Featured
Email Authentication Issues - SPF, DKIM, and DMARC

Email Authentication Issues


DJ Event Planner sends email messages through your email provider using the SMTP protocol.

Some email providers have enacted new rules when sending email through SMTP that those senders must be authenticated.

Due to those recent changes, you may receive a hard bounce email with the following message or something similar:

“550 5.7.9 This email has been blocked because the sender is unauthenticated.  Email provider requires all senders to authenticate with either SPF or DKIM.”

This means that either your Outgoing Email Server is not setup correctly in your DJ Event Planner Account or that you are missing required DNS entries on your sending email domain: SPF, DKIM, and DMARC.


How do I know what I need?


First you will need to check to make sure your Outgoing Email Server is setup properly.  To do that, log into DJEP -> Setup -> Email Settings

Click Expand next to the user level to look at, and then Outgoing Server, if it is Green it is setup, if it is Grey than it is not setup.  If it is not setup, you will need to setup your Outgoing Email Server before continuing.


 


If the Outgoing Email Servers are setup, the next step is to test the connection.  You can do that under Setup -> Email Settings -> Test Employee Connection (grey button top right)


 


You can select specific employees or use the Select All button and then Start Test.

If there is an error connecting it will show that, if successful it will provide that as well as a connection time.

If a test is unsuccessful, that means the stored credentials/settings are no longer valid and you will need to setup the Outgoing Email Server correctly before continuing.


The outgoing Email Servers are correctly setup, so now what?

The next step is to run an Email Deliverability Test; this test will show if something is missing in your DNS settings.

You can run the Email Deliverability Test found by logging into DJEP -> Setup -> Email Settings -> Email Deliverability -> Email Deliverability Test -> Start The Test

Select the User you want to test and an email template and click on Continue; on the next page click on Run Test.

The test will provide you a score out of 10 points. You will want to look for yellow or red items, these will be the items you want to address*side note, if using a Google Workspace or Gmail account, this test will often show that your email is on a Sorbs blacklist, this can be ignored.  You can also ignore the yellow check under ‘Your message could be improved -> Your message does not contain a List-Unsubscribe header’ as that as not needed as mass email is forbidden from your DJEP account. (https://eventplannerfaq.com/index.php?/article/AA-00282/0/)


You want to look at the header that says either “You’re properly authenticated” or “You’re not fully authenticated”.

If it says “You’re properly Authenticate” with a green check box, then you are good to go, you can stop here.


 

If it says ‘You’re not fully authenticated’ it means you have some work to do.  Click on that title to expand for more details.


 

The three things that MUST be green are SPF, DKIM, and DMARC.

If one or more are missing, please continue below for more details on each.


This guide will assist with setting those up on your own; however, this requires editing your DNS records for your email’s domain.  FOLLOW THESE STEPS AT YOUR OWN RISK!!!  

MAKE SURE YOU ARE EDITING YOUR EMAIL DOMAIN – THIS IS NOT YOUR DJEP DOMAIN!

Your email domain is the part after the @ symbol in your email address.


If you are not comfortable editing your DNS records, please connect with a Web Developer or contact your Web Host.  Incorrect settings or accidentally deleting/editing the wrong record could break your website/email.

If you would like assistance from a DJ Event Planner staff member and are not a Premium Plus Subscriber, you can schedule a Per-Incident Support call via Zoom for a fee.  Please reach out to the DJEP team either via Live Chat or Support Forum for the link to schedule that call for a fee.

If you are a Premium Plus Subcriber, you can schedule a Zoom meeting by logging into your account as the Master Administrator -> Support Options -> Premium Support -> Schedule a Call (be sure to select Zoom)

If you use a different email provider than the ones listed in this document, you will need to reach out to your email provider to assist with setting the proper SPF, DKIM, and DMARC records.  If you are unable to get support via your email provider, please post on the Support Forum and our staff will do our best to assist.


SPF Records

Email Providers and the SPF record that needs to be entered:

Google Workspace:  v=spf1 include:_spf.google.com ~all

Microsoft: v=spf1 include:spf.protection.outlook.com ~all

Yahoo: v=spf1 include:_spf.mail.yahoo.com ~all


When adding your SPF record to your DNS you will need to ensure that no other SPF records exist; you can only have one SPF record per main domain.

You will need to add as a TXT record type and paste the proper SPF record in the Value or Points to field when adding that TXT record.  

In the ‘Host’ or ‘Name’ field, you will either leave blank or insert the at symbol ‘@’ (this varies by domain host).

If there is a TTL, Interval, or Refresh Time, leave at default or select ½ hour, or 14400.

Please note, if your domain host is Wix, DO NOT ADD IN THEIR SPF SECTION, add as a TXT record as the rest of the world DOES NOT recognize their SPF DNS settings.


DKIM 

Creating DKIM keys is typically done in your email providers settings, below are links to those email providers specific steps:

Google Workspace:  https://support.google.com/a/answer/180504?hl=en

Office 365: https://lazyadmin.nl/office-365/configure-dkim-office-365/

Yahoo:  If you use Yahoo business email there does not appear to be any support to add DKIM keys.  If you run an Email Deliverability test, and the results show you do not have DKIM keys, you will need to reach out to Yahoo’s support to see if they can resolve for you.

If you are using a different email provider than one of the ones listed above, please consult with your email providers support for the proper steps to create DKIM keys.

When adding DKIM keys to your domains DNS records they will be added as a CNAME record type; be sure to follow your email providers instructions correctly.


DMARC

To comply with some email providers DMARC policies, you will need to add at least the basic DMARC record to your email domains DNS records as follows:

Type: TXT

Host:  _dmarc

Value: v=DMARC1; p=none



Hosting providers

Below is a list of some popular domain hosting providers and links to their specific steps to locate your domains DNS settings (if your domain host is not listed below, please consult with your domain host for specific instructions to find your DNS records):


Bluehost

https://www.bluehost.com/help/article/dns-management-add-edit-or-delete-dns-entries

Dreamhost

https://help.dreamhost.com/hc/en-us/articles/360056012291-Editing-or-deleting-custom-DNS-records

GoDaddy

https://www.godaddy.com/help/add-a-txt-record-19232

Hostgator

https://www.hostgator.com/help/article/how-to-change-dns-zones-mx-cname-and-a-records

Hostinger

https://support.hostinger.com/en/articles/1583249-how-to-manage-dns-records-at-hostinger

HostPapa

https://www.hostpapa.com/knowledgebase/update-an-txt-record-in-cpanel/

Ionos

https://www.ionos.com/help/domains/configuring-txt-and-srv-records/managing-txt-records

NameCheap

https://www.namecheap.com/support/knowledgebase/article.aspx/317/2237/how-do-i-add-txtspfdkimdmarc-records-for-my-domain/

Siteground

https://www.siteground.com/kb/manage-dns-records/

Squarespace

https://support.squarespace.com/hc/en-us/articles/360002101888-Adding-custom-DNS-records-to-your-Squarespace-managed-domain

Wix

https://support.wix.com/en/article/managing-dns-records-in-your-wix-account