You might have heard people talk about domain authentication when they are setting up their email marketing accounts, but you might not know what it means. With ISP’s changing the way that emails display in subscribers’ inboxes, it’s important to do everything you can to ensure that your email gets delivered in the way you want it to.
What is an authenticated email?
Let’s unpack the email delivery process a bit so you understand how it works. When a mail server receives an email it looks at the mail and asks the following questions:
- Is this mail from the email address it says it’s from?
- How can I check that it is?
- What do I do if I can’t verify that the email is authentic?
The next thing a mail server does is to look at the sending reputation of the associated sending domain and IP. This reputation is made up of content, previous engagements that were made for sends, and other factors that ensure your email gets successfully delivered to the inbox you are trying to deliver it to.
If you have successfully authenticated your email, it means that the receiving mail server was able to check the relevant SPF (Sending Policy Framework) as well as the DKIM (DomainKeys Identified Mail) key associated with your specific email and sending domain. In essence, being able to verify that you are sending an email from the email address you are sending from legitimately.
If you verify your domain successfully you can improve the success of your campaigns and improve your email deliverability.
Let’s unpack DNS, SPF and DKIM?
Domain Name System (DNS)
Ever used a phone book? You should look at your DNS settings as your specific details in the phone book that helps the internet organise and identify your email. DNS stands for Domain Name System, you could also liken this to the Dewey Decimal library system.
When you look up a certain business in the phone book you use the business name, which gives you the business phone number. When you look up a business on the internet, you use a URL which is associated with an IP address. The IP address tells a mailing server where your website is stored.
Sender Policy Framework (SPF)
Your SPF record is the mechanism that is used by a receiving domain to check whether an email comes from an authorised sending IP that is allowed to send emails from their domain.
With an SPF record in place, email servers can ensure that send-from addresses are not forged or fraudulently used.
DomainKeys Identified Mail (DKIM)
DKIM as an authentication method adds a type of digital signature to your emails. This encrypted signature will automatically be added to any of the campaigns you send and will combat abuse that may occur. It also greatly improves deliverability.
Implementing DKIM authentication is usually left to the developer, webmaster or hosting provider of your website. The reason why is because you need to have access to your website’s DNS records (remember above) to be able to implement this. It sounds super complicated and the mechanics behind DKIM are, but the implementation of DKIM authentication is pretty simple.
Once you place DKIM in the right place in your DNS records, your emails are more likely to reach your subscribers inbox. You will also be protecting yourself against phishing attempts as well as spam.
To not go into too much detail about how it technically works, all you need to really know is:
- Once you’ve added this, you’ll have a unique signature added to your header when you send campaigns with a hash string based on your campaign elements in the specific campaign.
- This unique encrypted signature gets decrypted by receiving servers using the key in your DNS records and generates a new hash string based on the same elements in your campaigns.
- These decrypted signatures then will match to successfully pass DKIM authentication.
It all sounds super “techie” but trust us, this is a must when you want to improve your email campaign performance.
Here’s a step-by-step guide on how to verify your domain.