[TfTi] Google Made Me Do It (DKIM & More)
You may have received a scary email from Gmail or your email marketing platform warning that your emails may not be delivered unless you install new “authentication” of your domain by February 1. The subject line in the one I got from our Kartra provider read, “Important Update: Action required to ensure email deliverability.”
Yeah, I had no idea what they were talking about when I first read it either.
Later the same day, I got another email, this one from our “kids” at BlogPaws with this subject line, “Google is at it again. DMARC, huh?”
Phew! … back when I was the self-appointed “Left Rear Paw” co-founder at BlogPaws, the toughest tech issues I had to write about were how to use HTML or CSS to format the way an image would display on different screens, or help our members install ad code in their blog’s sidebar. But that experience does carry over in a couple of ways.
Authors need to reach their audiences
First, this set of updates from Google affects a key channel for authors to connect with their fans: email. We write frequently about how authors must treat writing and publishing books as a business, similar to how our work at BlogPaws was about helping pet bloggers make a living as they became “social media influencers.”
Second, the help I’m going to offer here will not look exactly like what you’ll need to navigate, unless your email platform is Kartra and your domain host is Bluehost. Again, back in the day, we had our BlogPaws site on TypePad, but had to help members using WordPress, Blogger, and other platforms. But it should be similar enough for you to figure out, with a little help from the support team at whatever platforms you’re using, like Mailchimp or GoDaddy.
I like to say, “Everything is figureoutable,” but as you’ll see it took help from the Bluehost support team for me to get this one done. Don’t hestitate to find the help you need.
The upside of these updates
We’re about to dive into acronym hell. But try to see beyond the annoyance of yet another command from Google forcing us to add another level of complexity to what we do. As the BlogPaws team described it, the purposes of these should benefit both our marketing efforts and the security of our audiences’ inboxes:
“So why is this happening now?
Mainly because it helps prevent hackers from phishing and pretending to send emails from your domain. But also, it will help keep your emails out of spam folders.”
Bottom line: if you get your emails into compliance, you’ll look better to Google AND your audience than the probably large numbers who ignore these requirements.
So, with Tom Petty echoing in our heads, let’s enter the Gates of Hell and we “won’t back down”!
DKIM
I’m taking them in the order that Kartra’s documentation does, so we’ll start here. But again, your platform may tell you something different and you should follow theirs.
Brief detour: The first change we had to make didn’t directly involve the alphabet soup of acronyms, but connecting our business domain masterbookbuilders.com to our Kartra account as the default email address for the newsletter emails we send out weekly. We’ve had a company email address, connect@masterbookbuilders.com, but we’ve been sending the newsletter from our personal addresses, because Yvonne and I take turns writing and we wanted to flag which of us wrote that week. Because of these updates we’ll be using the company address going forward, since all these authentication tags are tied to the company domain and revolve around verifying that our emails actually come from us.
What’s DKIM? From a Cloudflare article:
“DomainKeys Identified Mail (DKIM) enables domain owners to automatically “sign” emails from their domain, just as the signature on a check helps confirm who wrote the check. The DKIM ‘signature’ is a digital signature that uses cryptography to mathematically verify that the email came from the domain.”
Doesn’t help me understand how it works, either. But that last part, “verify that the email came from the domain” does sound like what we’re after, right?
And this is where the focus shifts from your email marketing platform (Kartra, for us) to your domain hosting platform (Bluehost, for us). Because attaching those “keys” to your domain requires entering another level of acronym Hell, your domain’s DNS settings. DNS, or the Domain Name System, is where your branded, human readable URL gets translated into those numerical IP addresses where everything on the internet lives.
If you’re not familiar with making changes to your DNS settings, start out with contacting your host’s support team. I’ve been making changes to ours in GoDaddy, Namecheap, Bluehost, and others for a couple of decades, so I fussed with this by myself for way longer than I should have. But I ended up reaching out to the Bluehost support team and from there we got all of this done in about a half hour.
Back at Kartra, I was instructed to obtain the unique DKIM records for our emails and then install them as three new “CNAME Records” in our DNS settings. Here’s what the sample of such records looked like, in the Kartra instructions:
Once I had generated the values specific to our domain, I gave them to my Bluehost helper and he added the necessary CNAME Records. Back in Kartra, I was instructed to click a checkbox to verify that the new records had been added and that gave me the hoped-for success message:
YAY! One down . . .
SPF
Sender Policy Framework provides a way for you to list all the mail servers that are authorized to send emails from your domain. You share this listing with your recipients’ email clients by adding a TXT Record to your DNS settings.
See why I recommend getting help from your domain host?
In this case, you’ll need to get the SPF “value” for the TXT record from your email address host or what Kartra calls “SMTP service.” In our case, we’ve set up the company email through Bluehost’s Google Workspace account, so I went to Google Workspace Admin Help for ours.
The TXT record in your DNS settings should end up looking something like this:
And you can test it in a free tool at dmarcly.com, which should result in another success celebration!
There will be a lot of details specific to your domain beneath that success message, which you can gaze at in bewilderment, like me, if you wish!
DMARC
Domain-based Message Authentication Reporting and Conformance (DMARC) enables you to tell your recipients’ email what to do with your email if it still looks suspicious under their policies.
The options for what action the receiving email client should take are:
- p=none: Deliver all mail, regardless of verification.
- p=quarantine: Treat the message as suspicious and potentially spam.
- p=reject: Do not deliver at all.
Since we’re just setting this up for the first time, Kartra recommended setting the DMARC policy as “none.” That made our DMARC record look like this generic example:
Remember to substitute your email address into the “rua” section of the “Data” or “Value” for your TXT record. Once again, there’s a testing tool for DMARC settings, and your results should look something like this:
Since you’re starting out with “none” as your action policy, you’ll see a warning about that. But don’t worry, the explanation repeats the advice to keep your setting as “none” until you have some experience with the DMARC reports that you’ll start receiving.
Which brings us back to the entrance, where we can leave Acronym Hell.
Until the next Google update . . .
Leave a Reply