How to Set Up Zoho Mail for Optimal Email Delivery

Setting up Zoho Mail for your business is a crucial step in establishing a professional online presence and ensuring reliable email communication. However, simply setting up an account isn’t enough. Optimizing your configuration for deliverability is key to ensuring your emails reach your recipients’ inboxes and not their spam folders. This article will guide you through the essential steps to configure Zoho Mail for optimal email delivery, covering SPF, DKIM, DMARC, and other crucial settings.

Setting Up SPF Records

Sender Policy Framework (SPF) is an email authentication method that helps prevent spammers from sending messages on behalf of your domain. By creating an SPF record in your domain’s DNS settings, you specify which mail servers are authorized to send emails using your domain. This tells receiving mail servers that if an email originates from a server not listed in your SPF record, it should be treated with suspicion. Without a properly configured SPF record, your emails are more likely to be flagged as spam.

Generating Your Zoho Mail SPF Record

Zoho Mail provides a specific SPF record that you should use. This record tells receiving servers that Zoho Mail is authorized to send emails on behalf of your domain. The standard Zoho Mail SPF record is:

v=spf1 include:zoho.com ~all

This record means:

• v=spf1: Specifies the SPF version.
• include:zoho.com: Authorizes Zoho Mail’s servers to send emails. It’s important to use “zoho.com” not “zohomail.com” in your SPF record.
• ~all: Indicates a “soft fail.” Emails from servers not listed in the SPF record should be accepted but marked as suspicious. “-all” (hard fail) is stricter but can cause legitimate emails to be rejected if the SPF record isn’t perfect. Using “~all” provides a good balance between security and avoiding false positives.

Example Scenario: A small business, “example.com,” wants to use Zoho Mail. They must add the above SPF record to their domain’s DNS settings.

Adding the SPF Record to Your DNS Settings

The process of adding the SPF record varies depending on your DNS provider (e.g., GoDaddy, Namecheap, Cloudflare). However, the general steps are similar:

• Log in to your domain registrar’s website: Access your domain management panel.
• Find the DNS settings: Look for options like “DNS Management,” “Advanced DNS Settings,” or similar.
• Add a TXT record: Create a new TXT record with the following details:
  • Name/Host: Enter “@” or leave it blank. This indicates that the record applies to your root domain. Some providers may require you to enter your domain name (“example.com”).
  • Value/Text: Paste the Zoho Mail SPF record: v=spf1 include:zoho.com ~all
  • TTL: Set the Time to Live (TTL) to the recommended value (e.g., 3600 seconds or 1 hour). This determines how long DNS servers cache the record.
• Save the changes: Save the new TXT record. It may take some time (up to 48 hours) for the changes to propagate across the internet.

Example: Adding SPF record in Cloudflare: In Cloudflare’s DNS settings, you would:

• Click “Add record”
• Type: TXT
• Name: @
• Content: v=spf1 include:zoho.com ~all
• TTL: Auto
• Click “Save”

Important Considerations:

• Only one SPF record per domain: Having multiple SPF records can cause issues with email deliverability. If you already have an SPF record, you need to modify it instead of creating a new one. If you use other email services (e.g., Mailchimp), you need to include them in the same SPF record using additional include: statements. For example: v=spf1 include:zoho.com include:servers.mcsv.net ~all
• Avoid using the “ptr” mechanism: The “ptr” mechanism is deprecated and can cause performance issues. Avoid using it in your SPF record.
• Test your SPF record: After adding the SPF record, you can use online SPF record testing tools to verify that it is configured correctly. There are many free tools available, such as those provided by MXToolbox and Dmarcian.

Configuring DKIM Records

DomainKeys Identified Mail (DKIM) is another email authentication method that uses cryptographic signatures to verify the sender’s identity and ensure that the email message has not been tampered with during transit. When an email is sent with DKIM, the sending mail server adds a digital signature to the message header. The receiving mail server can then use the sender’s public key (published in the DNS record) to verify the signature and confirm that the email is authentic.

Generating Your DKIM Record in Zoho Mail

Zoho Mail makes it easy to generate a DKIM record. You’ll need to access the Zoho Mail Admin Console.

• Log in to the Zoho Mail Admin Console: Access the admin panel using your administrator credentials.
• Navigate to Email Authentication: Find the section for email authentication settings (usually under “Mail Settings,” “Email Configuration,” or similar).
• Generate DKIM record: Zoho Mail will provide you with a DKIM record that consists of a selector (usually “zoho”) and a public key. The exact steps may vary, but typically you’ll select the domain you want to enable DKIM for and then click a button to generate the record.

The DKIM record will look similar to this (the public key will be much longer):

Name: zoho._domainkey.example.com
Type: TXT
Value: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA... (long public key) ...IDAQAB;

Where:

• Name: The hostname for the DKIM record. This is usually in the format selector._domainkey.yourdomain.com (e.g., zoho._domainkey.example.com). The “selector” allows you to have multiple DKIM keys for the same domain.
• Type: TXT
• Value: The DKIM record value, which starts with v=DKIM1; and includes the public key.

Example Scenario: “example.com” generates their DKIM record in Zoho Mail Admin Console. They receive the following information: Selector: zoho, Public Key: MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA…IDAQAB. They need to create a TXT record with Name: zoho._domainkey.example.com and Value: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA…IDAQAB;.

Adding the DKIM Record to Your DNS Settings

Adding the DKIM record to your DNS settings is similar to adding the SPF record.

• Log in to your domain registrar’s website: Access your domain management panel.
• Find the DNS settings: Look for options like “DNS Management,” “Advanced DNS Settings,” or similar.
• Add a TXT record: Create a new TXT record with the following details:
  • Name/Host: Enter the hostname provided by Zoho Mail (e.g., zoho._domainkey.example.com).
  • Value/Text: Paste the DKIM record value provided by Zoho Mail (e.g., v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA...IDAQAB;).
  • TTL: Set the Time to Live (TTL) to the recommended value (e.g., 3600 seconds or 1 hour).
• Save the changes: Save the new TXT record. It may take some time (up to 48 hours) for the changes to propagate across the internet.

Example: Adding DKIM record in Namecheap: In Namecheap’s Advanced DNS settings for “example.com”, you would add a TXT record with Host: zoho._domainkey and Value: v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA…IDAQAB;. TTL can be set to “Automatic”.

Important Considerations:

• Verify DKIM Configuration: Zoho Mail typically provides a way to verify that the DKIM record is configured correctly. After adding the record to your DNS settings, use this verification tool to ensure that it is working properly.
• Key Rotation: Periodically rotate your DKIM keys for enhanced security. Zoho Mail may provide options for key rotation within the admin console. Best practice is to rotate keys every 6-12 months.
• Keep the Public Key Safe: While the public key is meant to be publicly available in your DNS record, treat it with care. Avoid accidentally sharing the corresponding private key, as this would compromise your DKIM security.

Implementing DMARC Policy

Domain-based Message Authentication, Reporting & Conformance (DMARC) is an email authentication protocol that builds upon SPF and DKIM to provide a more robust defense against email spoofing and phishing attacks. DMARC allows domain owners to specify how receiving mail servers should handle emails that fail SPF and DKIM checks. It also provides reporting mechanisms that allow domain owners to monitor email authentication results and identify potential issues.

Creating Your DMARC Record

A DMARC record is a TXT record that you add to your DNS settings. The DMARC record specifies your DMARC policy and how receiving mail servers should report authentication results. The DMARC record follows a specific syntax:

_dmarc.example.com.  TXT "v=DMARC1; p=none; rua=mailto:dmarc@example.com; ruf=mailto:forensic@example.com; adkim=r; aspf=r; pct=100; rf=afrf1:mailto,iodef:mailto; sp=none"

Let’s break down the components of a DMARC record:

• v=DMARC1: Specifies the DMARC version.
• p=none | quarantine | reject: Defines the DMARC policy.
  • none: Monitoring mode. Receiving servers should take no action on failing emails but report them to the address specified in the rua tag. This is the recommended starting point.
  • quarantine: Receiving servers should mark failing emails as spam or move them to the spam folder.
  • reject: Receiving servers should reject failing emails.
• rua=mailto:address: Specifies the email address where aggregate reports (daily summaries) should be sent. These reports provide an overview of email authentication results for your domain. It is crucial to monitor these reports.
• ruf=mailto:address: Specifies the email address where forensic reports (detailed reports for individual failing emails) should be sent. These reports can contain sensitive information, so use caution.
• adkim=r | s: Alignment mode for DKIM. r (relaxed) allows for partial matches, while s (strict) requires an exact match.
• aspf=r | s: Alignment mode for SPF. r (relaxed) allows for partial matches, while s (strict) requires an exact match.
• pct=0-100: Percentage of emails to which the DMARC policy should be applied. Starting with pct=100 may be risky, so it is advisable to start with pct=10 or pct=20 and gradually increase it as you monitor the reports.
• rf=afrf1:mailto,iodef:mailto: Reporting formats. afrf1 is the aggregate format, and iodef is the forensic format.
• sp=none | quarantine | reject: Policy for subdomains. If not specified, the main domain policy applies.

Example DMARC records:

• Monitoring Mode:_dmarc.example.com. TXT "v=DMARC1; p=none; rua=mailto:dmarc@example.com"
• Quarantine 20% of Failing Emails:_dmarc.example.com. TXT "v=DMARC1; p=quarantine; rua=mailto:dmarc@example.com; pct=20"
• Reject All Failing Emails (After Careful Monitoring):_dmarc.example.com. TXT "v=DMARC1; p=reject; rua=mailto:dmarc@example.com"

Adding the DMARC Record to Your DNS Settings

To add the DMARC record to your DNS settings:

• Log in to your domain registrar’s website: Access your domain management panel.
• Find the DNS settings: Look for options like “DNS Management,” “Advanced DNS Settings,” or similar.
• Add a TXT record: Create a new TXT record with the following details:
  • Name/Host: Enter _dmarc
  • Value/Text: Paste your DMARC record value (e.g., v=DMARC1; p=none; rua=mailto:dmarc@example.com)
  • TTL: Set the Time to Live (TTL) to the recommended value (e.g., 3600 seconds or 1 hour).
• Save the changes: Save the new TXT record. It may take some time (up to 48 hours) for the changes to propagate across the internet.

Example: Adding DMARC record in Google Domains: In Google Domains DNS settings for “example.com”, you would create a Custom record with: Host name: _dmarc, Record type: TXT, TTL: 1H, Data: v=DMARC1; p=none; rua=mailto:dmarc@example.com.

Important Considerations:

• Start with p=none: It is crucial to start with a p=none policy. This allows you to monitor the impact of DMARC without affecting email delivery. Analyze the aggregate reports to identify any legitimate emails that are failing authentication.
• Monitor Aggregate Reports: Regularly monitor the aggregate reports (rua) to identify potential issues and adjust your SPF, DKIM, and DMARC configurations accordingly. Tools like Dmarcian and Postmark provide DMARC report analysis services.
• Gradually Increase the Policy: Once you are confident that your SPF and DKIM records are properly configured and that legitimate emails are passing authentication, you can gradually increase the DMARC policy to p=quarantine and then to p=reject. Increase the pct gradually as well.
• Subdomain Policy: Consider setting a policy for subdomains using the sp tag. This can help protect your brand from spoofing attacks on subdomains that you may not actively use for sending email.
• Handle Forensic Reports Carefully: Forensic reports (ruf) can contain sensitive information, so handle them with care. Ensure that the email address specified in the ruf tag is secure and that access to these reports is restricted.

Zoho Mail Authentication & Best Practices

Beyond SPF, DKIM, and DMARC, there are several other important considerations and best practices that can significantly improve your email deliverability with Zoho Mail. These include setting up custom tracking domains, using a dedicated IP address (if applicable), managing your sender reputation, and adhering to hubspot-email-marketing-tactics-to-boost-roi/" class="internal-link" title="3 Hubspot Email Marketing Tactics to Boost ROI">email marketing best practices.

Custom Tracking Domains

When you send emails, especially marketing emails, links within those emails are often tracked. By default, Zoho Mail might use a generic tracking domain. Using a custom tracking domain (a subdomain of your own domain) helps improve your brand consistency and can also improve deliverability.

• Set up a Subdomain: Create a subdomain specifically for tracking, such as “track.example.com.”
• Configure DNS Records: You’ll need to add CNAME records to your DNS settings that point the tracking subdomain to Zoho Mail’s tracking servers. Zoho Mail will provide you with the specific CNAME records to add.
• Configure in Zoho Mail: Within the Zoho Mail admin console, configure the custom tracking domain. This involves verifying the subdomain and setting it as the default tracking domain.

Example: Setting up “track.example.com” as tracking domain:

• Create subdomain “track.example.com” in your DNS provider
• Add the CNAME record provided by Zoho Mail (e.g., Name: track, Value: track.zohomail.com)
• In Zoho Mail Marketing Automation, add and verify “track.example.com” in the Tracking Domain Settings

Dedicated IP Address

By default, Zoho Mail uses shared IP addresses to send emails. While this is sufficient for most users, larger organizations sending high volumes of email may benefit from using a dedicated IP address.

• Improved Sender Reputation: A dedicated IP address allows you to build and maintain your own sender reputation, which is not affected by the sending behavior of other users.
• Control over Deliverability: You have more control over your email deliverability because you are solely responsible for the reputation of your IP address.
• Warm-up Process: When you start using a new dedicated IP address, you need to “warm it up” by gradually increasing the volume of email you send. This helps establish a positive sender reputation with receiving mail servers.

Contact Zoho Mail support to inquire about dedicated IP address options and pricing. They can guide you through the setup and warm-up process.

Managing Your Sender Reputation

Your sender reputation is a critical factor in determining whether your emails reach the inbox. Receiving mail servers use various metrics to assess your sender reputation, including:

• Spam Complaints: The number of recipients who mark your emails as spam.
• Bounce Rate: The percentage of emails that bounce back due to invalid or non-existent email addresses.
• Engagement Metrics: Open rates, click-through rates, and other measures of how recipients interact with your emails.
• Blacklist Status: Whether your IP address or domain is listed on any email blacklists.

Best Practices for Maintaining a Good Sender Reputation:

• Clean Your Email List Regularly: Remove invalid, inactive, or unengaged email addresses from your list.
• Implement a Double Opt-In Process: Require new subscribers to confirm their email address before adding them to your list.
• Provide an Easy Way to Unsubscribe: Make it easy for recipients to unsubscribe from your emails. Honor unsubscribe requests promptly.
• Monitor Your Bounce Rate and Spam Complaints: Regularly monitor these metrics and take corrective action if they are too high.
• Authenticate Your Emails: Use SPF, DKIM, and DMARC to authenticate your emails.
• Avoid Using Spam Trigger Words: Be mindful of the language you use in your emails. Avoid using spam trigger words or phrases.

Example: Analyzing Bounce Rate and Spam Complaints: If you notice a spike in your bounce rate, investigate the cause. Are you sending to a lot of old or invalid email addresses? If your spam complaint rate is high, review your email content and sending practices. Are you sending unsolicited emails? Are you making it easy for recipients to unsubscribe?

Email Marketing Best Practices

Even with perfect technical configurations, poor email marketing practices can harm your deliverability.

• Segment Your Email List: Send targeted emails to specific segments of your audience based on their interests, demographics, or behavior.
• Personalize Your Emails: Personalize your emails with the recipient’s name and other relevant information.
• Provide Valuable Content: Send emails that provide value to your recipients. Offer helpful information, exclusive deals, or engaging content.
• Test Your Emails Before Sending: Test your emails on different devices and email clients to ensure that they display correctly. Use a service like Litmus or Email on Acid.
• Follow CAN-SPAM Act Guidelines: Comply with the CAN-SPAM Act and other applicable email marketing laws.

By implementing these email marketing best practices, you can increase engagement, improve your sender reputation, and ensure that your emails reach the inbox. Consistent and valuable communication builds trust and minimizes the risk of being marked as spam.