Posted on by admin

Setting Up and Testing SPF and DKIM Authentication for Automated Email Systems

For years … decades, actually … hackers have been able to “spoof” email addresses and send out spam as if it came from other peoples’ email accounts. Internet service providers have finally settled on authentication standards to ensure that emails actually originate from the same domain as their return address. 

But what if you INTEND to send an email from a mail server that isn’t running under your organization’s domain? For example, say your email is “me@myorganization.org,” but your CRM database sends email on your behalf and it has a sending server address like “salesforce.com.” That can look like spam too.

At WaterGrass, we and our clients use the WaterGrass CRM to register participants in our events and to send them confirmation and reminder emails, expiration and renewal notices, as well as for a host of other things. We want the inboxes receiving these emails to know that they came from us.

That’s possible thanks to the new authentication standards, Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM). These let ISPs verify that our email comes from a server we authorize to send on our behalf. Beginning this month, Google and Yahoo say they will require all bulk emailers (sending more than 5,000 emails a day to their email servers) to use SPF and DKIM. And anyone who uses SPF and DKIM will be less likely to be caught in spam filters.

What To Do

Luckily, it’s easy to test whether your emails already have SPF and DKIM, thanks to a number of different testing tools. Our favorite is DKIMValidator.com. Simply send an email to the address DKIMValidator provides, and then click on the “View results” button to see what security has already been set up for you, as well as the rating give by SpamAssassin, a tool used by most ISP’s to weed out spam.

It’s only a little more complicated to test email generated by your CRM. We’ve put together documentation with screenshots to guide you, as well as help testing and setting up your SPF and DKIM authentication.

If you’re not ready to dive in now, store this blogpost away for the inevitable time when authentication is required of all of us. And remember, if you’re a WaterGrass user, you can always get in touch with support@watergrass.org to help you through this process.