What are DMARC, SPF, and/or DKIM records and why do I need them?
All of these records combined communicate to other email servers that you are who you say you are when it comes to email.
Do you receive emails pretending to be to a bill, but then after you look closely, the bill is fake and some random email is sending it to you? That's called 'phishing' and sometimes scammers will use your email address in the return to field. If you do not have DMARC, SPF, or DKIM records set in your account, other email servers may pass this fake email on and you could face a myriad of issues, one of which is a downgrade to your business reputation.
With these records installed on your DNS Records, other servers check these records to validate email you send. If one of the records isn't present, the email is treated in various different ways, usually straight to spam folder. Sometimes email is completely rejected if these records are not present.
Here's a quick breakdown of how these records work:
SPF: These are the servers I will send from. If it says it's from me, but comes from somewhere else, it's likely fake.
DKIM: This is my email's security signature, if it's not attached to the email, it probably didn't come from my server/domain.
DMARC: If you (your email receiver) gets email that doesn't match the above two records, here's what I want you to do with it. (dmarc informs the other server where to send reports).
The above definitions are simplified for ease of use. If you are interested in digging into the technical nature of each, here are some following links to research:
SPF: https://docs.cpanel.net/cpanel/email/email-deliverability-in-cpanel/#customize-an-spf-record
DKIM: https://docs.cpanel.net/cpanel/email/email-deliverability-in-cpanel/#dkim
DMARC: https://dmarcian.com/why-dmarc/
How do I install these records?
All of these records should be installed on your DNS record which is located in cPanel and/or at your Domain registrar of choice. (godaddy, namecheap, domains.com, etc)
How do I know which place my DNS Record is being used if there are two?
You will always have a DNS record on your account with Wirecrane Studio, however you may not be 'using it'.
You can tell by finding out where your DNS Nameservers are pointed. This informs all servers interacting with ours where to find all required records.
Visit: https://lookup.icann.org/en and enter/search your domain name.
Next: Search the results called "nameservers" under the section called Domain Information.
If your nameservers are:
NS1.WIRECRANE.NET
NS2.WIRECRANE.NET
Then your DNS records are hosted with Wirecrane Studio and you can access them through the Zone Editor in cPanel. under the section called Domains.
Example results from ICANN lookup:
If your nameservers say anything else, your domain records are housed at the registrar where you purchased your domain.
To install these records open the location where your DNS records are located (Wirecrane Studio or Your Registrar)
If records are read from your registrar, you're going to want to open your cPanel DNS records from cPanel too so you can copy and paste records from your locally hosted records to your Registrar.
SPF:
Wirecrane Studio hosted DNS: When your account was set up at Wirecrane.com, simplified SPF records were created. There is nothing to edit unless you also send email from third-party newsletters (mailchimp, etc), gmail, or other source (Google Workspace, Outlook, etc). For every source, an element of the SPF record should be attached.
e.g. The basic SPF record that comes with your account:
v=spf1 +a +mx +ip4:199.250.221.244 ~all
e.g. an SPF record if you're using Google Workspace. Note the addition of "include:_spf.google.com". Google Workspace gave you this information in their help files and instructed you to add that. It means Google is now allowed to send email for you. Tip:You can also use this Google SPF record if you send email from Gmail using your local email with Wirecrane Studio.
v=spf1 include:_spf.google.com +ip4:199.250.221.244 ~all
Do not ever remove +ip4:199.250.221.244 from your record. That is our server's IP address. If you have a contact form on your website, it means our server is sending email to you via that form and other email servers need to know that it's safe to receive email from the server, not just your third-party email service.
Registrar hosted DNS: When your account was set up at Wirecrane.com, simplified SPF records were created. You should only need to do a direct copy of them to your registrar. See above for editing your SPF record before you copy it if you use a third party service to manage mail (newsletters, etc).
DKIM:
Wirecrane Studio hosted DNS:
When your account was set up at Wirecrane.com, DKIM records were created. There is nothing to edit. If you do not see the DKIM record in your DNS Records in cPanel, please open a ticket and we will make sure one is attached.
Registrar hosted DNS:
You need to copy the DKIM record from the local DNS record at Wirecrane Studio and add it to your DNS records at your registrar's DNS Record.
For both DNS Records: It is possible to have multiple DKIM records, one from every source you use for email (newsletters, third party email, etc). You must always include the one from our server to your records so that our server can send you email from your website forms, and if you use Google Workspace, they now require DKIM and you can find that record by logging into your Admin console. To find it easily, just search DKIM record from their search bar.
DMARC:
DMARC records require a specific set of elements to create the record. We've included a helpful tool that will make one for you by asking you questions and delivering the final record at the end.
https://easydmarc.com/tools/dmarc-record-generator
For either DNS record method you are using, install the record as per directions on the above link into your DNS Records.
It's also helpful to save this in a text file on your computer for safe keeping along with your other DNS records.