If you’re sending marketing emails then you’ll naturally want to do everything you can to get those emails into people’s inboxes.
Sending emails used to be simple however then came the fraudsters and so in the interests of security, email verification and authentication technologies were introduced. These are Domain Keys, DKIM, SPF and SenderID.
Enabling these authentication methods is a significant and important step in helping our marketing emails hit peoples inboxes. See MailChimp’s page for a demonstration of how many significant domains rely on these different authentication schemes to verify email senders. It’s a great article.
So, lets start with SPF and SenderID…
Firstly, skipping the long explanation, they’re 99% the same. Very basically, when a recipient reads an email from yourdomain.com it cross references the originating IP with yourdomain.com’s DNS server to verify that the email server’s IP is allowed to send emails. Simple.
To get this working go to http://www.openspf.org and complete their SPF record creation wizard. You’ll end up with something looking like…
"v=spf1 ~all"
Email this to the company that looks after your domain and ask them to add it to your DNS server as a text record. SPF – done.
Moving on to Domain Keys and DKIM…
These are again very similar but differ from SPF/SenderID in that rather than simply verify sending rights, they dig a little deeper.
When sending the email, the email server attaches an encrypted digital signature to its header. The recipient then processes this signature by cross referencing it to a text record held on yourdomain.com’s DNS server. Hence the recipient can again verify that the server sending the emails is genuine and legitimate, a little more securely.
So, getting it to work in Exchange…
Exchange doesn’t actually support DKIM or Domain Keys so you need to buy an after market software package. AdminSystem sell it, and it’s a not-so-cheap $799 for the Enterprise version (allows a number of servers to use it for the same domain). It supports not only Exchange but also IIS SMTP server so you can use it in several environments. The product is here and called (aptly) “EA DomainKeys/DKIM for IIS SMTP Service and Exchange Server”. It may look like an amateur website selling a fake product but it really works!
Installation is simple: download the MSI, install it, restart and voila…almost. Mid way through you need to create the DNS record and luckily for all of us there’s a video on youtube explaining exactly how you do this. It’s here, try to ignore the terrible music in the background. There’s also almost a minute of pointless pause at the end so be prepared to ignore it.
Once you have the text record you’ll again need to send this on to your DNS host for them to add to youdomain.com.
Lastly we need to test!
For Domain Keys/DKIM, send go to Mail Radar and send an email to the randomly generated address at the bottom. After a few seconds click view results for verification.
For SPF/SenderID we don’t even need to bother sending an email, just go to PoliteMail and type in your email address. PoliteMail will then verify the SPF record.
Bingo! DKIM, Domain Keys, SPF and SenderID all on an Exchange Server!
[...] using the SPF/SenderID and DKIM/DomainKeys frameworks. A few months ago I wrote a post describing how to integrate DKIM/DomainKeys into Microsoft Exchange Server. There are plenty of guides out there explaining how to set both of these up on [...]