretty straight-forward set of instructions on authenticating for DMARC. Before you get started, make sure you have current access to:
Follow these instructions for Google Apps:
Follow these instructions for Microsoft Office 365 email:
If you host with us (Jollity managed WordPress hosting), on the business plan or above you have nothing to worry about as your website’s emails now come from an email address that is authenticated automatically. Hallelujah! If on the freelancer plan (our introductory tier), unfortunately, the new server perks don’t apply. If you don’t host with Jollity, then SendGrid could be a great option to consider. Or, my preference: switch to Jollity hosting!
SendGrid is also a great option if you want your website’s email notifications to come from your own domain. SendGrid has a free plan. https://sendgrid.com/. We are not affiliated with Sendgrid, we just like them 🙂
MailChimp provides instructions for setting up both SPF and DKIM here: https://mailchimp.com/help/set-up-custom-domain-authentication-dkim-and-spf/. BEWARE one step of their instructions says to create a new record for SPF. THAT IS NOT ALWAYS TRUE!! The instructions MailChimp provides fails to address that you can only have 1 SPF record per domain, so if you already have an SPF record in your DNS, you can not create another record. You can, however, have multiple domains in a single SPF record. It is insane to me that MailChimp doesn’t address this in their instructions, but they don’t, so be careful.
Ok, so what do you do now? Ask your email provider if SPF, DKIM, and DMARC are set up on your email account. In some cases, Jollity hourly support can help you. We can help you test for and configure SPF and DKIM authentication for your website’s email sending, for Google Apps, and for many of the 3rd party email services we mentioned above.
90%of consumer research starts online.