How to fix emails being spammed or spoofed

The purpose of this article is to help you understand: 

• Different reasons why emails are marked as spam or spoofed

• How to add an SPF record to prevent emails from being spammed

• Configuring your DKIM settings to prevent emails from being spoofed

• Add DMARC records in DNS settings to handle suspicious emails

Why are my emails being marked as spam?

There are many reasons why an email may be marked as spam.

Most commonly, emails will go into the spam folder because the recipient marked them as "spam".  This may be intentional or accidental.  If enough users mark your emails as spam, this can result in spam filters flagging your email address and putting it into spam automatically. This means it is important to stay on top of emails that have been marked as spam, as there is little you can do once emails begin automatically sending to the spam folder directly.

Another reason may be the recipient's inbox settings. Depending on the email client, certain emails may be sent to spam if they are not added to the recipient's contact list.  There could also be security measures that spam emails containing too many "Spam Triggers" in the body or subject line.  For example, subject lines starting with "RE:" or "FW:", or containing highly personal questions like "Did you see this message about [topic]?" or "Can you give me a call at [number]?" can trigger spam filters.  

A similar issue is when an email client identifies an email as having been "spoofed".  Email spoofing is a technique used in spam to forge the email header so that the client's software displays a fraudulent sender address that appears to be from someone the user is familiar with. Emails can be "spoofed" accidentally when emails are sent from a different email address than the one in the "From" field.  

However, there are several things you can do to ensure emails are making it into your customers' inboxes:

• Use a domain email as the sender email ID, instead of using public domains like Gmail, Yahoo, etc. 

  • For example, instead of using "demo2llc@gmail.com" for your sender email, use an email like "info@demo2llc.com".

• Add an SPF record to the email domain to authenticate the email source

• Configure your DKIM settings to add an extra level of security to your emails

• Add DMARC records in DNS to handle suspicious emails

Use a Domain Email

One of the reasons your emails may be marked as spam is because you are using a public domain email address from hosts like Gmail, Yahoo, Outlook, AOL, etc.

For example, Gmail will push emails from public domain addresses to the spam folder and will warn the recipient that "this message seems generous" if the contact is not already added to their contacts list.

Additionally, using a public domain makes it more difficult for your customers to recognize your business, making it less likely they will open your emails.  Many email servers use email engagement as a basis for how to deliver messages. If your business's emails remain unopened, the server could start denying future emails from arriving in their inbox.

The best way to avoid these sorts of issues is to use a domain email address for your business.

If you already have a third-party website, check in with your host to see if they offer custom domain email services. Most do! You can also use the links below to explore additional options if you do not have a custom domain.

Click here to set up a professional email address with Google Workspace.

Click here to set up a business email hosted by GoDaddy.

Click here to see business email packages by Microsoft 365.

Add/Update an SPF Record

A Sender Policy Framework, or "SPF" for short, is an email validation standard designed to prevent email spoofing.  To set this up, you will publish a TXT record to the DNS configuration of your domain. This process varies depending on which web host you use.

Click the links below to view how to add an SPF record for some of the most common DNS/web hosts.

• Amazon

• GoDaddy

• DreamHost

• Cloudflare

• HostGator

• Namecheap

• Names.co.uk

• Wix

If your domain doesn't have an existing SPF record, you can publish a new TXT record in your DNS Records. 

1. For the record type, select TXT (SPF is a type of TXT record).

2. For the name, enter "@" or leave it blank (this depends on your domain host).

3. For the value, enter "v=spf1 include:amazonses.com ~all"

   1. If you would like to authenticate emails from multiple domains, you can enter each domain separated by a space

   2. For example: "v=spf1 include:demo2llc.com include:amazonses.com ~all"

Once the record has been updated/added and saved, it can take up to 48 hours to update globally.  

Configure DKIM settings

If you are using a domain email address, you can configure your DKIM settings to help with verifying your sender email address.  This makes it less likely for the email to be marked as "spam".  If you would like to generate and configure your DKIM settings, please follow the steps below.

1. Email us at support@bookingkoala.com to let us know if you would like to generate and configure your DKIM.

2. One of our developers will generate the records and send you a .CSV file containing CNAME records.

3. Download the .CSV file.

4. Login to your domain's hosting dashboard and locate the section where you can edit your DNS.

5. Copy the DNS records from the .CSV file you downloaded and then add them to the DNS settings.

6. Once the settings are populated, any further emails being sent out will not go into spam unless an email from your site is manually "spammed" by the client. 

Please note: It normally takes anywhere from 4 to 6 hours up to 72 hours for the DKIM settings to become verified.  

Add DMARC records in DNS settings

Domain-based Message Authentication, Reporting and Conformance (DMARC) is an email authentication protocol that uses Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) to detect email spoofing and phishing. In order to comply with DMARC, messages must be authenticated through either SPF or DKIM, but ideally, when both are used with DMARC, you'll be ensuring the highest level of protection possible for your email sending.

Follow the guidelines below to add DMARC records.

1. Login to your domain hosting and go to DNS settings

2. Select Add New Record, and then enter the following details:

   • Type: Select TXT.

   • Name: _dmarc or _dmarc.yourdomain

   • Value: v=DMARC1; p=quarantine; pct=100; rua=mailto:jane@yourdomain
     Replace jane@yourdomain with the email address where you would like to receive notices about DMARC. We recommend using an email address that belongs to the administrator or owner of your domain.

Make sure to change "yourdomain" to your business domain like bookingkoala.com.

The value of the DMARC TXT record includes a “p=” parameter. The p stands for “policy.” When an email appears to be from your domain but doesn’t contain the correct information, you can use 1 of 3 policies to define how that email gets handled:

1. p=none: The receiving email server performs no action against unauthenticated email but instead sends a report to an email listed in the mailto: address on the DMARC record.

2. p=reject: The receiving email server denies and blocks unauthenticated email.

3. (Recommended) p=quarantine: The receiving email server quarantines unauthenticated email (for example, sending them to a junk or spam folder instead of an inbox). 

Still Need Assistance? 

If you have tried all three approaches and your emails are still being spammed or spoofed, please email us at support@bookingkoala.com so we can take a closer look.