Improve Email Score – Prevent Email going into SPAM in WordPress

Are your emails going to the spam folder of the receiver email box? and Still you have not set up SPF, DKIM, and DMARC protocol in your server, then this guide is for you. In Today’s day, Every Web Server should set up SPF, DKIM, and DMARC protocols; otherwise, your email will go in the SPAM folder, and you will never reach your email subscribers.

What are SPF, DKIM & DMARC?

SPF, DKIM & DMARC are authentication mechanisms or protocols that ensure you are a legitimate email sender. They ensure that no spammers are sending emails on behalf of your domain. Suppose you own a prashantwp.com domain; then your server is only legitimate to send email from support@prashantwp.com, no one other.

Setup SPF

SPF stands for Sender Policy Framework. Your domain SPF record tells the email receiver which servers are eligible to send mail on behalf of your domain. It is used to determine sender server is authenticated to send an email on behalf of the given domain.

To set up SPF, You should add the below record to your DNS server.

  • Type: TXT
  • Name: domain.com
  • TTL: Auto
  • Content: v=spf1 ip4:172,76.0.9 ip6:2001:0000:3238:DFE1:63:0000:0000:FEFB include:_spf.google.com ~all

In the above SPF DNS record content, The v=spf1 substring is indicating the SPF protocol version.

In the above SPF DNS record content, The ip4:172,76.0.9 substring is indicating your server’s IPv4 IP address.

In the above SPF DNS record content, The ipv6:2001:0000:3238:DFE1:63:0000:0000:FEFB substring is indicating your server’s IPv6 IP address.

In the above SPF DNS record content, The include:_spf.google.com is indicating google is allowed to send an email on behalf of your domain. It is useful if you are using any third-party mail service. I am using Google WorKPlace for my mailbox. If you are using any third-party mailbox service, You should mention its SPF record’s address here.

In the above SPF DNS record content, The ~all substring is indicating all other email sender servers should be SPF soft fail. If you write -all instead of ~all, Then It indicates all other email sender servers should be SPF hard fail. You can write +all substring But I am not recommending it because It makes valid all other servers to send emails on behalf of your domain.

For more details about SPF records content, Please visit the https://postmarkapp.com/blog/explaining-spf.

Setup DKIM

DKIM stands for DomainKeys Identified Mail.

To set up DKIM, You need to generate public-private Public key pair. The DKIM mechanism.

The public key is published by DNS record. The Private key is used to generate a HASH of the content of the email. The Hash is going with email in header form. The receiver mailbox received mail hash and content, and It verifies the Hash is right.

DKIM ensures that no one has changed the content of an email between sender and receiver. DKIM saves you from email spoofing.

Generate Public Private Key Pair

You can generate public-private key pair in Putty Gen software in Windows Operating System. You can generate a public-private key pair SSH KeyGen in Mac and Linux Operating Systems. You can generate public-private key pair on the https://cryptotools.net/rsagen online without any utility.

Set up DKIM public key DNS record

The TXT DNS record name should be _selector.domain.com. Here, I am choosing selector phpmailer so that the DNS record name would be _phpmailer.domain.com. The TXT DNS record content would be your generated public key.

To set up DKIM, You should add the below record to your DNS server.

  • Type: TXT
  • Name: _phpmailer.domain.com
  • TTL: Auto
  • Content: v=DKIM1;t=s;p=public_key_string

In the above DNS record content, The v=DKIM1 substring is indicating the DKIM protocol version.

In the above DNS record content, The t=s substring is indicating the timestamp version. Its value can be anything.

In the above DNS record content, The p=public_key_string substring is indicating the public key. Do not forget to replace the public_key_string with an actual public key that we have generated.

Sign an Email with DKIM Private Key in WordPress

To Sign with DKIM private key, please add the below code snippet in the root/wp-content/mu-plugins/dkim-sign-email.php

<?php
add_action( 'phpmailer_init', function( &$phpmailer ) {
	$phpmailer->DKIM_domain = 'prashantwp.com';
	$phpmailer->DKIM_selector = 'phpmailer'; // Replace phpmailer with your DKIM selector.
	$phpmailer->DKIM_private_string = 'private_key_string'; // Replace private_key_string with actual private key you generated
	$phpmailer->DKIM_passphrase = '';
	$phpmailer->DKIM_identity = $phpmailer->From;
} );

Setup DMARC

DMARC stands for Domain-based Message Authentication Reporting and Conformance.

DMARC tells the mailbox what to do if SPF and DKIM fail to meet the criteria. To set up DKIM, You have just to set up a DNS TXT record.

To set up DMARC, You should add the below record to your DNS server.

  • Type: TXT
  • Name: _dmarc
  • TTL: Auto
  • Content: v=DMARC1; p=none; rua=mailto:youremail@email.com

In the above DNS record content, The v=DMARC1 substring is indicating the DKIM protocol version.

In the above DNS record content, The p=none substring is indicating the policy what to do if SPF and DKIM fail to authenticate. There are three values of the policy:

  • Diffrent DMARC policies:
    • none: No action taken if the SPF and DKIM policy is not passed in the receiver mailbox.
    • quarantine: If receiver mailbox has setup quarantine setting, The email is send to it otherwise it goes to the spam folder, If the SPF and DKIM of an email doen’t pass.
    • reject: The email goes to the spam folder, If the SPF and DKIM of an email doen’t pass .

In the above DNS record content, The rua=mailto:youremail@email.com substring indicates the email address to send all DMARC activity to the given email address. Do not forget to change youremail@email.com with your actual email address.

Besides these DMARC arguments, There are other DMARC DNS record arguments are also exist. DMARC All DMARC arguments are listed on the Google DMARC record document.

Setup List Unsubscribe Header in Email

Add below headers in the sending emails:

$header .= "List-Id: PrashantWPMain \r\n";
$header .= "List-Owner: <mailto:prashant@prashantwp.com> \r\n"
$header .= 'List-Unsubscribe-Post: List-Unsubscribe=One-Click \r\n';
$header .= 'List-Unsubscribe: <mailto:prashant@prashantwp.coms?subject=Unsubscribe>';

Please do not forget to change my email addresses with your email addresses.

Leave a Reply

Your email address will not be published. Required fields are marked *

Prashant Baldha