Email authentication – Don’t let your emails end up in spam

//”,”@id”: “″,”@type”: “VideoObject”, “duration”: “PT7S”, “name”: “Save this article as a PDF”, “embedUrl”: “”, “description”: “U00eates pressu00e9? Tu00e9lu00e9 upload a PDF version for easy offline reading and sharing with your colleagues.”, “thumbnailUrl”: “”, “uploadDate”: “2022-03-28T00:35:05+01:00”}]]>

As a marketer, you can spend hours, even days, crafting the perfect email. However, if your message lands in the spam folder, your latest campaign is certainly doomed to failure.

Fortunately, there is a way around the dreaded black hole of spam folders. By implementing email authentication, you can prove to Internet Service Providers (ISPs) that your marketing emails are legitimate and deserve a place in recipients’ inboxes.

This article explains what email authentication is, why it’s essential and how it works. Then we’ll show you how to implement it in three of the most popular email marketing tools.

Let’s get started!

What email authentication is (and how it works)

Nobody likes spam. ISPs are constantly striving to reduce the amount of junk mail we receive in our inboxes. To do this, they look at the source of the email and verify if it is a legitimate sender – or a potential spammer.

This is where email authentication comes in. It is a set of methods that the receiving server can use to verify that the message is not a fake.

As part of this check, the server will verify that the message is from the person specified in the “From” field. In this way, email authentication can prevent impersonation and phishing scams, where an email appears to come from a legitimate domain but is sent by a malicious third party.

The recipient’s server will also determine if the email has been altered in transit. This can protect your contacts from machine-in-the-middle attacks.

There are several ways to implement email authentication. Each approach has its own configuration process and puts a unique spin on authentication. However, you will typically set up rules to authenticate email sent from your domain. You will then configure your email servers and infrastructure to implement these rules, and then publish them in your domain name system (DNS) records for each sending domain.

Receiving mail servers can refer to these rules when authenticating incoming messages. If your message appears legitimate, the server will deliver it to the recipient’s inbox. However, if your message fails this check, it may be rejected.

be rejected, quarantined or sent directly to spam.

As a marketer, you can spend hours crafting the perfect email… but if it ends up in the spam folder, then your campaign has almost certainly fallen through. Learn how to stop that here ⬇️Click to Tweet

Why email authentication is important

For the recipient, email authentication has a clear purpose. It helps protect the individual from spam, phishing scams and other malicious emails.

Without authentication, third parties can easily change the source of emails to bypass spam filters. They can even copy your unique brand image to fool your customers into thinking it is a legitimate communication.

Any attack to impersonate your company poses a significant threat to customer trust. That’s why email authentication is an essential tool to protect your reputation and build loyalty.

Authentication increases the chances that the receiving server will trust your emails. On the other hand, if your messages appear to come from an unknown or unexpected domain, there is a good chance they will end up in spam folders.

Low email deliverability rates almost inevitably translate into a low return on investment (ROI) for your content marketing. By implementing email authentication, you should see a positive impact on your email conversion rates.

Today, many businesses send their emails using a third-party platform, such as Mailchimp, Constant Contact or other alternative tools. You can use these platforms to create automated campaigns and perform segmentation.


By authenticating your domain and email address, these platforms can send messages on your behalf from your website’s domain. For example, Mailchimp will remove the default authentication information (via or on behalf of that appears next to the “From” field in your campaign. This improves your brand visibility and may encourage your contacts to open your emails.

You may be concerned about adding a lot of complex content to your emails. However, most authentication information is transmitted in the header of the message, so it’s not visible. This means that authentication should not impact the quality of your email content.

5 Primary Email Authentication Methods

Email authentication requires that the sending and receiving servers coordinate and cooperate. Fortunately, email authentication standards ensure that all email clients and providers speak the same language. Before we show you how to implement authentication, let’s look at these underlying standards.

1. DomainKeys Identified Mail (DKIM)

DomainKeys Identified Mail (DKIM) provides a unique public key that associates with a private key. This DKIM signature is a header added to the message and secured by encryption.

From this

In this way, DKIM can verify that the email is from a legitimate sender. A DKIM signature can also prevent hackers from altering an email in transit as part of a machine-in-the-middle attack.

Here is an example of a DKIM record that Mailchimp uses for authentication:

CNAME record:

Value (resolves to):

Meanwhile, here is an example of a DKIM record with MailerLite, using a TXT record:


In general, DKIM signatures are not visible to the recipient, as validation is done at the server level. This means that adding DKIM records can improve your deliverability rates without impacting the quality of your emails.

2. Sender Policy Framework (SPF)

Sender Policy Framework (SPF) is an authentication standard that verifies your identity as an email sender. This policy compares the IP address of the sender’s mail server to a list of IP addresses that are allowed to send email from that domain. The SPF record is added to the sender’s DNS.

Each time a server receives an email, your ISP uses the SPF record to verify the sender’s IP address. Assuming this value matches the SPF record, the email will be delivered.

If you do not provide SPF authentication, the receiving server may reject your messages as coming from an unverified sender address. Here is an example of the SPF TXT record that Mailchimp uses to perform email authentication:

v=spf1 ?all

Some of the world’s largest companies use SPF, including Google, Comcast, Verizon, and Cox.


3. Sender ID

Developed by Microsoft, Sender ID is often equated with SPF. Both Sender ID and SPF verify the IP address of the sender against the registered owner of the domain. However, their approaches are slightly different.

Sender ID uses the Purported Responsible Address (PRA) algorithm to examine the sender’s address visible in the message. Let’s look at an example of a Sender ID record:

v=spf1 ?all spf2.0/pra ?all

Sender ID was primarily used by Hotmail and Windows Live Mail, which no longer exist. Since it was not widely adopted, Microsoft removed the official Sender ID site.

While it’s easy to consider Sender ID obsolete, it is still used in a few solutions, including on-premises Microsoft Exchange servers. Some ISPs such as Comcast and AT&T also use Sender ID.

4. Domain Message Authentication Reporting and Conformance (DMARC)

DMARC is a policy for handling emails that fail SPF or DKIM authentication. This allows you to better control your email authentication system and protect the recipient from

phishing and spoofing attacks.

With DMARC, you can tell the receiving mail server how it should react when it receives a message that appears to come from your domain but does not meet the SPF or DKIM authentication requirements. Here is an example of a DMARC record using a TXT record:


You can also use DMARC to request reports from mail servers about failed messages and potential spoofing of your domain. These reports can help you identify any authentication problems and malicious activity regarding messages sent from your domain.

5. Brand Indicators for Message Identification (BIMI


The Brand Indicators for Message Identification (BIMI) standard allows you to attach your brand logo to your authenticated emails. Behind the scenes, BIMI is a text record stored in your DNS records and contains the location of your company logo.

The email provider retrieves your BIMI text record using a DNS lookup each time it receives a message. Once the provider finds your logo, it attaches this graphic to the email in the recipient’s inbox.

This simple visual check allows recipients to spot your message and verify its authenticity. If they ever receive a message that does not contain your logo, your contacts will immediately know that it is a suspicious message.

Unlike the other verification methods we’ve explored, BMI is the only approach that provides a visual cue to recipients. It should also reduce the number of people who mistakenly report your messages as spam, which can increase your deliverability rates.

The typical Internet user receives dozens, if not hundreds, of emails every day. By displaying your logo in the recipient’s inbox, BIMI can help you capture the recipient’s attention and encourage them to interact with your emails.

BIMI can also be a way to market your brand, whether or not the person chooses to interact with your messages. Even if the person never opens your email, they will see your subject line, sender’s address and your logo. It’s a great way to build brand recognition.

How to set up email authentication

Email authentication may seem complex, but it’s relatively simple to

set up.

Even if you already have authentication in place and have been using the same email marketing tool for a while, it’s still a good idea to make sure the correct records are in place and validated.

If you’ve recently switched DNS providers, you’ll want to check your records, as this can easily affect your email authentication. One of our customers recently changed DNS providers and their newsletter went straight to the spam folders for almost a month before anyone noticed. This was due to a missing authentication record.


h2> Subscribe to our newsletter

Want to know how we increased our traffic by over 1000%?

Join over 20,000 others who receive our weekly newsletter with WordPress tips!

Subscribe As a

result of this slip, their open rate dropped 4.79% from the previous month, and their click-through rate dropped 1.56. This is a perfect example of why you can’t risk sending your messages to spam.

Let’s make sure that doesn’t happen to your emails. Here’s how to set up authentication for three of the most popular email platforms.


Mailchimp is one of the best known and most used email marketing tools on the web.

By default, Mailchimp applies DKIM authentication to all your campaigns. However, if you are using DKIM authentication, you will need to…

Continue reading:

Leave a Reply

Your email address will not be published. Required fields are marked *