If you’ve ever asked yourself “Why aren’t our emails reaching customers?” or “Why are our newsletters landing in spam?”, you’re not alone.
Email deliverability is one of those topics that sounds technical, feels intimidating, and often gets ignored until something goes wrong. And when it does go wrong, it can quietly hurt your sales, customer relationships, and brand reputation.
One of the most common areas of confusion we hear from businesses is this:
“What do DNS records have to do with email deliverability?”
Let’s answer that — clearly, honestly, and without jargon.
What exactly are DNS records, and why do they matter for email?
DNS (Domain Name System) is often described as the phone book of the internet. When someone types your website address or sends you an email, DNS records tell the internet where to send that request.
For email specifically, DNS records help answer questions like:
Is this email really coming from this domain?
Is this sender allowed to send on behalf of this business?
What should we do if something looks suspicious?
Without the right DNS records in place, email providers like Google, Microsoft, and Yahoo have no reliable way to trust your messages. And when they don’t trust them, they filter them, quarantine them, or block them altogether.
That’s where SPF, DKIM, and DMARC come in.
“What is SPF, and do we really need it?”
SPF (Sender Policy Framework) is the first layer of email trust.
In simple terms, SPF tells the world which email servers are allowed to send emails using your domain.
Why SPF exists
Imagine someone sending emails pretending to be your company. Without SPF, email providers have no way to know whether that sender is legitimate.
With SPF, your DNS record says something like:
“Only these approved servers are allowed to send email for my domain.”
What businesses often ask
“We only use Microsoft 365 / Google Workspace. Isn’t that enough?”
Not quite.
If you use:
- Marketing tools (Mailchimp, HubSpot, ActiveCampaign)
- CRM systems
- Website contact forms
- Ticketing or invoicing systems
….then all of those services send email on your behalf and must be included in your SPF record.
“What happens if SPF is missing or wrong?”
- Emails may go to spam
- Emails may be rejected outright
- Someone else could spoof your domain
SPF alone doesn’t stop all abuse, but without it, you’re already starting from behind.
“What is DKIM, and how is it different from SPF?”
If SPF is about who is allowed to send, DKIM (DomainKeys Identified Mail) is about proving that the message hasn’t been altered.
DKIM adds a digital signature to each email you send. The receiving mail server checks that signature against a DKIM record in your DNS.
If it matches, the email passes. If it doesn’t, trust drops immediately.
A simple way to think about DKIM
SPF is like checking the return address on a letter.
DKIM is like checking that the envelope hasn’t been opened or tampered with.
Both matter.
Common business question
“If SPF passes, do we still need DKIM?”
Yes — absolutely.
Modern email providers expect both. Many spam filters weigh DKIM more heavily because it confirms message integrity, not just the sending server.
Benefits of DKIM for businesses
- Improves inbox placement
- Protects brand reputation
- Helps prevent email spoofing
- Builds long‑term sender trust
Without DKIM, even “legitimate” emails can look suspicious.
“What is DMARC, and why does everyone say it’s important?”
DMARC is the piece that ties everything together.
DMARC (Domain-based Message Authentication, Reporting & Conformance) tells receiving servers what to do if SPF or DKIM fails.
Instead of leaving the decision up to the inbox provider, DMARC gives clear instructions.
DMARC answers three critical questions
- Should we allow, quarantine, or reject failed emails?
- How strictly should SPF and DKIM be checked?
- Where should reports be sent?
Typical DMARC policies
- None – Monitor only (no enforcement)
- Quarantine – Send suspicious emails to spam
- Reject – Block failed emails completely
“Isn’t DMARC risky?”
This is a very common concern.
“If we turn on DMARC, could it break our email?”
If done incorrectly, yes.
If done properly, it’s one of the best things you can do for email security and deliverability.
That’s why most businesses start with a monitoring policy, review reports, fix issues, and then move toward enforcement.
“What are DMARC reports, and should we care about them?”
DMARC reports are detailed feedback from email providers showing:
- Who is sending email using your domain
- Which messages pass or fail SPF and DKIM
- Whether someone is attempting to spoof you
For many businesses, these reports are the first time they discover:
- Unknown systems sending email
- Old services still active
- Malicious abuse of their domain
Why DMARC reports matter
- They reduce blind spots
- They prevent brand impersonation
- They improve long‑term deliverability
Even if you don’t read the raw reports yourself, having them generated is essential.
“Can DNS really affect sales and customer trust?”
Short answer: Yes — significantly.
When emails don’t get delivered:
- Leads don’t respond
- Invoices aren’t seen
- Password resets fail
- Support tickets go unanswered
Worse still, when someone impersonates your domain:
- Customers lose trust
- Your brand looks careless
- Your domain reputation drops
Proper DNS authentication protects both revenue and reputation.
“Is this just for large companies?”
Not at all.
In fact, small and mid‑sized businesses are often targeted more, because their email security is usually weaker.
Email providers don’t give “free passes” to smaller senders. If anything, they scrutinise them more.
Whether you send:
- 50 emails a month or 50,000
- Marketing campaigns or just transactional emails
SPF, DKIM, and DMARC still apply.
“Who should be responsible for this in a business?”
Another common question we hear is:
“Is this IT’s job or marketing’s job?”
The honest answer is: both.
- IT typically manages DNS
- Marketing and operations use email tools
The best results come when:
- Everyone understands what’s sending email
- DNS records are kept up to date
- Changes are reviewed, not guessed
Email authentication is not a “set it and forget it” task — it evolves as your systems evolve.
“What’s the biggest mistake businesses make with DNS and email?”
By far, the biggest mistake is doing nothing.
Many businesses assume:
- “If emails are sending, it must be fine”
- “Our provider handles that”
- “We’ll deal with it later”
Unfortunately, deliverability problems often show up after damage is done — when trust is already lost.
Final Word: Why DNS Is the Foundation of Email Deliverability
If there’s one takeaway from all of this, it’s this:
Email deliverability starts with DNS, not design or content.
You can write the perfect email, at the perfect time, with the perfect offer — but without SPF, DKIM, and DMARC in place, there’s no guarantee it will ever be seen.
By setting up and maintaining the right DNS records, businesses can:
- Improve inbox placement
- Protect their brand
- Prevent spoofing and abuse
- Build long‑term trust with email providers
And most importantly, they can ensure that when they send an email, it actually reaches the people it’s meant for.
How can ESP Projects help?
ESP have been working with businesses across the UK since 2002. Since then, we’ve always needed to understand DNS and how it works. Especially when it comes to DNS Configuration for Email. If your business is suffering with emails not getting to their intended target, then pick up the phone. We should be able to resolve the problem in just a day or so. Call us on 03302020101 or Book a Free Consultation
