Why Authentication Matters

I often talk about the four key pillars of deliverability that spell out the word RACE – they stand for Reputation, Authentication, Content and Engagement.

Today I’m going to talk a little more about Authentication, one of the ways you can increase your chances of getting more emails delivered to the inbox and to avoid the spam folder.

Authentication comes in three flavours:

SPF (Sender Policy Framework)

DKIM (Domain Keys Identified Mail)

DMARC (Domain-based Message Authentication, Reporting & Conformance)

You may not know that authentication is normally set up by your email marketing provider, regardless of whether you set it up yourself.

Most email marketing providers, such as ActiveCampaign, HubSpot, Infusionsoft, Mailchimp, etc. will always authenticate the emails they send on your behalf using both SPF and DKIM, but only for their own sending domain, not yours.

To help you understand this, did you know that emails sent by marketing platforms actually have two sender addresses in there, theirs and yours?

Their sending address is known as the “envelope from” address, which is sent as part of the “conversation” the sending email server has with the recipient’s email server. The “envelope from” address must always match the address of the sending server.

As an example, emails sent by Infusionsoft always have an “envelope from” address of mailer@infusionmail.com. This is why you may see “sent via infusionmail.com” if you don’t have your own DKIM set up.

Your own sending address is just added to the email headers by your email platform and is known as the “header from” address for this reason. It can be set to be any address that you choose and because of this, it’s very easy to “spoof” a from address and pretend to be someone else. This is why it’s so important to set up DKIM for your own sending domain, to prove that your address isn’t being spoofed.

Some email marketing platforms allow you to choose to just use their sending authentication; others do that by default, unless you set up your own authentication.

Either way, if you don’t set up your own authentication, it means that there’s no message being sent to the world that you trust your email marketing platform to send emails on your behalf (which is what SPF does) or that the individual emails you’re sending are signed as being legitimately from you (which is what DKIM does).

So, the impact of next setting up your own authentication is that you’re not leveraging your own domain’s sending reputation. If you’re managing your engagement well and sending high quality content, the chances are that your own sending reputation will be better than your email platform’s “default” reputation, which is generally the average of everyone they’re sending on behalf of (including the ones who slip through the net and send spam).

This is why I’ll almost always recommend that you set up SPF, DKIM and DMARC authentication for your own domain, and to make sure that you’re not just including your email marketing platform in the mix, but also make sure that SPF and DKIM are set up for every other platforms you send email from, such as Gsuite, Office365, a Helpdesk system, your ISP emails and so on.

If you need to check that your SPF, DKIM and DMARC are set up correctly, you can use tools such as DMARCIAN’s various analysers that will let you know if all is good.

And if you need help fixing issues, or want to know how to set everything up, that’s something that we can help with as well – please get in touch if you’d like more details.