Email Marketing Sender Authentication Instructions


Email Marketing Sender Authentication is one of the single most important things you must do if you want to have better deliverability.

However, for non-technical individuals, it may cause a bit of a roadblock. Fear not. This article will help you to authenticate your email marketing sender address.

First of all, let’s explain in detail what these certifications mean and why they exist.

Email Marketing Sender Authentication

There was only the regular SMTP (Simple Mail Transfer Protocol) previous to these methods. You may already know about this acronym before. It’s what you need to configure when sending email from a third party besides your email service provider—using a tool like Outlook or others.

However, even though this works for you, other people can easily pretend to be you and send emails on your behalf for spam or phishing purposes. That’s currently known as spoofing.

To avoid this massive misuse of email and the potential problems, several ESPs tried to come up with a standard protocol to authenticate their origin. However, since most ESPs are from large conglomerates, they try to impose their protocols over the others. It’s quite challenging to have a consensus with so many private companies.

The most standard and spread over the industry are just three: SPF, DKIM and DMARC. You may have heard before about these other acronyms since we used them previously: Sender ID, DomainKeys, and Certified Server Validation. But these were deprecated due to a lack of adoption by industry leaders.

Email Sender Authentication Protocols

It might be the most used one because it’s almost a default on every DNS information. If you check your DNS records, almost surely you’ll have an SPF (Sender Policy Framework) record already in it.

The SPF allows the receiver of a message to check if the domain owner has allowed that particular IP address to send emails on their behalf. Spam filtering systems will take this record into account if it shows a “fail” result when checking that information.

How to configure an SPF record

First, you need to get the SPF record information of your Email Marketing platform of choice. Every good email marketing platform should have a section for the email authentication procedure. Usually, they also have some instructions on how to do it. However, there are some things that you must be careful about before changing your DNS records.

After getting the SPF information, you need to insert it as a TXT record into your DNS.

Your DNS managing system can be under your domain registrar dashboard or your hosting provider. Whatever is your case in particular.

In this case, we’ll give you an example of hosting through a CPanel dashboard. But it will be similar on other platforms as well.

DNS Zone Editor for Email Marketing Sender Authentication

After you access the DNS Zone Editor, you can check your records. The chances are that you’re already with some SPF record by default. So, the trick is to add the exact structure you may find on your present TXT information and add the necessary IP addresses and domain names needed.

SPF Authentication procedure

It might be the trickiest of them all because you can’t have multiple SPF records with different definitions to work correctly. The other Email Authentication Protocols are more straightforward since you just need to add them.

How to Configure a DKIM record

This Email Sender Authenticator is a bit different. Imagine a secret code that you insert on your DNS records, and a perfect match goes in that email. Basically, it’s a digital signature embedded in each email sent.

To proper configure it, you just need to do the same procedure as the previous method. Check your platform’s data about DKIM certification and add them as a DNS record into your editor.

Usually is a TXT record that starts with this: default._domainkey.[yourdomainname].com. followed by a long TXT variable text. The default might be different for each platform provider. But more often than not, there’s also the chance to have CNAME records as well. Amazon SES asks for this to ensure that it will work properly, for example.

How to configure a DMARC record

It’s even easier to program because it resides in the previous ones. It needs to have the SPF and DKIM in place, but it performs like an instruction manual to the receiver as to what to do with this email. It’s like a more strict or relaxed switch that the receiver can activate independently. Imagine that the receiver’s email provider has a more strict alignment in their definitions. If you create the records for the primary domain name and send them from a sub-domain, it will not go through this filter.

There’s a great chart of what passes and fails under this email sender authenticator in Wikipedia.

Why is Email Authentication Important?

If you work with emails on your business, you must have noticed some strange behaviours in your inbox. People are complaining or replying about an email you never sent. Error messages or automatic replies from emails you never addressed either. That’s because you never sent it yourself. It was some bot impersonating someone inside your organisation’s domain name.

To avoid being hurt from a reputation sender standpoint, you must have all these authentication procedures in place. So the ESPs won’t mark your domain name and ALL emails you send as a spoofing source.

Imagine if the legitimate emails you send through your email account get blocking notices from your clients stating that you’re in the “red zone”. Yes, that happens.

Email is one of the most important digital communication tools, but you need to take all the necessary steps to be effective.

If you’re still with questions or need assistance, get in touch with one of our people. We’re always here to support you.

Our team is here to support you

Let's face it; we can't do everything ourselves. Sometimes we need to ask for support from field experts.