There are several measures on how you can avoid your G Suite emails from going to your clients' spam or junk folders. It involves tweaking and configuring your mail settings to add certain rules, methods, and commands, which includes SPF, DKIM and DMARC.
But what are they and how do they help? Let’s have a quick look at each of these tools and what they achieve:
SPF or the Sender Policy Framework is a DNS text entry which shows a list of servers that should be considered allowed to send mail for a specific domain. Incidentally the fact that SPF is a DNS entry can also be considered a way to enforce the fact that the list is authoritative for the domain, since the owners/administrators are the only people allowed to add/change that main domain zone.
On the other hand, DKIM or the DomainKeys Identified Mail is considered a method to verify that the messages’ content are trustworthy, meaning that they weren’t changed from the moment the message left the initial mail server. This additional layer of trustability is achieved by an implementation of the standard public/private key signing process. Once again the owners of the domain add a DNS entry with the public DKIM key which will be used by receivers to verify that the message DKIM signature is correct, while on the sender side the server will sign the entitled mail messages with the corresponding private key.
And lastly, DMARC or the Domain-based Message Authentication, Reporting and Conformance is a process used to empower SPF and DKIM by stating a clear policy which should be used about both the aforementioned tools and allows to set an address which can be used to send reports about the mail messages statistics gathered by receivers against the specific domain.
So, how do these tools work and help you in preventing your mails from going to spam/junk? All these tools rely heavily on DNS and luckily their functioning process, after all the setup phase is finished, is simple enough as explained below:
SPF | Sender Policy Framework
- Upon receipt, the incoming message and the sender address are fetched by the receiving mail server;
- The receiving mail server runs a TXT DNS query against the claimed domain SPF entry;
- The SPF entry data is then used to verify the sender server;
- And in case the check fails, a rejection message is given to the sender server.
Google Article on configuring SPF: SPF Configuration
DKIM | DomainKeys Identified Mail
- When sending an outgoing message, the last server within the domain infrastructure checks against its internal settings if the domain used in the “From:” header is included in its “signing table.” If not the process stops here;
- A new header, called “DKIM-Signature”, is added to the mail message by using the private part of the key on the message content;
- From here on, the message’s main content cannot be modified otherwise the DKIM header won’t match anymore;
- Upon reception, the receiving server will make a TXT DNS query to retrieve the key used in the DKIM-Signature field;
- The DKIM header check result can be then used when deciding if a message is fraudulent or trustworthy.
Google Article on configuring DKIM: DKIM Configuration
DMARC | Domain-based Message Authentication, Reporting and Conformance
- Upon reception, the receiving mail server checks if there is any existing DMARC policy published in the domain used by the SPF and/or DKIM checks;
- If one or both the SPF and DKIM checks succeed while still being aligned with the policy set by DMARC, then the check is considered successful, otherwise it’s set as failed;
- If the check fails, based on the action published by the DMARC policy, different actions are taken - the mail can either be quarantined or a message
From the discussion above, Google has identified the use of these methods to prevent outgoing emails from landing to a recipient’s spam or junk folder. Google is participating in DMARC.org, which gives domain owners more control over what Gmail does with spam email messages from their domain. (About DMARC)
After knowing most of the things you need to learn about SPF, DKIM, and DMARC, you can now proceed to the Creating a DMARC record tab to begin employing DMARC.
Make sure that you have also understood all of the prerequisites to ensure that DMARC will work properly. For domain owners, it is important to configure SPF and DKIM keys on all outbound email streams, based from the discussion above.
You can also check out this YouTube video on how to implement SPF, DKIM, and DMARC in Google G Suite: Implementing SPF, DKIM, and DMARC in G Suite.