This the third post in an ongoing series about email deliverability. Post 1 about good email list health can be found here, and our second post about sender reputation can be found here.

Sometimes it might feel like where email service providers (ESPs) put your emails to your constituents is almost out of your hands. You might implement best email list practices and work your hardest toward obtaining a good sender reputation, but much of that depends on ESPs and their algorithms.

Luckily, there is one piece of email deliverability that is fully under your control: authentication. Authentication is a large piece of your domain reputation and one we highly recommend under any and all circumstances as you send emails to your constituents.

What is authentication?

In short, authentication is letting ESPs know that the email you’re sending is, in fact, from you. Often spammers will try to mimic legitimate email addresses. Utilizing authentication on your end will tell ESPs which emails are from legitimate domains and which are not.

If you are not utilizing authentication on your end, your emails have a high chance of being sent to your constituents’ junk folders.

There are a few key sender authentication measures ESPs look for when deciding where to put emails when received:

  • SPF
  • DKIM
  • PTR (Reverse DNS) Records

SPF Authentication

Sender Policy Framework (SPF) essentially tells an ESP if an email is coming from where it is supposed to be coming from. This prevents spammers from spoofing your email addresses and sending emails that look like they are coming from your organization.

SPF records are added to your DNS that specify which IP addresses are permitted to send from your domain. If an ESP receives an email from a domain that looks like your organization’s domain, but from an IP that is not registered, it will likely mark the email as malicious.

Follow these steps to build your organization’s SPF record.

DKIM Authentication

Domain Keys Identified Mail (DKIM) is another layer of protection that lets ESPs know the email it has received has not been tampered with and that it is indeed coming from where it is supposed to be coming from. This authentication measure gives the message an encrypted signature the ESP verifies upon receipt of the message. These keys are arranged with ESPs directly.

Follow these steps to create a DKIM record.

DMARC Authentication

Domain-Based Message Authentication Reporting and Conformance – DMARC utilizes SPF and DKIM authentications and allows you to tell ESPs exactly what to do with mail that fails either of these measures. This is another layer to protect your domain from fraudulent senders pretending to send from your organization’s domain.

When your organization implements SPF, DKIM, and DMARC, your messages have a much, much higher chance of delivery to your constituents’ inboxes.

Follow these steps to add DMARC to your DNS provider.

PTR Records (reverse DNS lookups)

Reverse DNS lookups, or PTR (pointer) records, authenticate from the IP address to the domain name, instead of the other way around. In other words, if you go to your contact list in your phone, you normally would go to Jane Doe’s name, and find her phone number. If instead you were to function like a reverse DNS lookup, you would instead search for the phone number and figure out to whom it was associated.

Reverse DNS lookups again prove that your domain is associated with the correct IPs authorized to send mail.

In the world of email deliverability, authentication is often one of the only parts you can actually control, but luckily happens to be one of the most important aspects. If you think you might need an authentication tune-up, of course Zuri Group is here to help!

As Vice President of Digital Services, Molly helps nonprofit organizations develop digital solutions to communicate their mission, reach monetary goals, and create real world impact. Molly believes in the power of technology for change.

Share This