Setting up email authentication is important for making sure your email marketing campaigns are effective as it helps to provide security and improve the deliverability of your emails. It involves several measures that we describe in this guide. Read on to make sure all your emails are properly authenticated and able to reach their recipients.
How To Authenticate an Email: SPF, DKIM, DMARC, and BIMI
What is email authentication and why do you need it?
Email authentication is the process of verifying the identity of the sender and the legitimacy of their email messages. It plays an important role in any organization that uses email marketing. It helps email services like Gmail distinguish legitimate emails from spam and phishing emails when someone tries to impersonate your brand to get confidential information.
Email authentication exists to protect email users from spam, phishing, and other types of malicious activity. By authenticating email messages, email providers can help ensure that only legitimate messages are delivered to users’ inboxes.
Email authentication also helps to protect email users’ personal information and privacy. By verifying the sender of an email message, email providers can help prevent scammers from spoofing the sender’s address and sending spam or phishing emails that appear to come from a trusted source. In other words, authentication serves as a checkpoint for detecting unauthorized and malicious IP addresses sending emails from your domain.
Email authentication requires the use of certain standards to work properly. These standards include SPF, DKIM, DMARC, and BIMI — security protocols that serve different purposes. Collectively, they provide a comprehensive solution to email authentication.
How does it work exactly?
SPF, DKIM, DMARC, and BIMI – these four technologies are not the only authentication methods, but they are the basis for checking emails. Let’s see how email authentication works based on these standards.
- A domain or organization owner establishes authentication procedures for all of its sending domains.
- The organization sets up the email servers and infrastructure to follow these regulations.
- The email authentication rules are located in the DNS records for each domain that sends emails. Receiving mail servers then authenticate these emails from the sender based on said published rules.
- Depending on the results of the email authentication, receiving servers will either deliver the email, quarantine it, or reject it.
When a message is received, the public key is accessed, which allows decryption of the private key. If the decryption is successful, the authenticity of the email is confirmed and the high reputation of the sender is confirmed along with it. Otherwise, the domain loses its reputation, which means additional checks or blacklisting of mail addresses.
The technology is used for protection against spoofing, i.e. using a domain for sending fraudulent messages on behalf of another person. In brief, according to the DMARC rules set on the domain, suspicious messages can either be rejected or marked as spam or simply skipped further – depending on the wishes of the owner of the domain.
When an email is sent from a domain with a valid BIMI record, the recipient’s email client can fetch the logo and display it next to the email. The email client can also verify the authenticity of the email using the verification token.
How to authenticate the email: a step-by-step guide
So, how to nail email authentication and allow trouble-free communication between a brand and a client? Here’s what you need to do so that the system verifies your identity. We also have a detailed guide on how to set up your email.
Authenticating IP address and SPF
To authenticate emails using SPF, you need to add an SPF record to your DNS server. The SPF record specifies which IP addresses are allowed to send emails on behalf of your domain.
To avoid SPF authentication failures, you must be aware of all IP addresses that send emails from your domain so you can include them in your SPF record. You need a separate SPF record for each email domain you use if you want stable email deliverability rates. Otherwise, your success in sending emails will depend on the domain used.
To add an SPF record, you need to edit the DNS zone file for your domain. Add the following line to the SPF record .txt file:
Replace IP ADDRESS with the IP address of your email server. The ~all at the end of the record indicates that any other IP addresses should be considered invalid.
If you need more IP addresses, put a space after the final digit of the prior IP address and write “ip4:[IP ADDRESS]” for every extra IP. You can include third-party domains by adding “include:[THIRD PARTY DOMAIN]”.
After you’ve finished, you should have something similar to this:
Save the SPF record and restart your DNS server. Your email should now be authenticated with SPF.
The process of creating a key in an email service provider (ESP) will vary depending on which one you use. If you use Selzy to send email campaigns, setting up DKIM looks like this:
- Log into your private account and copy your public key.
- Once that’s done head over to the domain hosting control panel where TXT records are located.
- Paste the copied key in the Value field:
Although the mechanics of DKIM may be confusing, thankfully implementing it is not. We wrote a detailed article on how to set up DKIM for your domain. By adding DKIM to your DNS records, you increase the probability that your emails will end up in mailboxes instead of spam folders.
Publishing the DMARC record
DMARC allows you to have more sway over your email authentication system, rendering your SPF and DKIM standards stronger. It allows you to choose how you want to handle emails that have not been authenticated: either do nothing with them, put them in spam, or just reject them.
Adding a DMARC for your domain is quite easy. To do that, you should enter into your hosting’s DNS records control panel and put a new TXT record there. We have also written detailed instructions on the DMARC setup process.
The approximate procedure:
- Go to the website of your hosting provider.
- Go into the control panel.
- In the settings menu, find the management of DNS records.
- Insert a new TXT record.
- Click on the Save button.
To implement BIMI, businesses must first publish a valid DNS record for their domain. This record must contain information about the business’s logo, as well as a verification token.
Here is a BIMI record example:
If you want your emails opened by customers and not get caught in their spam folders, make sure to authenticate your emails. Email authentication verifies the sender of an email and ensures that the email is legitimate. This is done by using standards such as SPF, DKIM, DMARC, and BIMI. When an email is authenticated, the receiving server is sure that it comes from the sender that it claims to come from.
Take measures against email fraud by implementing email authentication. This will also ensure your emails actually reach your subscriber. If you haven’t already, now is the time to take action.
BTW, if you don’t have time to figure it out, you can always order an email authentication service from specialists at Selzy, we’re ready to help you with that, just give us a call! Start your email marketing for free now.
Email Growth Conference by Selzy
The most practical email marketing conference you've ever seen. Growth hacks you can deploy same-day. No empty talk, just facts and figures that proved to work.
- 10+ practical cases
- 8 speakers
- 6 hours
- 1 awesome conference pack to kickstart your email marketing
Yay, you're in! Check your email, we’ve sent you the Guide and some details about the event.