Published on March 1st, 2021 | by Bibhuranjan


Email Authentication: What You Should Know

Connor is an email marketer who has been sending campaigns for three years now. His business grew well until one day; he received multiple messages from his customers saying that he scammed them. He was surprised, of course, so he messaged them back.

Sadly, none of his messages got into his customers’ inboxes because he got blacklisted from sending emails. He also found out later that a cybercriminal has been using his business’s brand name to send emails, stealing credit card information and other important customer data. All of this could’ve been avoided if he implemented email authentication protocols in the first place.

What Is Email Authentication And Why Is It Important?

Email authentication is an email security protocol that helps Internet and Email Service Providers (ISPs and ESPs) verify the legitimacy of an email marketer’s campaigns. Some cybercriminals use your domain to send malicious emails to your customers claiming to have come from your business’s domain. This attack is called the domain or email spoofing.

Through email authentication, you’ll be able to set rules for ISPs and ESPs that only the campaigns coming from your domain, Internet Protocol (IP) address, and business email account are legitimate.

This helps in building and protecting your brand’s reputation. Once you have a high sender’s reputation, all your campaigns are sent straight to your recipients’ inboxes, thus improving deliverability.

The malicious emails from cybercriminals who are spoofing your business will then get rejected by the ISPs and ESPs of whoever they’re sending their messages to. Why? Because their emails aren’t authenticated by your domain on which they’re spoofing from.

How Does Email Authentication Work?

When your campaigns reach your customers’ email servers, these servers will authenticate the emails by verifying if the campaigns were sent on behalf of your business domain with implemented SPF, DKIM, and DMARC protocols.

To do this, your recipients’ email servers will look at your domain’s rules to see if the domain authorizes the campaigns’ email and IP addresses. If the emails are found to be sent from addresses that are part of the domain’s rule, the campaigns go straight into the recipients’ inboxes.

However, suppose your customers receive emails that are sent from addresses that aren’t defined by your domain’s rule. In that case, the email will not reach the customers’ inboxes because they will be detected and considered malicious emails.

As the domain owner, you can choose what happens to these unauthorized emails. They can either be rejected, ignored, or be sent to a customer’s spam box.

3 Steps to Authenticate Your Email

1. Implement SPF

To set your Sender Policy Framework (SPF), you need to add a text record into your Domain Name System (DNS) that looks like this: “v=spf1 ~all”

If you’re using SMTP relay for email marketing, you can implement SPF by looking into the relay’s domain settings and copy the text record provided under “host” into your DNS.

You might also be using a subdomain to separate your transactional and marketing mailing streams. If this is your case, you need to add the necessary text records into the subdomains as well.

2. Implement DKIM

To implement the DomainKeys Identified Mail (DKIM), you need to open your mail server or SMTP relay server’s domain settings tab. Find the text record that looks like k=rsa; t=s; p=MIGfMAfDFsdGHJgfhDSFa….

That text record can be used for setting your DKIM. If the domain settings tab asks you to provide a hostname, the most standard hostname to enter would be your domain’s name. Then, create a public and private key pair.

Store the private key and don’t share it with anyone unauthorized. Publish the public key so it can be scanned by ISPs, ESPs, and mail servers. To finalize everything, configure your email server by saving all the new settings.

3. Implement DMARC

To implement your Domain-based Message Authentication Reporting and Conformance (DMARC) for email marketing, you need to have your SPF and DKIM authenticators already implemented.

Start by opening your DNS settings and type “_dmarc. {{yoursubdomain}}” under “host.” The text record produced should look like this: “v=DMARC1\; p=none\; rua=mailto:[email protected]\; ruf=mailto:[email protected]\; pct=100”

You can change the values of the text record. For example, p= determines what happens to the mail sent on behalf of your domain that doesn’t follow the SPF and DKIM rules. none means nothing happens to the email.

quarantine means the email is accepted but isn’t sent to the recipient’s inbox. Usually, quarantined emails are sent to spam, which you should not do. reject instructs the ISP and ESP not to accept the email and deliver a report on why the email didn’t follow authentication rules.


Email authentication is a must for all email marketers. It protects businesses and customers’ reputations, information, and money from being damaged and stolen by cybercriminals. It also helps email marketers have their campaigns reach their customers’ inboxes.

Please be informed that the processes of setting up email authentication protocols will differ depending on the ISP, ESP, SMTP relay services, and email marketing platforms. Make sure always to read your marketing tools’ instruction manual and ask for assistance from customer support.

Image by Muhammad Ribkhan from Pixabay

Tags: , ,

About the Author

Avatar photo

Editorial Officer, I'm an avid tech enthusiast at heart. I like to mug up on new and exciting developments on science and tech and have a deep love for PC gaming. Other hobbies include writing blog posts, music and DIY projects.

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to Top ↑