Why Email Security Matters
Without proper email authentication:
- Scammers can send emails appearing to be from your domain
- Your legitimate emails may land in spam
- Phishing attacks damage your brand reputation
SecurEcommerce monitors your configuration and alerts you to issues.
Step 1: Check Current Status
- Open SecurEcommerce
- Navigate to Email Security
- Review your current status for:
- SPF record
- DKIM configuration
- DMARC policy
Note any issues flagged.
Step 2: Fix SPF Record
SPF tells email servers who can send on your behalf.
If SPF is missing:
- Log into your domain registrar/DNS provider
- Add a TXT record:
- Name:
@(or your domain) - Value:
v=spf1 include:_spf.shopify.com ~all
- Name:
- If using other email senders, include them too
Common includes:
- Shopify:
include:_spf.shopify.com - Google:
include:_spf.google.com - Klaviyo:
include:_spf.klaviyo.com
Example combined SPF:
v=spf1 include:_spf.shopify.com include:_spf.google.com ~allStep 3: Configure DKIM
DKIM adds cryptographic signatures to your emails.
For Shopify emails: Shopify handles DKIM for emails sent through their system.
For other senders: Each email provider has their own DKIM setup:
- In your email provider’s settings, find DKIM configuration
- They’ll give you a TXT record to add
- Add the record to your DNS
- Verify in the email provider’s dashboard
Step 4: Set Up DMARC
DMARC tells servers what to do with failed authentication.
Start with monitoring mode:
-
Add a TXT record:
- Name:
_dmarc - Value:
v=DMARC1; p=none; rua=mailto:dmarc@yourdomain.com
- Name:
-
This monitors without blocking
After reviewing reports, strengthen:
p=none→p=quarantine→p=reject
Example progression:
# Stage 1: Monitor
v=DMARC1; p=none; rua=mailto:dmarc@yourdomain.com
# Stage 2: Quarantine
v=DMARC1; p=quarantine; rua=mailto:dmarc@yourdomain.com
# Stage 3: Reject
v=DMARC1; p=reject; rua=mailto:dmarc@yourdomain.comStep 5: Verify in SecurEcommerce
After making DNS changes:
- Return to SecurEcommerce Email Security
- Click Refresh Check
- Verify all indicators show green
- Review any remaining recommendations
Note: DNS changes can take up to 48 hours to propagate.
Understanding SecurEcommerce Alerts
SecurEcommerce monitors continuously and alerts you to:
| Issue | Severity | Action |
|---|---|---|
| Missing SPF | High | Add SPF record |
| SPF syntax error | High | Fix the record |
| No DMARC | Medium | Add DMARC record |
| DMARC p=none | Low | Consider strengthening |
| DKIM issues | Medium | Check with email provider |
Forward Suspicious Emails
When you receive suspicious emails:
- Go to Email Analysis in SecurEcommerce
- Forward the email to your analysis address
- We’ll analyze for:
- Phishing indicators
- Spoofing signs
- Known bad actors
- Receive a report with findings
Troubleshooting
SPF record too long?
- Use includes instead of listing IPs
- Consider SPF flattening services
DKIM not validating?
- Verify record was added correctly
- Check for copy/paste errors
- Confirm with your email provider
DMARC reports overwhelming?
- Use a DMARC report analyzer
- Focus on failures first
Best Practices
- Start with monitoring - Don’t jump to reject
- Include all senders - Miss one and emails fail
- Review reports - Understand what’s happening
- Strengthen gradually - Move to quarantine, then reject
- Keep monitoring - Things change over time
Next Steps
With email security configured:
- Monitor SecurEcommerce for alerts
- Review DMARC reports periodically
- Forward suspicious emails for analysis
- Gradually strengthen DMARC policy