email authentication

What is email authentication and do you have SPF, DKIM and DMARC correctly set up

By Tania Jones

January 25, 2024

Why Email Authentication Is Important

Do you have a unique domain that you are using for your business?

Do you have a website for your business AND do you send emails from that domain?

Likely you have both already set up.

More importantly, do you want your emails to get delivered once February 2024 arrives?

Have you heard about Google and Yahoo stopping delivering emails from February if you do not have email authentication set up correctly?

If you don’t have your email configured correctly, they may not deliver your emails.

The reason for this is to protect you and many others from receiving spoof, phishing and spam emails.

Google and Yahoo are making best practices for email authentication into mandatory requirements from February 2024.

This means that whereas, previously, proper email authentication has been a best practice, from February 2024, it will be required for larger volume senders (over 5000/day)

If you’re a smaller business, then you possibly won’t be affected YET! but it’s still important to put these processes in place.

If you want to ensure your emails continue to make it to the inbox, you’ll have to comply with the following best practices for email authentication and spam prevention.

You will need to:

  • Authenticate your emails using SPF, DKIM and DMARC.
  • Keep your spam reporting low and maintain a spam complaint rate under 0.3%
  • Make it easy for people to unsubscribe with just one click.

Where Does It All Begin

So to start I want to take you back to when you created your domain for your business. If you are still using, then you will want to look into changing to a domain of your own to ensure ongoing email delivery.

The process you likely went through (or someone did for you) is first to register your domain name e.g., etc

This can be done through many companies such as Names, reg123, GoDaddy etc and generally costs from 99p upwards depending on names and deals.

Following that, your website and email service will then need to be set up with a hosting company.

This can be the same place as you purchased the domain name, but it doesn’t need to be and in many cases it isn’t. Some examples are cloudflare, siteground, ionis, godaddy etc

The server where you set up your website will have an area called DNS (Domain Name Service) where email validation protocols are set up that allow receiving servers to check the validity of your email addresses.

There are 3 things that need to be set. These are all set in the DNS settings of your domain.

SPF – Sender Profile Framework

This record identifies all the mail servers that are validated to send email from your domain. This includes your domain but should also include CRM systems, membership sites as they also send email on behalf of you.

When an email you have sent arrives at the receiving server, it will check if where the email has come from is in your SPF record. If it is not, the email will not get delivered to the inbox.

DKIM  - Domain Keys Identified Mail

This is a hidden signature that is encoded into the body of an email. When an email is received, the receiving server will check that the hidden code created and sent in the email, is the same domain as the one on the sender’s DKIM settings.

It verifies that the message was not altered during sending.

DMARC – Domain-based Message Authentication, Reporting & Conformance

DMARC is an email security policy that instructs email receivers to approve, quarantine or reject emails that are not sent from an authenticated source. It bases its decisions on whether SPF and DKIM are aligned or not.

If you are not sure, book an audit and I will tell you what you need to put in place.

How Does Email Authentication Work

When you send an email from your server, it includes sections of code that are created by your email server. When the email arrives at the receiving server, it then checks these codes against the ones set up on your server (SPF and DKIM). Alongside these checks, you also need to specify what happens to email if it fails either of these checks (DMARC policy).

Sometimes, emails can be changed en-route (think spoofing, phishing etc) and if something does not match up the receiving server will use your DMARC policy to decide what to do.

Depending on what your DMARC policy says, it will deliver the email according to that:

p=none - sends emails to the inbox

p=quarantine - sends email to Spam so you can decide

p=reject - doesn't deliver the email

NOTE: When setting up DMARC for the first time, ALWAYS use p=none, until you have checked all your email services.

Will It Help My Business?

Keeping your list of contacts engaged and current is also very important, after the authentication is in place. Google, Yahoo and Microsoft are also monitoring contact engagement in deciding whether to deliver emails or not.

Tackling these two parts of email marketing will ensure you get all and more of the benefits listed below.

  • Establishes Professionalism
  • Boosts engagement and relationship building
  • Increases ROI of marketing spend
  • Increases your sender reputation
  • Reduces SPAM complaints
  • Less marketing spend wasted on disengaged contacts

I am offering businesses an Email Authentication Audit, where you will receive a report outlining where you are not compliant and what to do.

Tania Jones

About the author

Leave a Reply

Your email address will not be published. Required fields are marked

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

Are you ready to level up your business?

Open chat
How Can I Help
Scan the code
Please send me your enquiry and I will reply shortly.