Email Marketing Sender Authentication is one of the single most important things you must-do if you want to have better deliverability.

However, for non-technical individuals, it may cause a bit of a roadblock. Fear not. This article will help you to authenticate your email marketing sender address.

First of all, let’s explain in detail what these certifications mean and why they exist.

Email Marketing Sender Authentication

Previous to these methods, there was only the regular SMTP (Simple Mail Transfer Protocol). You may already know about this acronym before. It’s what you need to configure when sending email from a third party besides your email service provider. Using a tool like Outlook or others.

However, even though this works for you, it can be easily masked by other people to send emails on your behalf for spam or phishing purposes. That’s currently known as spoofing.

To avoid this massive misuse of email and the potential problems with it, several ESPs tried to come up with a standard protocol to authenticate their origin. However, since most ESPs are from large conglomerates, they try to impose their own protocols over the others. It’s quite challenging to have a consensus with so many private companies.

The ones that are most standard and spread over the industry are just three: SPF, DKIM and DMARC. You may have heard before about these others acronyms since we used them previously as well: Sender ID, DomainKeys and Certified Server Validation. But these were deprecated due to lack of adoption by industry leaders.

Email Sender Authentication Protocols

This might be the most used one because it’s almost a default on every DNS information. If you check your DNS records, almost surely you’ll have an SPF (Sender Policy Framework) record already in it.

The SPF allows the receiver of a message to be able to check if the domain owner has allowed that particular IP address to send emails on their behalf. Spam filtering systems will take this record into account if it shows a “fail” result when checking that information.

How to configure an SPF record

First, you need to get the SPF record information of your Email Marketing platform of choice. Every good email marketing platform should have a section for the email authentication procedure. Usually, they also have some instructions on how to do it. However, there are some things that you must be careful about before changing your DNS records.

After you get the SPF information, you need to insert as a TXT record into your DNS.

Your DNS managing system can be under your domain registrar dashboard or under your hosting provider. Whatever is your case in particular.

In this case, we’ll give you an example of hosting through a CPanel dashboard. But it will be similar in other platforms as well.

DNS Zone Editor for Email Marketing Sender Authentication

After you access the DNS Zone Editor, you can then check your records. The chances are that you’re already with some SPF record by default. So, the trick is to add the same structure you may find on your present TXT information and add the necessary IP addresses and domain names needed.

SPF Authentication procedure

This might be the trickiest of them all because you can’t have multiple SPF records with different definitions to work correctly. The other Email Authentication Protocols are more straightforward since you just need to add them.

How to Configure a DKIM record

This Email Sender Authenticator is a bit different. Imagine a secret code that you insert on your DNS records and a perfect match is placed in the message itself. Basically, it’s a digital signature embedded in each email sent.

To proper configure it, you just need to do the same procedure of the previous method. Check your platform’s data about DKIM certification and add them as a DNS record into your editor.

Usually is a TXT record that starts with this: default._domainkey.[yourdomainname].com. followed by a long TXT variable text. The default might be different for each platform provider. But more often than not, there’s also the chance to have CNAME records as well. Amazon SES asks for this to make sure that it will work properly, for example.

How to configure a DMARC record

It’s even easier to program because it resides in the previous ones. Is based on the SPF and DKIM as records but then, it performs like an instruction manual to the receiver as what to do with this email. It’s like a more strict or relaxed switch that the receiver can activate on their own. Imagine that the receiver’s email provider has a more strict alignment in their definitions. It means that if you create the records for the primary domain name and you’re sending from a sub-domain, it will not go through this filter.

There’s a great chart of what passes and what fails under this email sender authenticator in the Wikipedia.

Why is Email Authentication Important?

If you work with emails on your business, you must have noticed some strange behaviours on your inbox. People complaining or replying about an email you never sent. Error messages or automatic replies from emails you never addressed either. That’s because you never sent it yourself. It was some bot impersonating as someone inside your organisation’s domain name.

To avoid being hurt as a reputation sender standpoint, you must have all these authentication procedures in place. So the ESPs won’t mark your domain name and ALL emails you send as a spoofing source.

Imagine if the legitime emails you send through your email account gets blocking notices of your clients stating that you’re on the “red zone”. Yes, that happens.

Email is one of the most important digital communication tools but to be effective; you need to take all the necessary steps. This is one of those.

If you’re still with questions or need assistance, get in touch with one of our people. We’re always here to support you.

Rui Nunes

About Rui Nunes

Rui Nunes is the Founder of sendXmail(s), Email Marketing and Automation Full Service Agency.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.