Skip to main content

Set Up SPF and DKIM for Email Delivery

Updated this week

When you email your supporters through Bloomerang CRM, you can use a custom sender address from your organization's domain. For example, if your domain name is example.org, you might email supporters from an address such as [email protected].

Before Bloomerang CRM can send emails on behalf of your organization's custom domain, you must configure email authentication. Authentication is how your organization proves your emails come from your organization's domain and are not fraudulent. Email authentication helps protect your organization and supporters from phishing and spoofing attempts, and it also helps reduce spam.

You must set up three types of required email authentication:

  • Sender Policy Framework (SPF)

  • DomainKeys Identified Mail (DKIM)

  • DMARC

This is a technical task, which means you might need help from your IT support provider. In this article, we’ll help get you started.

Note: Follow the steps in this article only if your organization uses a sender address from your own domain in Bloomerang CRM email templates.

If you send emails in Bloomerang CRM from a personal email service provider (@gmail.com, @yahoo.com, @comcast.net, or others), you don't have to follow the steps in this article. Personal email service providers handle SPF and DKIM authentication for you.

About SPF and DKIM

Sender Policy Framework (SPF) tells email service providers which servers are authorized to send email for your domain.

DomainKeys Identified Mail (DKIM) adds a cryptographic key (a digital signature) to your emails. The key tells mailbox providers that the server for your domain generated the email.

SPF and DKIM have these benefits:

  • Supporters are more likely to receive your emails. When your domain uses SPF and DKIM, your email reputation score is more likely to be high. This means that email service providers that your supporters use are more likely to deliver your email.

  • You protect your organization and supporters. It’s less likely that scammers can impersonate your domain name and organization.

If you don’t set up email authentication, your supporters might not receive your emails. As your email reputation score decreases, email service providers might mark your emails as spam, or even bounce or block them.

SPF and DKIM work together with DMARC, another required email authentication method. When you set up SPF, DKIM, and DMARC, mailbox providers know that Bloomerang, and our email provider SendGrid, are authorized to send emails on your behalf and the email is legitimate.

Google and Yahoo Requirements for Bulk Senders

As of February 1, 2024, Google and Yahoo require bulk senders to follow requirements meant to increase email security and reduce spam. To comply, your organization must set up both SPF and DKIM. Other email service providers might have similar requirements. If you previously set up SPF and DKIM, you don’t need to change those records to comply with these requirements.

Google and Yahoo also have other requirements for bulk senders, including DMARC and the spam complaint rate.

For detailed information, read Google and Yahoo Requirements for Bulk Email Senders.

Set Up SPF and DKIM

Setting up SPF and DKIM are technical tasks that require you to edit the DNS settings for your organization's domain.

Important: Keep in mind you must configure these settings on your own outside of Bloomerang CRM. Only you can log in to your domain provider account to make these changes. If you’re not comfortable editing your organization's domain settings, ask your domain provider or IT support provider for help.

Step 1: Send a Test Email

Send an email message to a test site that checks for email deliverability issues. We recommend https://www.mail-tester.com.

Make sure to send the test email from your usual email tool, not from Bloomerang CRM. We recommend that you use an email address from your organization's domain rather than a personal email address.

  1. Go to https://www.mail-tester.com.

  2. Copy the email address that appears. Keep this page open.

  3. Open your preferred email tool and create a new email message.

  4. In the email message, paste the email address that you copied from mail-tester.com into the To field.

  5. Send the email.

  6. Go back to the https://www.mail-tester.com page and click Then Check Your Score.

  7. In the results, look for a section that mentions the sender email addresses. If this section has a red number, expand the section.

    email_mail-tester.png

  8. In the Sender ID section, copy the suggested SPF record. You’ll use this record in Step 3.

    email_mail-tester_spf_change.gif

Step 2: Identify Your Domain Name Provider

You need to know who your domain name provider is to edit the SPF record. You’ll need login info, too. If you already know this information, go to Step 3.

  1. Go to https://mxtoolbox.com/DNSLookup.aspx.

  2. Enter your domain name.

  3. Click DNS Lookup. Your domain name provider (DNS hosting provider) appears. Note this information because you’ll use it in Step 3.

    dnslookup.png

Step 3: Add an SPF Record

Set up your SPF record with a specific include statement to authorize SendGrid to send emails on your behalf and to use BCC to Bloomerang.

Note: The steps you take to update SPF records depend on your domain name provider. To help you get started, we provide general instructions. For detailed instructions, go to https://www.mail-tester.com/spf/ and select your domain name provider.

To add or edit an SPF record:

  1. Log in to your domain provider account.

  2. Open the page where you manage domains and DNS settings.

  3. Find the SPF TXT record for your domain.

  4. If you don’t have an SPF TXT record, create one. Create a new SPF record only if one doesn't already exist.

  5. If you’re editing an existing SPF record:

    1. Add the following to the Value field:
      include:sendgrid.net

    2. If Step 1 showed you needed a sender ID, add that to the Value field as well:
      v=spf1 [Sender ID value] include:sendgrid.net ~all

  6. If you’re adding a new SPF record:

    1. Enter the following in the Value field:
      v=spf1 include:sendgrid.net ~all

    2. If Step 1 showed you needed a sender ID, add the sender ID to the Value field as well:
      v=spf1 [Sender ID value] include:sendgrid.net ~all

  7. Verify that the final SPF record looks like this:

    Example TXT SPF record


    Note: Your SPF record might contain other include statements, which is ok. Don't include a space in the include:sendgrid.net part.

  8. Save the record.

  9. Wait 24 hours before you send a test email. These changes need time to spread across the internet.

Step 4: Add a DKIM Record

DKIM records include the cryptographic key used to sign your outbound emails. DKIM records are part of the DNS records in your domain settings.

When you’re ready to add a DKIM record, email [email protected]. We’ll give you the information to include in your DKIM record. To add the record, you must log in to your domain provider account, which only you can do. Bloomerang CRM cannot add the DKIM record for you.

Note: The steps you take to update DNS records depend on your domain provider. To help you get started, we provide general instructions. For detailed instructions, search for DNS management information from your domain account provider. For example, Wordpress, Wix, and Squarespace provide instructions:

To add a DKIM record to your DNS settings:

  1. Email [email protected] and request DKIM information. The Bloomerang Support team emails you this information:

    • Record Type — CNAME

    • Host — Your domain information. Example: s1._domainkey.example.org

    • Value — Sendgrid information. Example: s1.domainkey.u123456.wl123.sengrid.net

  2. Log in to your domain name provider account.

  3. Open the DNS settings.

  4. Add a new CNAME record.

  5. In the CNAME record, add the information that Bloomerang Support provided.
    Important: You must add the host and value information exactly. Do not include any extra spaces or characters.

  6. After you add the CNAME record, email [email protected] so we can verify it’s correct in SendGrid.

Step 5: Test Email Delivery

Before you send your next bulk email, make sure your emails will be delivered:

  1. Go to https://www.mail-tester.com and copy the email address.

  2. Open an email template in Bloomerang CRM.

  3. Click Send Test to open the Send Test Email pane.

  4. Paste the email address from Mail-tester.com in one of the fields and click Send.

  5. Go back to https://www.mail-tester.com and click Then Check Your Score.

Make sure to also check that Bloomerang will work:

  1. Go to https://www.mail-tester.com. Copy the email address.

  2. Send an email from your usual email tool (not from Bloomerang CRM) to the email address from Mail-tester.com. Then check the Mail-Tester.com results.

    • Success: In the authentication section, the SPF settings pass.

  3. Forward an email from a constituent using BCC to Bloomerang. See Upload Non-Bloomerang Emails to Constituents or more details.

    • Success: The email interaction is added to the constituent’s timeline.

Next Steps: DMARC and Spam Rate

Other factors besides SPF and DKIM affect your email reputation score and email deliverability.

You must also:

  • Set up DMARC if you email more than 5,000 addresses daily in Bloomerang CRM, and you use a custom sender address from your organization's domain. For information, read Set Up DMARC.

  • Monitor your spam complaint rate. Keep your spam complaint rate below 0.3% (three or fewer spam complaints for every 1,000 sent emails). For more information, read Monitor Your Spam Complaint Rate.

Related

Did this answer your question?