On May 20th Katrina, our primary contact for New Mexico Center on Law and Poverty, entered a ticket concerning Sireesha’s email. Sireesha is the Director of Poverty Law. She had recently been informed, from more than one individual, that many if not all of her emails, had been redirected to the recipients SPAM folder.
I began looking into this matter. From previous experience, I began by checking into their MX Records. MX Records are information stored in the Internet’s DNS servers that help route email messages from the sender to the recipient. While the primary MX records were all correct, I was primarily interested in their SPF records. These help validate the sender, to help cut down on SPAM and other false emails.
Poverty Law, in fact, had three SPF records; only one is allowed. One of the records was correct, the other two were left over from previous email providers most likely.
We have the logon credentials for their DNS registrar, so I logged into their site. I removed the two extraneous SPF records.
A second round of MX Record checks, showed that the multiple SPF Record issue was no longer being reported. There were additional flags, which had also appeared on the first report, but were of lesser concern than the SPF record. The scans were indicating that there were no DKIM records setup for their domain. DKIM, DomainKeys Identified Mail, is an email authentication method designed to detect forged sender addresses in emails (email spoofing), a technique often used in phishing and email spam.
I logged into the clients Google Admin account and then to the GMail app management console. There I was able to generate the DKIM encryption key needed. I took that key back over to their DNS Registrar site and created a new DNS TXT entry using the encryption key.
I had to allow about an hour to pass after making these changes, to allow them to propagate throughout a majority of the Internet’s DNS servers. After that period of time I ran the MXToolbox scans again and now found no serious issues listed.
Next I added a _DMARC record to their DNS listings. DMARC stands for Domain-based Message Authentication, Reporting, & Conformance. Using DMARC, companies that send mail can:
- Authenticate all legitimate email messages and sources for their email-sending domains, including owned and third party domains.
- Publish an explicit policy that instructs mailbox providers how to deliver or dispose of messages that are determined to be inauthentic.
- Gain intelligence on all use of their domains in email messages from across the internet.
At this point I contacted Katrina and asked her to contact clients over the next several days and see if emails were still being redirected to their SPAM folders.