Email Authentication – Key to Getting Your Emails Delivered

Email Authentication - Key to Getting Your Emails DeliveredIn last month’s feature, I discussed what you need to know about email deliverability, including the importance of Internet Protocol (IP) addresses, domains, and your email reputation. This month, I delve a little deeper into the deliverability issue by talking about email authentication – specifically Sender Policy Framework (SPF), Sender ID, and DomainKeys Identified Mail (DKIM). These email authentication standards are key to ensuring your emails get delivered to subscribers’ inboxes and, ultimately, driving higher conversion rates.

Why Is Email Authentication So Important?

If an email says it’s from a certain organization, how can you be sure it’s actually from that organization? That’s basically what email authentication is all about – verifying that the domain used in the from address is under the control of the sender. By employing email authentication protocols, ISPs help to protect email users from phishing scams and spammers. When an ISP can’t authenticate a sender, the sender may face extra scrutiny that could lead to filtering. In this way, email authentication is an important tool for marketers because it directly impacts email deliverability.

Email Authentication Methods That Can Help Your Marketing Messages Reach Subscribers’ Inboxes

The following are the primary authentication methods used today:

  1. Sender Policy Framework (SPF)SPF
    This authentication method verifies the envelope of the email, specifically the HELO identity (the mail server that is sending the message) and the MAIL FROM identity (the email address that is responsible for sending the message). So when your organization sends an email, your recipient’s mail server will evaluate your sending IP address in the public Domain Name System (DNS) to be sure it is allowed to send the email on behalf of the sender. AOL, Gmail, and many others are known to use SPF when checking authentication.

    For more information about SPF – including SPF record syntax details and a test suite for SPF implementation – visit the Sender Policy Framework Project Overview website.

  2. Sender IDSenderID
    Similar to SPF, Sender ID verifies the email sender’s IP address against the alleged owner of the sending domain. The difference is that Sender ID uses an algorithm, called Purported Responsible Address (PRA), to examine the message content of email by specifically focusing on the from address your recipients see.

    Developed by Microsoft, Sender ID was not ultimately widely adopted, and, at this point, Microsoft took down their web relating to Sender ID. So, one can make the assumption that Sender ID is now obsolete, although it is still used by some ISPs. So, if you do set up Sender ID, you should ensure that it is set up correctly.

    For more information about the technical aspects of Sender ID, check out Unlock the Inbox.

  3. DomainKeys Identified Mail (DKIM)DomainKeys
    With DKIM, two corresponding “keys” are created – one that is public, stored in the DNS as text, as well as a private key that is accessible just to the email server. So every time an email campaign is sent, a private key is included in the email message headers. When ISPs receive the email message in their servers, they can verify the public and private headers. This information is used to verify not only the sender, but also that the email message was not changed in transit. Yahoo, AOL and Gmail are known to use DKIM when checking authentication. In addition, Hotmail also uses DKIM, but typically only when Sender ID fails.

    For the DKIM authentication method, DomainKeys technology is combined with Identified Internet Mail (IIM). DomainKeys verifies the domain of the email sender by encrypting the email header and replacing it with a hash value. The receiving site also encrypts the email and compares the hash values to be sure they match. Using public key cryptography, email senders add a domain name and signature to their messages. The signature is verified at the receiving end by using the DNS.For more information about implementing DKIM, visit

Make Email Authentication Part of Your Email-Marketing Best Practices

To get the best email deliverability rates, you should be implementing every email authentication standard available. Keep in mind that not all ISPs use the same email authentication tools.

If you’re looking for ways to improve your email deliverability – including evaluating and implementing email authentication standards – the experts at FulcrumTech can help. Email or give us a call at 215-489-9336 and get started today.

Leave a Comment

  • (will not be published)

Sign Up for NewsLever

Our free, monthly email newsletter

NewsLever is our free, monthly e-newsletter for B2B and B2C professionals who want to develop and implement powerful email campaigns that build relationships with prospects and customers.

  • This field is for validation purposes and should be left unchanged.

Privacy Policy|Learn More|Current Issue