Email Best Practices

Best practice includes the use of industry-standard email authentication through DomainKeys Identified Mail (DKIM) and campaign email domains. Best practice also includes the careful maintenance of recipients lists who have elected to receive your email messages. Both practices work to increase your deliverability, and reduce the incidence of your email messages being reported as spam.

The following sections show you how to implement email campaigns in NetSuite, and offers tips for optimizing your email campaign delivery.

For more information, see the following sections:

Five Golden Rules for Outbound Email

1. Always send using a FROM domain you control

  • Do not send email messages on behalf of customers, and never use customer email addresses in the FROM field.

  • Never send from addresses using a DNS record you don’t control.

    • For emailed forms, or email messages related to transactions, ensure that the Return Email Address field on the Company Information page is specifying your domain. (A user with an Administrator role can go to Setup > Company > Setup Tasks > Company Information to view the Return Email Address field). For more information, see the entry in the From Address for Emailed Forms row in the Transactions section of Setting Email Preferences.

    • For campaign email messages, see Campaign Email Domains.

2. Manage Your Scripts

Regularly check your SuiteScript outbound email scripts. Promptly delete any obsolete scripts or customizations that you are no longer using.

3. Be Compliant

4. Be Aligned

If you have an email relay between NetSuite and your mailbox provider (where the MX points), ensure the MAIL-FROM (ENVELOPE-FROM, RETURN-PATH) passes the SPF check.

5. Be Hygienic

  • Never send spam or unwanted email.

  • Never send single email more than a single time.

  • Always honor unsubscribe requests.

  • Do not send or forward email with content (especially attachments) that is unknown to you.

For an overview of the processes marketing administrators can use to ensure your company's campaigns are reaching their audience effectively, see Optimizing Email Campaigns.

DomainKeys Identified Mail (DKIM) and Email Domains

When you create your email template, you can select your company's email domain. This domain replaces each instance of the domain that would show in your email by default.

For email messages sent as emailed forms, or email messages related to your transactions, you can select your company’s email domain when you set up your account. For more information, see Setting Email Preferences. Best practice is the domains implied by both the Campaign Email Domains configuration and Setting Email Preferences should be those whose DNS records you control.

This same domain can be used for DomainKeys Identified Mail (DKIM) email authentication. DKIM is an accepted method of vouching for the email you send. Many Internet Service Providers (ISPs) like Google and Yahoo identify email in their recipients' inboxes that has used DKIM. They also verify their own email with this method.

For more information about setting up email domains and DKIM, direct your administrator to Campaign Email Domains and DomainKeys Identified Mail (DKIM).

Domain-based Message Authentication, Reporting and Conformance (DMARC)

A domain administrator can use DMARC to determine how email messages using an address from the sender’s domain will be perceived by a receiving system. DMARC informs the receiver which validations (SPF, or DKIM, or both) will pass. This validation ensures that the email message was sent by the sender identified by the From: address.

Consider setting up a DMARC policy record with your domain provider. A DMARC policy record is a DNS resource record of the type TXT. The shortest valid DMARC policy record is v=DMARC1; p=none. To assist with email deliverability analysis, include an email address (or addresses) to which reports of aggregated feedback can be sent. Use the rua tag to list the address (or addresses) for aggregate feedback reports in your policy. For example,


Setting up a DMARC policy affects the entire email infrastructure of your company. The administrator responsible for your company’s email infrastructure should be involved in setting up a DMARC policy record with your domain provider. Consider carefully how strong a policy to implement as it may have consequences. For example, if you use the optional rua tag, it might consume some of your company’s email resources, depending on the volume of received reports.

For more information about DMARC, go to You might find the Anatomy of a DMARC resource record and How Senders Deploy DMARC in 5-Easy Steps sections of that page particularly helpful. See also the DMARC specification, RFC 7489.

Sender Policy Framework (SPF)

SPF is a Simple Mail Transfer Protocol (SMTP) validation system that verifies the IP address of an email sender. It lets administrators determine which servers can send email messages from a particular domain. SPF alignment with your DMARC policy record is no longer required when you send email from NetSuite. Set up an SPF record only when it is specifically required by a recipient’s email system.

An SPF record is a TXT record using the SPF format with your DNS provider. An SMTP server on the receiving end determines (based on the content of the DNS TXT record) whether the IP address the email message is sent from is approved for that domain.


Email or fax infrastructure or services may require that you to set up a DNS TXT record for SPF.

  • Email Infrastructure and Services: A DNS TXT record for SPF may be required by the email infrastructure or services (as presented by email domains) that you send email to. If you must include a reference to NetSuite SPF, ensure that the definition is a part of your SPF record.

  • Fax Infrastructure and Services: A DNS TXT record for SPF may also be required by the fax infrastructure or services that you use to send faxes. For example, eFax validates SPF records. If you are registered with eFax to send faxes from NetSuite, ensure that the definition is a part of your SPF record.


Do not attempt to manage access to NetSuite by adding a list of NetSuite IP addresses to an access control list. Rather than using a list of allowed IP addresses, there are better, more secure, and less fragile methods to protect your account from unauthorized access. For more information, see NetSuite IP Addresses.

Related Topics

Optimizing Email Campaigns
Campaign Email Domains
DomainKeys Identified Mail (DKIM)
Subscription Management
Using the Sent Email List

General Notices