New Requirements for Sending Emails

Email providers are becoming increasingly strict about how commercial messages are handled. To protect users from spam and phishing, many providers now enforce authentication standards that determine whether your email gets delivered to the inbox — or blocked before it arrives.

If you send emails through Web Form Builder forms, S-Drive forms, or Email Designer, these requirements apply to you. To ensure reliable delivery, your emails must:

  • Use a “from” address tied to a domain you own.
  • Have that domain configured with a valid SPF record.

Without these updates, your messages may be marked as spam, flagged with warnings, or rejected entirely.

Why SPF Matters

SPF (Sender Policy Framework) is an email authentication standard that tells receiving mail servers which systems are authorized to send mail on behalf of your domain. Think of it as a published “allow list” for your outgoing mail.

When SPF is set up correctly:

  • Your emails are more likely to reach inboxes.
  • Providers can verify that your messages are legitimate.
  • Your domain reputation stays strong, helping all of your emails perform better.

In short, SPF helps prevent your email from being marked as spam or getting rejected by receiving email servers. You set up SPF by adding an SPF DNS TXT record (SPF record) to your domain.

An SPF record is a line of text that you add to your domain. The line of text uses special syntax and lists all the servers that are allowed send email for your domain. Here’s an example SPF record:

v=spf1 include:_spf.google.com ~all

If you send emails through S-Drive forms, you need to add CoffeeCup as valid email sender.

If you send emails using Email Designer with your email service provider, you need to add an SPF record based on instructions from your email provider.

Setting up SPF for S-Drive forms.

In order for emails to be delivered successfully through S-Drive forms, you need to use a valid from address based on a domain you own (e.g. a "from" address of bob.smith@gmail.com won't work).

Once you have a domain to use as your "from" address, you'll need to add an SPF record to allow CoffeeCup to send emails on behalf of your domain.

If you don't already have an SPF record, create a new one that looks like this:

v=spf1 include:newsletter.coffeecup.com -all

If you already have an SPF record, add CoffeeCup to it (don't create a second SPF record). For example, if you already have an SPF record like this:

v=spf1 include:_spf.google.com -all

Change it to:

v=spf1 include:newsletter.coffeecup.com include:_spf.google.com -all

(make sure "-all" is at the end of the string, not somewhere in the middle!)

DMARC Record

Although not usually required for low volume senders, it's a good idea to have a DMARC record. Domain-based Message Authentication, Reporting, and Conformance (DMARC) is a method of email authentication to validate mail sent from your organization.

A DMARC record helps prevent spoofing (spammers using your domain to send spam).

A DMARC record is used to specify what to do when an email fails validation. This is specified with the "p=" parameter. The type of validation to be done is specified with the "fo=" parameter.

Optionally specify email addresses for failed email reporting. If you want to know about email delivery failures, set up the reporting addresses.

Here's an example DMARC record for joescoffeeshop.com.

record type: TXT

Hostname: _dmarc.joescoffeeshop.com

Value: v=DMARC1; p=none; rua=mailto:agg@joescoffeeshop.com; ruf=mailto:for@joescoffeeshop.com; fo=s;

This DMARC record specifies:

  • No action is taken when validation fails.
  • Summary failure reports are sent to agg@joescoffeeshop.com
  • Detailed failure reports are sent to for@joescoffeeshop.com
  • Validate the SPF record.
Failure Actions, "p=" parameter
  • p=none - don't do anything other that reporting.
  • p=quarantine - send to junk folder.
  • p=reject - reject email (end user won't see it)

It's best to use p=none when setting up a new DMARC record to allow familiarization with the overall process and DMARC reports. You'll want some time to correct email delivery errors to avoid quarantining or rejecting legitimate email.

Reporting options

- rua=mailto:agg@joescoffeeshop.com - send summary report to address specified

- ruf=mailto:for@joescoffeeshop.com - send detailed report to address specified.

Configuring type of validation to be done
  • fo=s - verify SPF record. This is the check SPF option for low volume senders.
  • fo=d - verify DKIM record.
  • fo=0 - check both SPF and DKIM records, fails if authentication fails for both SPF and DKIM.
  • fo=1 - check both SPF and DKIM records, fails if authentication fails for either SPF or DKIM.

Here's a handy wizard you can use to generate a DMARC record for your domain.