What you need to know and do to verify your emails
Email authentication involves a few technical protocols that an email sender can use to verify their emails. Like a unique digital signature, email authentication helps prove your identity as the sender so your emails are more likely to reach the inbox, and identify forged or fake emails so that they get rejected as spam.
Email authentication can seem complicated but we’re here to help!
In this article we’ll explain the different types of email authentication methods and their impact on your email deliverability. Once you know more about them and your role in the process, you can confidently send emails knowing you’re helping them reach your audience.
If you’re just looking for detailed instructions on DKIM authentication, see the DKIM authentication setup guide.
Before we dive into the world of email authentication, it’s important to understand some common terms and concepts.
It’s also useful to know that every email has two “from” addresses.
Setting up email authentication requires some technical know-how because you’ll need to access and create DNS records for your Sending Domain. If you’re uncertain how to do this, ask your IT team or a technically savvy friend to help.
SPF (Sender Policy Framework) authentication checks the DNS records of the domain in the Return-Path address (the one for the machines), and the IPs authorized to send emails for that domain. If a sender’s IP address is not listed in the DNS records of the Return-Path domain, their email is rejected. As the Return-Path domain is Emma’s Sending Domain (e2ma.net) we maintain the correct SPF records and emails sent via Emma meet the requirements of SPF authentication.
We manage the SPF record for our Sending Domain, and as an option you can also include Emma’s domain in your DNS records.
If you already have an SPF record you can edit the existing SPF record and include "e2ma.net". Otherwise you’ll need to create an SPF record and include “e2ma.net” in it. More information on SPF records can be found at open-spf.org.
DKIM (Domain Keys Identified Mail) allows a mailbox provider (like Gmail, Yahoo, Outlook) to verify that an email’s content hasn’t been tampered or changed in transit and the Friendly From address (the one for humans) matches the DKIM record domain.
DKIM authentication happens in two parts, one on the sender side and the other at the receiving end.
Part 1 - the Emma system generates an alphanumeric code (let’s call it code 1) that represents the Friendly From address and email content. The system then encrypts code 1 and sends it with your email.
Part 2 - When the mailbox provider receives your email, it generates its own alphanumeric code (let's call it code 2). It then encrypts code 2 and compares code 2 with code 1. If both codes match then your email hasn’t been tampered or changed while in transit.
If this all seems a bit complicated, it’s because it is! The important thing is that DKIM authentication uses the domain in the Friendly From address, which is your sending domain, to verify emails. Setting up DKIM authentication means the Friendly From domain and the DKIM domain match.
A lack of DKIM authentication can result in some mailbox providers flagging your emails as coming from a sender other than you. This can potentially cause the mailbox provider to show an alert message to your recipients, filter them as spam, or confuse your audience into thinking they're receiving spam from someone purporting to be you.
Without DKIM authentication some mail clients, like Gmail, will show a “via” e2ma.net message next to your Friendly From address in the inbox. After DKIM authentication is added to your sending domain, only your email address is shown without the extra “via” message.
We recommend all clients to set up DKIM authentication for their sending domain, as this helps distinguish your emails from other email senders and builds your unique domain reputation as a trusted email sender.
We have a detailed step-by-step guide on the DKIM authentication setup page.
DMARC (Domain-based Message Authentication, Reporting & Conformance) combines parts of SPF and DKIM authentication to tell mailbox providers what to do with unauthenticated emails.
DMARC was created to destroy the deliverability of email senders forging or faking other people’s Sending Domain, also known as spoofing. If you send emails from your own sending domain, we recommend setting up DKIM as a minimum. If you’re concerned that your domain is being misused for spamming or spoofing, you may consider carefully implementing DMARC.
To meet the requirements of a DMARC check:
Setting up DKIM authentication in your Emma account means the Friendly From domain and the DKIM domain will match, and your emails will meet the requirements of a DMARC check.
Before creating a DMARC policy for your domain, you need to correctly set up DKIM authentication for your Emma account. If not, you risk a large segment of your emails being rejected by mailbox providers.
Implementing DMARC requires someone who really understands DNS! It involves a significant amount of testing, reviewing technical reports, and securing all your mail streams carefully. We recommend getting help from service providers who specialize in DMARC.
Below are three services that can help you through the DMARC implementation process:
Email authentication is a great way to build trust, protect your domain reputation, and secure your brand identity. Not all authentication methods are required for good sending but some are more helpful than others. Understanding the different authentication methods helps you make an informed decision on what suits your business needs, technical ability, and resources.