SPF/DKIM/DMARC: Triad Email Deliverability
Email dari domain lo sampai ke spam? Probably 3 record DNS ini belum proper.
SPF (Sender Policy Framework)
Record DNS yang declare: "Server X.X.X.X authorized untuk kirim email atas nama domain.com."
Setup di TXT record:
v=spf1 include:_spf.google.com include:mailgun.org -all
-all = strict (anything not listed = reject)
DKIM (DomainKeys Identified Mail)
Cryptographic signature di header email. Receiver verify signature pakai public key yang publish di DNS lo.
Setup:
1. Generate key pair di mail provider (Gmail Workspace, Mailgun, AWS SES)
2. Publish public key di TXT record default._domainkey.domain.com
3. Mail provider pake private key buat sign outgoing email
DMARC (Domain-based Message Authentication)
Policy yang nentuin apa yang receiver harus lakuin kalau SPF/DKIM fail.
Setup di TXT record _dmarc.domain.com:
v=DMARC1; p=quarantine; rua=mailto:dmarc@domain.com; pct=100
p=quarantine = email yang fail check masuk spam folder (bukan reject langsung)
p=reject = strict (production-ready setelah test)
Common Mistake
- Lupa SPF: spam score auto-naik
- DKIM ga sign all outgoing: inkonsisten signature → fail
- DMARC
p=noneterlalu lama: ga ada effect, cuma observability
Tools Verify
- mxtoolbox.com/dmarc.aspx — check semua 3 record
- mail-tester.com — kirim email + dapet spam score
- dmarcian.com — DMARC report aggregator
Pengaruh ke SEO + Bisnis
- Email transaksional (forgot password, invoice) ga sampai = customer leave
- Newsletter masuk spam = open rate drop drastis
- Phishing impersonation lebih gampang kalau ga ada DMARC
Setup 30 menit, benefit lifetime.
📚 Sumber Resmi & Referensi
- DMARC.org — DMARC standard reference
- MX Toolbox — Cek SPF/DKIM/DMARC + email blacklist
- Mail Tester — Test email deliverability + spam score
🔗 Artikel Terkait
- SSL Certificate untuk Domain Indonesia: Free vs Paid — Pilih SSL cert tepat — Let's Encrypt gratis vs DigiCert/Sectigo berbayar, plus EV cert untuk e-comme
- Domain Hijack: Cara Lindungi Akses Anda — Vector hijack — social engineering ke registrar, expired domain, DNS poisoning. Plus hardening.
- Audit Domain Bulanan: Checklist 12 Signal — Routine audit kesehatan domain bisnis — 12 signal cek, frekuensi, dan tools yang dipake.