This is a post about what settings to add to improve your application's email deliverability. You can read the story of what happened and made me look into this or you can just jump straight to the settings below.
Hopefully this will serve as a checklist for my future self and maybe in the process can help someone else too. This should work and is needed for any provider like Postmark but probably is redundant for all-in-one platforms like Loops.so that guide you better.
The story
Years ago, I chose Postmark for my email provider after having been disappointed by Mailgun. But when you add a new domain in Postmark it asks only for DKIM and Return-Path, which are not enough by themselves. But since these got the green checkmarks on Postmark to light up, I naturally moved on and never looked back.
Recently a number of unDraw+ users reached out asking why they didn't receive their One-Time Password emails. The embarrassing answer was to check their spam folder. While we didn't have this problem for years, it turned out there were a few reasons for this happening:
- Since Postmark didn't ask for an SPF record, I forgot about it and it was set to point to Mailgun.
- When I rebuilt the app, I overlooked the actual email and stripped it down to the bare minimum with only some basic text and the code.
- Gmail and other providers started taking DMARC more seriously in the past years and, while I had heard of it, I didn't bother setting it up.
So I had to dig into my DNS settings and also research this whole thing to resolve it once and for all.🤞
What was asked by the platform (DKIM, Return-Path)
DKIM: Whenever you set up a new domain on Postmark, you have to add a TXT record with an RSA key to the domain's DNS. It's practically a way to sign your sent emails and verify you authorized this as the owner.
Return-Path: Where the emails that don't get delivered should end up. Almost always the email provider helps and takes care of that, thus the CNAME record to add to your DNS.
There are more (SPF, DMARC)
SPF: This is really important. This basically says that you as the domain owner approve some specific email servers to send on behalf of your domain. This is chainable and you can combine all the providers you use. There is a limit to how many, but if you hit that you have bigger problems. It looks like this:
v=spf1 include:amazonses.com include:mailgun.org ~all
An example with AWS SES and Mailgun together
Important: You can and must have a single SPF record per domain / subdomain.
DMARC: This is kind of a recent requirement since Gmail and other providers started taking it seriously in the past years. It signals that you took time to consider the security of your emails, ensuring that the from address is aligned with the authorized domains from the other records and telling the mail service what to do if something about an email looks suspicious (like quarantine, reject or just monitor it).
This is also a TXT record you add to your DNS and looks like this:
Name: _dmarc.yourdomain.com
Value: v=DMARC1; p=quarantine; rua=mailto:you@yourdomain.com
An example instructing to quarantine (send suspicious emails to the spam folder)
Note: The email you set will start receiving a bunch of non-human readable emails with reports from various email services which is kinda annoying so maybe try to set an email address you don't check often.
Finally: Your email content matters
While these ensure you are in a great place settings-wise, the emails you send matter. The tldr version is to try to create a normal human-made and human-bound email. One that kind of explains a bit what the email is about and also try to include a logo image of your app.
Conclusion
These seem a lot but are the simple steps to make sure all the parameters you can control are optimal for great email deliverability. You can and should check your emails with something like https://www.mail-tester.com/ Hope that helps!
Top comments (1)
Some comments may only be visible to logged-in visitors. Sign in to view all comments.