Authenticate your domain. Just. Do. It.
Authentication is the little secret ESPs don’t talk about to businesses when selling their email marketing tools. They show you a really cool jazzy email editor with fun design features. They sell a secure, well-organized CRM to save all your subscribers. But they don’t explain to you that you need a bit more than a beautiful template and a list of subscribers to get started.
Authentication needs to be implemented only once and before sending any emails or campaigns from any tool you use. When sending newsletters to your subscriber, their inbox verifies the sender to protect their clients from spoofers and spammers. Think of authentication as a formal form of identification.
What is authentication?
Authentication allows you to decide what tools are allowed to send emails with your sender email. It is a technical solution that shows the inboxes your email truly comes from you.
With just about anything that sends email on your behalf!
Why should I do this?
Authenticating your domain is important as it allows you to
- Prevent fraud and help protect your subscribers.
- Helps build your domain reputation(Read this awesome article from Pepipost to learn more).
- Most importantly helps you inbox better.
By implementing authentication measures, you are showing the inbox providers and the whole world that his email campaign was actually sent by you and not a spammer or a phisher.
Anyone can forge your identity within a newsletter using your company’s actual email address. The only difference is that theirs can’t be and will never be authenticated as they cannot access your DNS panel through your hosting provider (e.g., GoDaddy). Only people with access to their DNS panel and their real email account can send authenticated emails. So if you were to both send emails, yours will end in the inbox… and theirs won’t because they can’t authenticate the sender email.
On the flip side, unauthenticated emails can sometimes end in the inbox. This depends on a million and one variables, just like when underage people try to go into a bar without ID. They can sometimes get away with it, but most of the time, they won’t. Ensuring your emails land in the inbox is worth the 5-minute setup, don’t you think?
What type of authentication measures exist?
SparkPost defines DomainKeys Identified Mail, or DKIM, “as a technical standard that helps protect email senders and recipients from spam, spoofing, and phishing. It is a form of email authentication that allows an organization to claim responsibility for a message in a way that can be validated by the recipient.”
In other words, it verifies that an email message was not forged or altered and that you actually sent it. By implementing it, you are helping keep your subscribers safer and improve your email deliverability.
SPF is a form of email authentication that validates an email message that has been sent from an authorized mail server to detect forgery or prevent spam. In the SPF record that you get from your email tool, you will allow specific ranges of IPs to send emails on your behalf.
DMARC, which stands for Domain-based Message Authentication & Conformance, is an email authentication, policy, and, most importantly, a reporting protocol.
It allows you to control how you handle emails that are not authenticated with SPF or DKIM. You have three settings you can choose from: none, quarantine, or reject.
The first one will report back to you that an unauthenticated email was sent, but won’t affect the email’s placement. A “quarantine” policy will put an unauthenticated email in spam or junk. If you implement a “reject” policy, any unauthenticated emails will be denied by receiving inboxes.
This means you get to control what happens to unauthenticated emails to protect your brand and subscribers from fraudulent emails. All the tools you use that send emails with your domain-based email address must be authenticated before implementing stricter DMARC policies. Start with a “none” policy and take the time to review your reports and authenticate all your emails. Once you feel comfortable that you have caught everything, move towards stricter policies.
Many believe that their business is too small to worry about anyone using it to impersonate them… Unfortunately, that is not the case. The smaller the business, the least likely they are to have authentication in place. You can understand that this means it is easier to impersonate you than a business that has an army of IT magicians protecting their brand and domain. As you can see here from Matthew Vernhout’s tweet, a business was spoofed more than two thousand times in the space of two weeks. No one is safe 🥺
How do you authenticate your sender domain?
To authenticate your domain you need three things:
- A domain-based email address
- Access to your hosting provider’s DNS record
- And some badass copy-pasting skills
Most tools have a step-by-step that will help you authenticate your domain. (See below for a list of most common email tools)
If you are scared to make changes yourself within your DNS panel, you can always ask the support team of your email tool to send you the authentication entries you need and then send them to your hosting provider’s support team. They know how important it is and they will both help you get what you need to get authenticated!
Authentication is the first thing anyone starting to sending emails should do. From your inbox or an email marketing tool, authentication allows inboxes to receive your email to ensure it is actually coming from you. The most interesting and useful reason to go through “all this trouble” is that it will help your emails land in the inbox instead of the spam box.
Authentication is something I have written about quite a lot. And the whole #emailGeek community as well. A lot, a lot. If you start sending emails from your inbox or an email marketing tool, it is one of those things you just need to do. Maybe then, we won’t have to write so many articles about it anymore!
If you need help doing this, there is a free way of getting help from actual email geeks that have done this a million and 1 time!
PS: I have more to share… Obviously.
Here is a list of the most common email marketing providers and how to authenticate your domain-based email. Now before anyone panics, I ensure this is a straightforward, easy, one-time thing. If you know where to look and how to copy-paste, you are ready to go!
Here is a short video of how to authenticate your domain-based email with Mailchimp & Godaddy to give you an idea of how easy it is.