Email service providers include security to enable email recipients to know who is sending a given email. The intent is to prevent spoofing, which occurs when one sends an email that appears to come from one source but comes from another. This is a common practice used by spammers to trick people into opening, reading, and clicking emails.

This information is usually hidden in the headers of an email (code you don’t normally see but which tracks the journey of an email). Email service providers have begun to add “via” information to show who is sending the email. So even though your blasts are coming from xyz@yourorg.com, the email service provider will show that messages are being sent by Salsa Labs. Here's an example of what this looks like in a Supporter's inbox:

This will no longer appear to the email recipient once the email service provider concludes that the email recipient wants to receive messages from the sender. For example, if the supporter replies to a message or adds your address to their address book, Gmail (or any other email service provider) will conclude that the supporter wants to hear from you.

Email service providers check several ways to see if a message is authentic, but the easiest road to authentication is to set up an SPF record. SPF records verify that email senders (like Salsa) have permission to send an email on your behalf. Adding an SPF record to your email system allows your email servers to approve emails sent by Engage on your behalf. If you don't have an SPF record set up when you add an email address to the "Sent From" field for a Salsa Engage Email Blast, Salsa Engage will prompt you with a warning.

Salsa staff cannot set this up for your organization. You'll need to work with your IT staff. If you are using common web hosting platforms, we have provided walk-throughs from their help desk:

• Click here for GoDaddy
• Click here for BlueHost
• Click here for Google Apps/GSuite
• Click here for NetWork Solutions
• Click here for DreamHost
• Click here for 1&1

NOTE: Before you begin, make sure you can add or edit a TXT entry to your DNS records. There can be only one SPF record per domain.

PRO TIP: If you're not sure who your domain host is, please go to https://whois.com and enter your domain, you can then look that up and the data will give you insight on who host's your domain.

Once you've made your SPF updates, enter your domain at https://mxtoolbox.com/spf.aspx to confirm that the changes have worked. The following image illustrates what you'll see (in MXToolbox) when you've set up your SPF correctly.

 *PLEASE NOTE: It can take up to 24 hours for your changes to populate. DNS records for your domain normally will not update in real-time.

Tips About Adding Your SPF Record (For IT Professionals)

Implementation

The format varies between various DNS platforms - please consult your specific documentation for instructions to enter an SPF record as a TXT record. It should look similar to

• •  yourdomain.org TXT "v=spf1 mx include:salsalabs.org ~all"

To update an existing SPF record...

• • Insert include:salsalabs.org into your current configuration, just before the "all" mechanism. This tells the SPF record requestor to look up the record for salsalabs.org and include that information in the organization's SPF response.

Syntax

This typical SPF record contains a breakdown of what each component of the SPF string does.

v=spf1 mx include:salsalabs.org ~all

• v=spf1 means SPFv1 or SPF Engage, the current version of SPF. This identifies the TXT record as an SPF string.
• mx is a mechanism to show which email servers should be used when relaying email.
• include:salsalabs.org is a mechanism indicating any server permitted to send mail from salsalabs.org may also send mail from your domain.
• ~all means that all other mail not explicitly permitted by the rest of the SPF record can be accepted but will be marked for greater scrutiny.

Troubleshooting

You should use the include statements and domain names and not IP addresses. If Salsa changes IP addresses or adds email servers, those changes are reported immediately to the DNS servers that guide domains in knowing what IP addresses are.

If you are worried about phishing or spoofing attacks on your domain, we can set up a custom DKIM signature for your domain. If this is something you wish to do, contact our Software Support team at support@salsalabs.com. We can then set up a meeting with our deliverability team to get that set up. We will need to connect with the entity that manages your domain’s DNS record.

• DreamHost: How do I add an SPF record?
• Google Apps: Configure SPF records to work with G Suite
• Host Gator: SPF Records Overview
• Microsoft: Set up SPF in Office 365 to help prevent spoofing
• Wix: Adding or Updating SPF Records in Your Wix Account