Email Authentication Just Got More Crucial: Here’s Why

With any email campaign, your goal is to reach your customer’s inbox with great content that resonates. But first you have to make sure your emails are actually reaching all those customers — and email authentication is a key step to make that happen. Soon, major mailbox providers (MBPs) Gmail and Yahoo are strengthening their domain authentication requirements. Here’s how you can prepare today.

Partnering with an email service provider (ESP) is the first step toward sending emails to a large list, but it’s not a guaranteed path to the inbox. 

A large part of reaching the inbox is authenticating your email domain. Email authentication acts as a “signature” that proves to MBPs that you are a legitimate sender who should be allowed into a person’s inbox. It can make or break your campaign.

Let’s take a deeper look at email authentication and the techniques to do it right. These best practices will be especially important as Gmail and Yahoo roll out new guidelines this February for accounts sending more than 5,000 messages a day. 

What is email authentication and why is it important?

Email authentication is a set of techniques that provide verifiable information about the origin of email messages. Authenticating your domain helps identify you as a trusted sender and proves that you are who you say you are. This allows spam filterers, MBPs, and reputation providers to attach and track the reputation of your mail. 

If a criminal spoofs your sending domain, proper authentication will help prevent their spoof email from reaching a subscriber’s inbox and negatively impacting your reputation. 

“Your first step toward maximizing your ROI is to successfully land an email in a user’s inbox for them to engage with,” said Tim Kauble, senior director of deliverability & compliance operations at Salesforce. “Properly authenticating your company’s emails not only establishes the authenticity of your messaging, it also boosts chances for follow-on engagement — and subsequent ROI — by fostering a higher degree of trust between you and the mailbox providers.”  

3 techniques for email authentication

Want to protect your reputation as a sender — and make sure Gmail and Yahoo will deliver your messages? Follow these best practices so your brand will see improved inbox placement for campaigns and be protected from sending spam to your customers.

1. Sender Policy Framework (SPF): This is a text record in the Domain Name System (DNS) that contains a list of IP addresses allowed to send mail on behalf of your domain name. Think of it as an “approved sender” list for your domain.
2. DomainKeys Identified Mail (DKIM): This cryptographic-based signature is added to messages using a public and private key pairing. This method allows the server sending your message to add verification in the header that your company was the legitimate sender of the message.
3. Domain-based Message Authentication, Reporting & Conformance (DMARC): This is a DNS record that allows the domain owner to set usage “policy” regarding how unauthenticated mail is treated. Messages that don’t pass SPF and DKIM checks never reach subscriber inboxes. This helps to protect your brand.

Email authentication ultimately can’t stop a criminal from spoofing your company/domain, but it does make it harder to do. Using these three best practices together gives you the best chance to have legitimate email reach the subscriber’s inbox.

How to prepare for Gmail and Yahoo’s new email authentication requirements

These email authentication methods have been best practices for years, with DMARC being the most recently introduced in 2012. So why are we talking about them now? Starting February 1, Gmail and Yahoo will require all three to be in place as part of their email sender guidelines for anyone sending more than 5,000 messages a day. 

Now is the time to review your setup by taking stock of all your sending domains and ensure they’re fully compliant.

Marketing Cloud Engagement offers the Sender Authentication Package (SAP), which includes full authentication of the sending domain. You can review the domains configured to your account in the application through your Admin menu by clicking on Account Settings and then From Address Management. 

If you want to test a domain to ensure it’s passing authentication checks, consider a tool like mail-tester.com or mailgenius.com. Note that registered domains in From Address Management are likely not authenticated properly. This feature only allows a domain owner to prove they own the domain in question. Only domains configured via a product purchase will be properly authenticated for use in Marketing Cloud Engagement.

Domains configured in older stacks may not have DMARC in place by default. Marketing Cloud Engagement can suggest a simple DMARC record, but to conduct a full review of your mail stream and implement a reject policy, you’ll need to use a third-party vendor such as dmarcian.com or www.agari.com.

3 do’s and don’ts for email authentication

Before we let you get back to creating another great email campaign, we’ll leave you with three quick do’s and don’ts for email authentication:

Do: 

• Fully authenticate with SPF, DKIM & DMARC.
• Review your current domains and test.
• Factor in time for domain setup and warming before sending mass communications.

Don’t: 

• Assume things are fine because your mail has good open/click rates.
• Use registered domains, as this does not mean authentication is in place – it only proves your company owns the domain.
• Wait until February to review your domains. From Gmail: “If you don’t meet the requirements described in this article, your email might not be delivered as expected, or might be marked as spam.”

Email authentication should be front and center when you’re planning your next campaigns. While it’s always important to do regular reviews of your configuration, these joint announcements from Gmail and Yahoo bring urgency to deliverability lifecycle best practices. Make sure your company is positioned to maximize success — and minimize spam filters.