How email spam works

How email spam works

Whilst your email shows as coming from your domain, it is actually sent out via the server of whatever email platform you use. In most cases, this would be either google.com (Google Workspace) or outlook.com (Office365). To make it even more confusing, you can also send out emails from your domain via other platforms you may use; such as Salesforce, Aroflo, Hubspot etc. In fact, all the autoresponder emails sent from your website are sent via sendgrid.com.

 

Whilst this is great to ensure your customers know it's from you, it also opens it up for spoofing. Spoofing is where spammers send out emails from their servers set up to look like they are from you. Exactly the same way your legitimate emails are sent. So we need a way for email platforms to know if an incoming email is legitimate or not. There are 3 ways this is achieved.


SPF Records

 An SPF record is something put on your domain stating what servers you send emails out on. For example, when we set up your website, we always add an SPF Record to state that you will be sending out emails via sendgrid.com for your autoresponder emails. So when an email platform receives one of these emails, it quickly reads the SPF Record on the domain to see if the sending server is legitimate. 

 

In most cases, you should be all good here.

 

If you want to get technical: https://www.valimail.com/blog/what-is-spf/

DKIM Records

A DKIM record is the next level. Here a DKIM record (a string of around 128 letters) is created and added to both your domain and whatever platform you are sending emails from. When an email is sent from the platform it adds the DKIM record to the email head. When an email platform receives an email it matches the DKIM record in the email head with that on the domain to make sure they match before letting the email through.

 

In most cases you won't have this, so will need to set this up for all platforms you send email from. This includes both Google Workspace and Office365.

 

If you want to get technical: https://www.valimail.com/blog/what-is-dkim/

DMARC

This is the big change coming to Google and Yahoo at the end of the month.

 

DMARC is a record we add to your domain telling email platforms what to do if they get any emails for your domain that don't pass either the SPF or DKIM records. It tells them to either accept, reject or quarantine the email and where to send a report for every email that fails.

 

This means that if someone is spoofing your email, you will get notified of this and will be able to take action.

 

Once again, most of you won't have this set up and if it isn't by the end of the month your emails to any Google or Yahoo email address will bounce.

 

If you want to get technical: https://www.valimail.com/blog/what-is-dmarc/

    • Related Articles

    • Wildjar Call Tracking

      Wildjar is the call tracking platform we use on our websites. Whilst the primary purpose is to allow us to track phone call conversions in your analytics, it is also a good platform for you to view specific call details as well as listen to them. ...
    • Give Access to your Google Ads account

      Giving us access to manage your Google Ads account is a 2-step process. Step 1: Find your Google Ads Customer ID number and pass it onto us. Please email this to support@probityweb.com.au <br> Step 2: Once we've added you to our Google ...
    • Adding Users to Google Analytics

      To ensure that we have historical data when you first start working with us, it is best that we get access to your existing Google Analytics platform. To give us access: Go to https://analytics.google.com/ and log in with your Google Account Open the ...
    • Add Users to Google Business Profile

      We need access to your Google Business Profile so we can optimise it for local search and share content from your website on it. To give us access: Firstly, search your business name in Google (google.com.au). You should now see your Google Business ...
    • SmartyrDXP Website & Dashboard

      SmartyrDXP is the website content management system (or Digital Experience Platform - DXP) that we use to build and manage our websites with. This is our own platform that has been built with many of our SEO strategies integrated into it, not to ...