The Mail Must Go Through

There are two competing interests when it comes to email. We all want our email to be delivered and yet we do not want to get spam.  80% of email traffic on the Internet is spam.  To combat this Internet Service Providers (ISPs) are trying to verify (authenticate) that senders of email are who they say they are. 

The two main ways that this is done today is by using SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail). 

The role of SPF is to prevent sender forgery. We have probably all received SPAM from someone we know, but we know they did not send it, this is sender forgery. It is a very common method for sending spam. With SPF specific email servers are designated to send email on behalf of specific domains. This means that only designated email servers can send email for myorganization.org. 

DKIM is another technology used to prevent sender forgery. DKIM is a way to claim ownership for an email. DKIM can be set up so that an intermediary server like the ones that Cividesk uses for sending email from CiviCRM can be validated as well. 

Both SPF and DKIM are shared to the Internet as records in the DNS (Domain Name System). This is the same system that lets us go to Google.com rather than 216.58.217.46. I am going to “216.58.217.46 that” is not as catchy as I am going to “Google that.”

Servers receiving email like Google, Yahoo, and Comcast check your emails against the DNS system that has your SPF and DKIM records to make sure they match. 

Now back to sending email from CiviCRM. When you send email from CiviCRM, Cividesk sends your email to an email sending vendor. This vendor specializes in keeping their email servers off of black lists and making sure that SPAM is not sent using their servers.  This means that they too want to validate that your email address has a valid SPF and DKIM record.  

Civdesk has been contacting our customers to make sure that they have valid SPF and DKIM records.  We will be continuing to do this to increase deliverability rates. 

There is one last important point to make. Many volunteer organizations especially like to let volunteers send email using CiviCRM from their personal email addresses.  For example, myname@gmail.com.  The challenge with this is that we cannot validate your permission to send on behalf of Google in this case. It is highly recommended that you do not use these types of emails with CiviCRM. 

In conclusion SPF and DKIM are great ways to try to reduce spam and increase deliverability percentage for legitimate email on the Internet.  We all want our email to get through and none of us want spam either.