What is a SPF/DKIM record?

To ensure the security and authenticity of emails, we need our users to add some DNS records to their domain. These records are known as SPF and DKIM. But what exactly are they?

An SPF record specifies which mail servers are permitted to send email on behalf of a domain. This helps prevent email spoofing. One might notice that our DNS records don’t include an SPF record directly. Instead, the SPF record is associated with a custom bounce domain via a CNAME. For example, SPF checks will refer to bounce.mycampaign.com and use the SPF record from there. This setup simplifies the process for our users.

DKIM enhances email security by using cryptographic techniques to verify the sender’s identity. Think of it like the chip in a credit card, which adds an extra layer of security. DKIM makes it much harder for malicious actors to spoof emails and is highly recommended for email security.

All our emails must be verified with both SPF and DKIM. Users can check this in Gmail/GSuite by using the “Show Original” option. Unlike other campaign email tools that only require an SPF record (e.g., bounce.mysoftware.com), our system uses a branded bounce domain (bounce.mycampaign.com) for added security and personalization.