Email service providers (like Gmail) include security to enable email recipients to know who is sending a given email. The intent is to prevent spoofing, which occurs when one sends an email that appears to come from one source but actually comes from another. This is a common practice used by spammers to trick people into opening, reading, and clicking emails.
This information is usually hidden in the headers of an email (code you don’t normally see but which tracks the journey of an email). Email service providers have begun to add “via” information to show who is actually sending the email. So even though your blasts are coming from firstname.lastname@example.org, the email service provider will show that messages are being sent by Salsa Labs. Here's an example of what this looks like in a Supporter's inbox:
This will no longer appear to the email recipient once the email service provider concludes that the email recipient actually wants to receive messages from the sender. For example, if the supporter replies to a message or adds your address to their address book, Gmail (or any other email service provider) will conclude that the supporter actually wants to hear from you.
This is another reason why you (as an email sender) need to make sure all emails feature a call to action. Engage your supporters so they can prove to email service providers that they're interested in what you have to say.
If you don't have an SPF record set up when you add an email address to the "Sent From" field for a Salsa Engage Email Blast, Salsa Engage will prompt you with a warning.
Never use the following domains for your "From" email address:
Many email clients automatically block emails from these domains or send them directly to spam. To ensure deliverability, these domains should not be used in the senders ("From") address.
What You Can Do - Set Up a Sender Policy Framework (SPF) Record
Email service providers check several ways to see if a message is authentic, but the easiest road to authentication is to set up an SPF record. SPF records verify that email senders (like Salsa) have permission to send email on your behalf.
Salsa staff cannot set this up for your organization - you'll need to work with your IT staff. If you are using common web hosting platforms, we have provided walk-throughs from their help desk:
- Click here for GoDaddy
- Click here for BlueHost
- Click here for Google Apps/GSuite
- Click here for NetWork Solutions
- Click here for DreamHost
- Click here for 1&1
NOTE: Before you begin, make sure you have the ability to add or edit a TXT entry to your DNS records. There can be only one SPF record per domain.
PRO TIP: If you're not sure who your domain host is, please go to https://whois.com and enter your domain, you can then look that up and the data will give you insight on who host's your domain.
Once you've made your SPF updates, enter your domain at https://mxtoolbox.com/spf.aspx to confirm that the changes have worked. The following example illustrates what you'll see (in MXToolbox) when you've set up your SPF correctly.
*PLEASE NOTE: It can take up to 24 hours for your changes to populate. DNS records for your domain normally will not update in real-time.
Tips About Adding Your SPF Record (For IT Professionals)
- To add a new SPF record...
- The format varies between various DNS platforms - please consult your specific documentation for instructions to enter an SPF record as a TXT record. It should look similar to
yourdomain.org TXT "v=spf1 mx include:salsalabs.org ~all"
- To update an existing SPF record...
include:salsalabs.orginto your current configuration, just before the "all" mechanism. This tells the SPF record requestor to look up the record for salsalabs.org and include that information in the organization's SPF response.
Below is a typical SPF record and a breakdown of what each component of the SPF string does.
v=spf1 mx include:salsalabs.org ~all
v=spf1means SPFv1 or SPF Engage, the current version of SPF. This identifies the TXT record as an SPF string.
mxis a mechanism indicating that the incoming mail servers for your domain are also permitted to send mail.
include:salsalabs.orgis a mechanism indicating any server permitted to send mail from salsalabs.org may also send mail from your domain.
~allmeans that all other mail not explicitly permitted by the rest of the SPF record can be accepted but will be marked for greater scrutiny.
If errors occur when checking your SPF lookup—especially references to too many DNS lookups— change the includes to IP blocks:
v=spf1 a mx ip4:18.104.22.168/23 ip4:22.214.171.124/23 -all
You should use the include statements and domain names. If Salsa Labs changes IP addresses for our email servers, those changes are reported immediately to the DNS servers that guide domains in knowing what IP addresses are.
If you are using hosted tools, such as Ms Office 365 or MS Outlook, white list our email server IP range:
What Supporters Can Do
On your sign-up forms, ask supporters to be sure to whitelist your "from" email addresses with their email service provider and to check spam if they don't hear from you.
Additional External Resources
- DreamHost: How do I add an SPF record?
- Google Apps: Configure SPF records to work with G Suite
- Host Gator: SPF Records Overview
- Microsoft: Set up SPF in Office 365 to help prevent spoofing
- Wix: Adding or Updating SPF Records in Your Wix Account