Why Authentication Matters

by | May 21, 2020

[This post was originally written in 2020 and has been recently updated in light of Google and Yahoo’s requirement for marketing emails to be authenticated using DKIM and DMARC from February 1st, 2024]

Our unique SMART method to improve email performance makes it easy to remember the five most important areas you should focus on to get the best possible results from your emails.  

The A stands for “Authenticate Your Emails” and this is even more important than ever with the introduction of Google and Yahoo’s new rules that require full authentication.

Authentication is vital if you want to be sure that your emails are will be delivered to the inbox and avoid the spam folder.

Authentication comes in three flavours:

SPF (Sender Policy Framework)

DKIM (Domain Keys Identified Mail)

DMARC (Domain-based Message Authentication, Reporting & Conformance)

You may not know that authentication is normally set up by your email marketing provider, regardless of whether you set it up yourself.

Most email marketing providers, such as ActiveCampaign, HubSpot, Infusionsoft, Mailchimp, etc. will always authenticate the emails they send on your behalf using both SPF and DKIM, but only for their own sending domain, not yours.

To help you understand this, did you know that emails sent by marketing platforms actually have two sender addresses in there, theirs and yours?

Their sending address is known as the “envelope from” address, which is sent as part of the “conversation” the sending email server has with the recipient’s email server. The “envelope from” address must always match the address of the sending server.

As an example, emails sent by Infusionsoft always have an “envelope from” address of mailer@infusionmail.com. This is why you may see “sent via infusionmail.com” if you don’t have your own DKIM set up.

Your own sending address is just added to the email headers by your email platform and is known as the “header from” address for this reason. It can be set to be any address that you choose and because of this, it’s very easy to “spoof” a from address and pretend to be someone else. This is why it’s so important to set up DKIM for your own sending domain, to prove that your address isn’t being spoofed.

Some email marketing platforms allow you to choose to just use their sending authentication; others do that by default, unless you set up your own authentication.

Either way, if you don’t set up your own authentication, it means that there’s no message being sent to the world that you trust your email marketing platform to send emails on your behalf (which is what SPF does) or that the individual emails you’re sending are signed as being legitimately from you (which is what DKIM does).

So, the impact of next setting up your own authentication is that you’re not leveraging your own domain’s sending reputation. If you’re managing your engagement well and sending high quality content, the chances are that your own sending reputation will be better than your email platform’s “default” reputation, which is generally the average of everyone they’re sending on behalf of (including the ones who slip through the net and send spam).

This is why we’ll always recommend that you set up SPF, DKIM and DMARC authentication for your own domain, and to make sure that you’re not just including your email marketing platform in the mix, but also make sure that SPF and DKIM are set up for every other platforms you send email from, such as Gsuite, Office365, a Helpdesk system, your ISP emails and so on.

If you need to check that your SPF, DKIM and DMARC are set up correctly, you can use our free EmailSmart Authentication Checker which will let you know if all is good.

And if you need help fixing issues, or want to know how to set everything up, that’s something that we can help with as well – please get in touch if you’d like more details.