What is Email Authentication? SPF, DKIM, and DMARC Explained

What is Email Authentication? SPF, DKIM, and DMARC Explained

When we work with large email senders or migrate them to a new email service provider (ESP), email deliverability is paramount in researching the performance of their email marketing efforts. I’ve criticized the industry before (and I continue to) because the permission of email is on the wrong side of the equation. If internet service providers (ISPs) wish to guard your inbox from SPAM, then they should be managing the permissions to getting those emails in your inbox. Instead, ISPs rely on algorithms that wind up blocking good email and often letting spam through anyways.

It’s the card we’ve been dealt in the industry, though, so we must take precautions. Companies often aren’t even doing any type of inbox placement monitoring or reputation monitoring on their email marketing programs and are shocked when we do run some tests and see that a large portion of the emails they’re sending (and paying for) are getting dumped in the junk folder.

Additionally, we often find email authentication set up for their primary email marketing service… but they have a bunch of other systems sending messages that aren’t. A company may have their email platform, email marketing platform, invoicing platform, web site form responses, and a ton of other systems that are sending email to employees and customers. I can’t tell you how many times we hear, “Did you check your spam folder?” as a response. If you have to check your spam folder… you most likely have an email authentication issue and you should troubleshoot your email deliverability.

What is Email Authentication?

Email authentication is the process by which internet service providers (ISPs) ensure emails are really from the rightful sender. It confirms that the email message itself hasn’t been modified, hacked or forged on its journey from the source to the recipient. Emails that are not authenticated will often end up in the recipient’s spam folder. Email authentication improves your ability to have your emails delivered to the inbox rather than the junk folder.

There are a few protocols that require implemented whenever you’re sending email on your domain’s behalf out of a third-party platform:

  • Sender Policy Framework (SPF) – an email authentication protocol designed to detect forging a sending domain from an unauthorized sending service or IP address during the delivery of the email.
  • DomainKeys Identified Mail (DKIM) – an email authentication protocol that allows the receiver to check that an email claimed to have come from a specific domain was indeed authorized by the owner of that domain.
  • Domain-based Message Authentication, Reporting and Conformance (DMARC) – an email authentication protocol designed to give email domain owners the ability to protect their domain from unauthorized use. 

Email authentication not only ensures that an unauthorized sender isn’t sending messages pretending to be you (spoofing), it also ensures that ISP can validate the sender as well as the message. Of course, the reverse is true as well. Without email authentication, an ISP may assume that you are a spammer or a spoofer and they may route your email to the spam folder, or even reject your email altogether.

Ensuring you have DKIM, DMARC and SPF records properly deployed can vastly improve your inbox placement – resulting directly in more business. With Gmail alone, it can be the difference between a 0% inbox placement and a 100% inbox placement!

This infographic from InboxAlly explains SPF, DKIM, and DMARC. InboxAlly is a platform used by authorized senders that teaches email providers to put your messages in the Inbox(and keep them out of spam and promotions folders) which means a dramatic increase to your open rates and your bottom line.

infographic spf dkim dmarc explained