• Subscribe   
  • Subscribe   

Knock, knock. Who’s there? Email Authentication; the key to deliverability

Published on 17 Sep 2012
The Key To Deliverability Email Authentication

An average of 106 billion spam messages go out daily and a further 188 billion email messages are sent. Getting your email into the inbox, when ISPs like Hotmail and Gmail are trying to keep junk out is becoming increasingly difficult.
We can no longer just send email, we need to focus on delivering email. And this falls within your responsibility as well as the supplier of the Email marketing system you’re using.

What can your ESP put in place to improve deliverability?

Email authentication is all about verifying that the domain used in the ‘from’ address is under the control of the sender.  The large ISPs like AOL, Hotmail, Yahoo! and Gmail are using email authentication as an important layer in their spam fighting arsenal.


By setting up a system as an authenticated sender, you can instantly bypass certain filters. This gives your campaigns a better chance of arriving in your customers’ inbox. Improving deliverability. Also, many ISPs like Yahoo! and Hotmail will flag your email as authenticated, which helps to build trust between you and your subscribers – ultimately increasing the chance of your emails being opened.

Authenticated Image

Ensuring your Email Service Provider gets authentication in place

ISPs use certain methods to authenticate a sender – SPF & DKIM. Without this additional scrutiny or the correct authentication methods in place your messages could be seen as phishing scams. This makes email authentication an important tool because it impacts directly on email deliverability.

Some terms you need to know that directly impact your deliverability if not set up correctly:

SPF – Sender Policy Framework: This is a way to say an IP or domain can send email on your behalf. It prevents ‘from’ address spoofing.

DKIM – (DomainKeys Identified Mail): A means to digitally sign an email message and associate a domain name with it. This signature gives recipients and ISPs a reason to believe the email message was created by a known sender and that it was not altered in transit.

DMARC – (Domain-based Message Authentication, Reporting and Conformance): A DMARC policy allows a sender to indicate that their emails are protected by SPF and/or DKIM, and tells a receiver what to do if neither of these authentication methods pass – such as send to junk or reject the message.

All three of the above records are controlled by adding DNS (Domain Name Server) records on your email sending servers. Work with your ESP to ensure that these records are set up correctly.

Who needs to do what?


  • The domain used in the ‘from’ address is typically controlled by your own IT department or outsourced to an IT company. The request and task to have SPF, DKIM & DMARC records added is an internal one.


  • Your Email service provider or email marketing agency should be advising you and providing the record details that you need to add to your DNS server.
  • Your ESP will be responsible for signing the outgoing email with the relevant DKIM key. This is an essential feature for any ESP. Your ESP should have similar entries for the Dedicated IP/Domain that the emails are being sent from.

3 Common stumbling blocks in getting email authentication in place

You may encounter some common stumbling blocks such as:

  1. Not supported by your Email Service Provider – If you are bringing up Email Authentication with your ESP and you find they are not knowledgeable on Email Authentication techniques or do not have the technology to support signing email with DKIM, you should be hearing warning bells. You may even want to consider shopping around.
  2. Resistance / pushback – Often times there is internal resistance to make the DNS updates but one answer that is not acceptable is “It’s not possible”. Your ESP should be able to assist you in providing the required information to your IT department to make them feel comfortable with the changes.
  3. Approvals  – The actual DNS changes are not time consuming once they are approved. You may however need to navigate your way through your internal processes to gain the required approval. Armed with all the correct details and requirements, you should be able to cut through the red tape.

It’s in place – how do I verify?

There is no need to take anyone else’s word for it, there are many free testing tools available for checking that your emails are being properly authenticated.  Some examples of tools available are

Are your emails authenticated?

It’s become imperative that these records are set up for your email campaigns. Check that your ESP and IT department apply these authentication methods and give you the best running start to get your emails delivered.

There are many other factors that could affect your deliverability, but email authentication shouldn’t be one of them