Fastmail customers using custom domains have seen an increase in outgoing messages arriving in Gmail spam folders. Learn how to avoid this by properly setting up DKIM and SPF for your domain.
Recently, we’ve noticed an increase in support tickets regarding messages sent from some Fastmail accounts arriving in the spam folders of their recipients, largely when the recipients use Gmail as their email provider.
While there’s no single root cause for this and therefore no guaranteed solution, we’ve noticed that many of the affected accounts are using custom domains that don’t have all the necessary DNS (Domain Name System) records added to them. Custom domains are unique domains owned by you that can be used to send mail — ([email protected]) instead of one of our company’s generic addresses ([email protected]).
We’ve made some changes to our product to make it easier to see if you’re affected by this. You’ll be able to see if your custom domain needs any DNS records to be changed or added. Making these changes will decrease the likelihood that email you send will go to the recipient’s Spam folder.
If you compose a message in our interface from a sending identity at an affected custom domain, you will see a banner informing you of the issue.
You can also check each of your custom domains on the Settings → Domains screen of your account. We have added a new section called “Needs Attention.” If your domain is listed in this section, it needs DNS records to be changed or added to reduce the chance of mail you send ending up in your recipient’s spam folder.
You can see instructions for adding any necessary DNS records by clicking “Edit” on your domain.
You’ll need to add these records at your DNS host. Usually, this will be the service where you bought your domain. If you’re unsure of where your DNS is hosted, contact our support team and they’ll be able to help you figure it out.
Every email provider runs unique software to test whether a message is spam or not. These systems are complex, so it’s not always clear why some messages might be marked as spam while others are not, or why there might suddenly be a change in what kinds of messages are being marked as spam.
Recently, we have noticed more outgoing messages arriving in spam when being sent to Gmail accounts. Gmail, like other email services including Yahoo, Outlook, and AOL, uses standards like DKIM and SPF to help decide whether to put a message in the Spam folder. In many cases, this mail was sent from email addresses at custom domains that are not properly signed by DKIM or SPF, two methods of authenticating emails that help other email providers see the message hasn’t been forged and is less likely to be spam.
We don’t always know why messages go to spam at other services, as we don’t have access to their proprietary spam scanning tools. We’re continuing to investigate and make adjustments to mitigate the issue.
DKIM (DomainKeys Identified Mail) is a mail authentication method that is designed to tell recipient mail servers whether an email has been forged. Message forging is a type of phishing attack, where a bad actor rewrites an email to make it look as though you sent the email, even when you had nothing to do with it. This would be similar to if an attacker wrote your name and address in the “return to sender” section of a physical envelope.
With DKIM enabled for your domain, your messages will be signed with a digital signature that helps the recipient server tell whether your emails are legitimately sent by you.
SPF (Sender Policy Framework) is another email authentication method. Like DKIM, it also provides a way for recipient servers to better tell whether messages from your domain are legitimate or not. DKIM and SPF are both ways of authenticating mail, but DKIM is a signature embedded in the message, while SPF is server-to-server communication. When SPF is set, you tell the internet that email from your domain is authorized to come from Fastmail’s servers. This grants another level of authenticity to your email because recipient servers will verify emails coming from the servers that you have authorized to send for you.
Setting up all DNS records necessary to authenticate email from your custom domain will help your mail stay out of your recipient’s spam folder. We’ve written instructions for a range of providers to help you set them up. However, since every DNS host has different instructions, if you need assistance adding the records necessary to enable DKIM and SPF for your domain, we recommend reaching out to your domain host, as they will have the most accurate information for using their service.
You can check to see if you have set this up correctly in Fastmail on the Settings → Domains screen. On this screen, you will see a large button saying “Recheck DNS” for each of your custom domains. You can click this, and if the domain moves to Active, you are good to start sending mail from your custom domain. If not, you will need to check that you’ve added the records correctly. Otherwise, your messages may still run the risk of landing in the recipient’s Spam folder.
While setting DKIM and SPF are not guarantees that your email will never go to Spam, checking that they have been set up correctly is one of the best things you can do to ensure that your email is delivered.
If you don’t have a website at your domain, you can choose to host your domain with Fastmail, and we’ll set these records for you. Having Fastmail host your domain is easier than setting DKIM and SPF yourself, and we’ll keep all these records up to date for you.
It’s important not to change your domain’s nameservers to point to Fastmail if you do have a website, as this will break your website.
In order to best serve our customers being affected by this issue, we have:
We’re also continuing to reach out to other mail providers to find out more about what’s causing messages to go to spam and to resolve these issues.
If you have difficulty setting DNS records for your domain, your domain host will be best placed to answer any questions about using their interface. If you have questions or problems with anything else, read our help pages or contact our support team.
You may still be tracked even while using a “private” window like Incognito or VPN. Here are the best private browsers to protect your privacy.
Introducing nine privacy-friendly tools to control more of the information you are sharing with third parties.