Best practice includes the use of industry-standard email authentication through Domain Keys Identified Mail (DKIM) and campaign email domains. Best practice also includes the careful maintenance of recipients lists who have elected to receive your email messages. Both practices work to increase your email deliverability and reduce the incidence of your email messages being reported as spam.

The following sections show you how to implement email campaigns in NetSuite and offers tips for optimizing your email campaign delivery.

Five Golden Rules for Outbound Email

  1. Always send using a FROM domain you control.
    Do not send email messages on behalf of customers, and never use customer email addresses in the FROM field.
    Never send from addresses using a DNS record you don’t control.

    • For emailed forms, or email messages related to transactions, ensure that the Return Email Address field in Setting Email Preferences is specifying your domain.

    For campaign email messages, see Campaign Email Domains.

  2. Manage your scripts.
    Regularly check your SuiteScript outbound mail scripts. Promptly delete any obsolete scripts or deprecated customisations.
  3. Be Compliant.
    Ensure you have proper DNS records set up for DKIM on the domains you send email from. See DomainKeys Identified Mail (DKIM) and DomainKeys Identified Mail (DKIM) and Email Domains. Consider setting up a DMARC policy record for your company’s entire email infrastructure. See Domain-based Message Authentication, Reporting and Conformance (DMARC).
    For NetSuite purposes, it is not necessary to set up DNS records for SPF on the domains you send email from. However, depending on the needs of your company, it might be necessary to create a DNS record for SPF. See Sender Policy Framework (SPF).
  4. Be Aligned.
    If you have an email relay between NetSuite and your mailbox provider (where the MX points), ensure the MAIL-FROM (ENVELOPE-FROM, RETURN-PATH) passes the SPF check.
  5. Be Hygienic.
    Never send spam or unwanted email.
    Never send single email more than a single time.
    Always honour unsubscribe requests.
    Do not send or forward email with content (especially attachments) that is unknown to you.

For an overview of the processes marketing administrators can use to ensure your company’s campaigns are reaching their audience effectively, see Optimizing Email Campaigns.

DomainKeys Identified Mail (DKIM) and Email Domains

When you create your email template, you can select your company’s email domain. This domain replaces each instance of the domain that would show in your email by default.

For email messages sent as emailed forms, or email messages related to your transactions, you can select your company’s email domain when you set up your account. For more information, see Setting Email Preferences. Best practice is the domains implied by both the Campaign Email Domains configuration and Setting Email Preferences should be those whose DNS records you control.

This same domain can be used for DomainKeys Identified Mail (DKIM) email authentication. DKIM is an accepted method of vouching for the email you send. Many ISPs like Google and Yahoo identify email in their recipients’ inboxes that has used DKIM. They also verify their own email with this method.

For more information on setting up email domains and DKIM, direct your administrator to the below:

Sender Policy Framework (SPF)

SPF is a Simple Mail Transfer Protocol (SMTP) validation system that verifies the IP address of an email sender. It lets administrators determine which servers can send email messages from a particular domain.

An SPF record is a TXT record using the SPF format with your DNS provider. An SMTP server on the receiving end determines (based on the content of the DNS TXT record) whether the IP address the email message is sent from is approved for that domain. A DNS TXT record for SPF might be required by the email infrastructure or services (as presented by email domains) that you send email to.

If you must include NetSuite systems in your SPF DNS record, ensure that the definition ‘include:’ is a part of that record.


Never whitelist the range of NetSuite IP addresses. For more information, see NetSuite IP Addresses.

Domain-based Message Authentication, Reporting and Conformance (DMARC)

A domain administrator can use DMARC to determine how email messages using an address from the sender’s domain will be perceived by a receiving system. DMARC informs the receiver which validations (SPF, or DKIM, or both) will pass. This validation ensures that the email message was sent by the sender identified by the From: address.

Consider setting up a DMARC policy record with your domain provider. A DMARC policy record is a DNS resource record of the type TXT. The shortest valid DMARC policy record is v=DMARC1; p=none. To assist with email deliverability analysis, include an email address (or addresses) to which reports of aggregated feedback can be sent. Use the rua tag to list the address (or addresses) for aggregate feedback reports in your policy. For example,


Setting up a DMARC policy affects the entire email infrastructure of your company. The administrator responsible for your company’s email infrastructure should be involved in setting up a DMARC policy record with your domain provider. Consider carefully how strong a policy to implement as it may have consequences. For example, if you use the optional rua tag, it might consume some of your company’s email resources, depending on the volume of received reports.

For more information about DMARC, go to You might find the Anatomy of a DMARC resource record and How Senders Deploy DMARC in 5-Easy Steps sections of that page particularly helpful. See also the DMARC specification, RFC 7489.