Trail Blazer Knowledge Base

 

Home : General : Adding a DKIM Key to your domain's Txt Record & Validating your SPF/DKIM Configuration for Outbound Email Blasts --- Greatly Improve Your Email Open Rates! (*requires access to your web host)

Knowledge Base







User:

Password:



Article ID: KB108
Keyword Name: DKIM, SPF, Email, Open Rates, Spam, Eblasts, Configure, Settings
Created: December 21, 2017
Viewed: 55764

Adding a DKIM Key to your domain's Txt Record & Validating your SPF/DKIM Configuration for Outbound Email Blasts --- Greatly Improve Your Email Open Rates! (*requires access to your web host)




Last Updated: 2017-12-21 by Kristenson, Joel




Preparing your domain for email blasts


How to set up your domains DNS Txt records to support Trail Blazers (SPF / DKIM keys) when sending out mass emails from Trail Blazer.



Why setup SPF and DKIM Keys?
 

ISPs such as Gmail, AOL, Hotmail, MSN, Yahoo, etc. are checking your incoming emails for authentication (SPF / DKIM Keys). If your email is not authenticated. It could look suspicious to them, and when they run it through their spam filters your email could rejected land in the spam / junk folder instead of the inbox. If your emails are authenticated, ISPs use this as one of many measurements indicating your email is more ‘trustworthy.’





Configuring your DKIM Key:

What is a DKIM Key?

A DKIM Key consists of a Public and a Private key. When sending email through Trail Blazer each email is signed with the Private key. As it arrives at the ISPs they will cross check the Private Key with the Public key from your domains DNS Txt record to make sure they match, again using this as a measurement of trust. 




What do I need?
You'll need access to your domains DNS records typically this is where your domain was registered. If you don’t have access, ask you hosting provider or your system administrator to add a Txt record for both a SPF and DKIM Key for you.



I'm not sure if my DNS service supports TXT Records. Check this list to see if yours does.
http://www.kitterman.com/spf/txt.html




How do I get my DKIM Key?
Proceed to the next step and add the keys to your domains hosting provider.  We used to require that you requested this from support, but it's now automatically configured on our end so you don't need to go through that step anymore.



Configuring your DNS Service
You will need to add two records to your DNS records, a [CNAME] and a [Text] record as follows.

CNAME: trailblz._domainkey.yourdomain.com trailblz._domainkey.trailblz.net
TEXT: _domainkey "o=~;"


If you are using godaddy.com as your DNS service you can use the following as an example:

Godaddy DKIM Example



How do I know if my key is working?

To verify your DKIM key is working properly you will first need to send yourself an email to a email provider that uses DKIM keys; like gmail. Below is an example from gmail, To check that gmail is setup you will need to view the original message my selecting the [Show Original] link within the drop down arrow in the upper right corner of the email. If the email has a valid DKIM key you will see a section within the body of the message like the following example outlined in yellow.


Google DKIM Example



You can also use this tool:

Type: trailblz in the selector field
Type: yourdomain.com in the domain field

http://www.protodave.com/tools/dkim-key-checker/


DKIM Checking Tool







Update a DNS TXT record to include SPF to validate outbound email sent from your domain:

How do I setup my SPF Record?

We recommend that you add a Sender Policy Framework (SPF) TXT record to your DNS record to help prevent spoofing. SPF identifies which mail servers are allowed to send mail on your behalf. SPF is added as a TXT record that is used by DNS to identify which mail servers can send mail on behalf of your domain. Recipients can refer to the SPF TXT record to determine whether a message from your domain comes from an authorized messaging server.


Your SPF TXT record will include the following syntax:

include:spf.trailblz.net


Example #1 Basic:
v=spf1 include:spf.trailblz.net ~all



Example #2 Godaddy:
v=spf1
include:spf.trailblz.net mx mx:smtp.secureserver.net mx:mailstore1.secureserver.net include:smtp.secureserver.net ~all


Example #2 DnsMadeEasy.com with Office 365:
"v=spf1 include:spf.trailblz.net include:spf.protection.outlook.com -all"



Need help creating your SPF record? Try this interactive wizard at SPFWizard.net
http://spfwizard.net/





Validating your SPF and DKIM Records for outbound mail:

I’ve setup both a SPF and DKIM Key now what?
Once you have added the SPF record, you can verify it is setup correctly by using a tool like mxtoolbox.com
http://www.mxtoolbox.com/spf.aspx

 

Another great validation tool, it has more advanced checking.
http://www.kitterman.com/spf/validate.html



Another great validation tool
http://emailstuff.org/




For more general information on Sender Policy Framework visit:
http://en.wikipedia.org/wiki/Sender_Policy_Framework
 






Need help you your DNS service, Here are some external links for modifying DNS records

 

Are you ready to learn more? Contact Us