Authentication of email helps receiving Internet Service Providers (ISPs) determine if an email is desired. Authentication works by adding cryptographic codes that prove who sent the campaign and by providing lists of where those campaigns may originate. When a campaign has a known sender, the ISP can make better decisions on how to deliver it: into the inbox or into the spam folder.
There are two major techniques for authenticating email: SPF and DKIM. SPF specifies where campaigns may originate, and DKIM embeds a code in the campaign to prove who the sender is. A related technology, DMARC, leverages email authentication to define rules to prevent others from using your domain name to send email.
What is SPF?
SPF is simply a list of servers which are permitted to send mail for a given domain name. Because we use our own domain name for the address checked by SPF, you do not need to take any action to take advantage of SPF email authentication with our service. All mail we send is automatically SPF compliant.
Some ISPs verify Sender ID, which does require action on your part if you already publish your own SPF record for the domain you are using in your "From" line. Sender ID is not a very common email authentication test, but it may help in some cases to add support for it. This is done by modifying your SPF configuration to add "include:spf.mailermailer.com". That is, if your SPF record currently looks like this:
v=spf1 ip4:192.168.100.0/24 ~all
then it should be changed to look like this:
v=spf1 ip4:192.168.100.0/24 include:spf.mailermailer.com ~all
If you already publish a Sender ID record (those start with "spf2.0") then you should either remove it, ensure it does not include the "pra" setting, or modify it as above for the SPF record.
If you do not have any SPF or Sender ID records published for your domain, then there is no need to create one to use our system.
What is DKIM?
DKIM, or DomainKeys Identified Mail, is an electronic signature that is inserted into the full header of your email to identify the origin of where the campaign was sent.
A DKIM signature positively identifies that your campaign came from our servers. Due to our good reputation and various agreements with the larger ISPs, campaigns coming from us are more likely to get into your list member's inbox.
Some of the main benefits of DKIM are:
- Authenticated Emails: Campaigns are affirmatively identified as coming from our servers and will benefit from the positive reputation they have.
- Increased Deliverability: Campaigns are more likely to be delivered to the inbox rather than the spam folder.
- Staying Ahead of the Curve: Larger ISPs are heading towards requiring a DKIM signature on all incoming email. We are providing you with this feature now to avoid any issues in the future.
Our system automatically adds this signature to the full header of your campaign. There is no action you need to take for this to happen. The DKIM signature is not normally shown to a recipient, and will not alter the appearance of your campaigns in any way.
What is DMARC, and what should I do about it?
DMARC is a set of rules that allow senders and receivers to coordinate their efforts in detecting and handling fraudulent mail. Mail senders publish a policy they wish receivers to follow, and receivers send reports to senders about how much spoofed or fraudulent mail they detected and rejected. A receiver using DMARC will check both SPF and DKIM to determine who is the sender of the mail and then apply the policy published for that domain. A policy will define from where legitimate mail comes, what electronic signatures will be on it, whom to notify when mail does not match, and what to do with that mail (discard it, or deliver it normally). If there are no policies for that domain, then the mailbox provider is free to act based on whatever policy they see fit.
What should you do about DMARC?
If you're using our service with an email address from a mailbox provider that publishes a restrictive DMARC policy, then you have two choices: choose another mailbox provider, or get and use your own private domain name. If you already have your own domain name and are considering publishing a DMARC policy, be sure to include all sources of mail within your policy, including our service. Any mail we send on your behalf will never pass the DKIM test for your domain.
There really is no point in sending mail with using an address covered by the DMARC policy from a large mailbox provider, except through their own service. Virtually all subscribers on your list will bounce the mail due to the wide adoption of DMARC by receivers. Our service will automatically detect if your sending address will cause your mailing to fail, and warn you of the policy issue. Then, we'll employ evasive actions including substituting your sending address for one of our own and setting the reply-to address to your address.