John Colvin is one of our developers that was heavily involved in building our telehealth feature, and he's learned a lot about telehealth security along the way. He's here to share his insight on making a video call service secure and keeping your appointments private.
From masks that cover our facial expressions to telehealth appointments in the living room, this pandemic has drastically changed the way we communicate. In some ways, it can be harder now to express an idea or share information, and that’s exactly why making the extra effort to maintain good communication with your clients is more important than ever.
This is especially true when it comes to email.
As lockdowns and guidelines are set in place and change over time, you’ve got to get relevant information to your clients in a way that’s clear and efficient. Phone calls can be too time-consuming. SMS messages are better for small bits of info. And social media posts don’t reach all your followers.
So when you need to get in touch with most (or all) of your client roster—for things like your updated hours or protocol for when they arrive at your clinic—emails are your best option.
But you might not be reaching as many inboxes as you think.
Well-intended messages are sometimes flagged as spam and remain hidden from readers. That’s a big problem if you’ve got something important to share with your clients. And this could be happening without you even realising it.
There are a number of different factors that can hurt your deliverability rates (like recipient complaints or a high number of inactive recipients on your list), but for our purposes in this article, we’ll focus on email authentication.
To help your emails arrive safely to inboxes instead of spam folders, it’s important to make sure your Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) are both properly set up and authenticated through your domain host.
When it comes to emails you send through your Cliniko account, we’ve got you covered. You don’t need to take any action for those messages.
But for any other emails you’re sending out—including through our Mailchimp integration—it’s probably a good idea to keep reading and get the information you need.
I’ll warn you, though, this info can get a bit technical. But I’ve done my best to avoid the jargon and keep the ideas simple and straightforward.
And if you don’t feel comfortable working with technical stuff like this, you’re not alone. An entire industry has been built up around email deliverability, and there are plenty of companies out there who can help. Just run a quick Google search, and you'll discover no shortage of options.
If you send messages through an email provider (like Gmail) instead of your domain, this info is important for you, too. Hackers might try to use your email address for their scams, and it's crucial to take these steps for protecting your practice.
What are SPF and DKIM?
Simply said, SPF is a list of approved IP addresses that are allowed to send emails from your domain. Your domain is what comes after the @ sign in your email address (i.e. your website’s name, like ‘@moonpodiatry.com’). And DKIM lets your recipient's email provider know that your message wasn’t spoofed or forged in some way.
In other words, these methods allow you to verify the authenticity of your emails in two different ways. You’re telling your recipients’ email providers that not only do you have permission to send emails from the domain, but the message really is coming from you. Verifying your messages in these ways makes it easier for spam filters to determine that your emails are safe and should go straight to the inbox.
Here’s a metaphor that might help explain things a bit. Emails are sent and received through domains the same way hard-copy letters (remember those?) are sent through a post office.
If you mail a letter, it’s routed through your local post office (e.g. your domain host) which then sends the letter to your recipient's local post office (e.g. their email provider) before making the final delivery.
The postmark stamped on the envelope is like the SPF. It lets the email provider know that the message is coming from an approved IP address. And the DKIM is like an old-time wax seal on the back of the envelope marked with your unique identifier. No one else has your ‘seal’, so the message must really be coming from you.
Why are SPF and DKIM important for your clinic?
Properly authenticating your SPF and DKIM can help get more of your emails past certain spam filters and into the inboxes where they belong. That makes it more likely your patients will actually see the information they need.
That’s especially crucial right now when business is anything but normal, and you likely have a steady stream of information you need to share.
And if you’re sending out marketing emails, getting these standards set up properly should help increase your deliverability rates. That means more conversions and a better return on the resources you’ve invested.
These methods also protect your business.
Without completing these measures, hackers could use your clinic’s domain as the ‘sender’ for scam attempts and delivering viruses. That could wind up causing some long-lasting damage to your practice’s name and reputation—not to mention the harm caused to your patients’ computer or data if they get a virus.
Think about it. If your clients (or potential clients) are getting spam messages from your clinic’s domain, why would they ever trust any emails you send out? You probably wouldn’t either if you were in their shoes. I know I wouldn’t.
But if your SPF is completed properly, it won’t contain the hacker’s IP address, and therefore their email shouldn’t be accepted. And if your DKIM is set up, they won’t have your ‘seal’ on their message either. That’s two layers of protection.
How to set up SPF and DKIM
The overall setup process is pretty similar regardless of your domain host, but the specific steps you’ll need to take will vary depending on which company is hosting your website’s domain.
I’ve gone ahead and located the help articles for some of the most popular domain hosts in the countries where we see the most Cliniko users. Hopefully, this saves you the hassle of searching to find what you need.
The link for Bluehost only has instructions for setting up your SPF. I tried to find the DKIM instructions on their site, but I came up empty. If you’ve got stellar Googling skills, you might want to give it a shot. Otherwise, I’d suggest just contacting Bluehost directly and asking for help.
If your domain host isn’t listed above, don’t worry. You should still be able to find what you need on your domain host’s website. They’ve likely got some help articles available that give you the step-by-step instructions you’ll need. And if they don’t, just reach out to them directly and ask for help. Google is also a rich resource filled with helpful articles written by third-party companies.
For those who use Cliniko’s integration with Mailchimp to send bulk emails to your clients, you’ll also need to get things set up with your domain host. But thankfully, Mailchimp has a helpful article with all the info you need.
A word of caution
There is some coding involved. And the execution needs to be precise.
It’s pretty straightforward stuff once you know what to do, but getting to that point can be tough for some. Especially if you’re like me, and working with code feels more like chewing foil.
If you’re the same way, I suggest enlisting someone to help with implementing these standards. Ask a tech-savvy friend to lend a hand if you know one.
Or you could consider hiring an email marketing specialist or system administrator to handle these things for you. That’s an especially good idea if your team is growing because these aren’t just ‘set it and forget it’ methods of protecting your domain. You’ll need to continually update these settings as you scale your business.
- Practice management tips
- How to
Allied health social media expert, Jack O'Brien, from Clinic Mastery talks you through how to use Facebook Ads 'retargeting' to find new clients for your clinic.