Authenticating you sending domains is crucial in todays email sending landscape.  Due to the escalating threaths from Phishing, spoofing, viruses  sent via emails, all email providers like Gmail, Hotmail, Yahoo etc will scan you email sendings for these certifications which are made via the sending domains DNS settings.

Email authentication refers to a series of standards available to publish and verify the origin of your emails approved by your organization. The basic standards used today is:

Sender Policy Framework (SPF) SPF record validates that the emails appearing from a particular domain in your “Mail from” are sent from IPs that are authorized by the owner of the domain. You need to publish your delivery IPs to your DNS records to have a valid SPF record.
Typical a SPF record could look like this one for sending with a mySMTP dedicated server:

v=spf1 mx a include:web.shared.mysmtp.com ~all

The record is inserted a TXT in the domain DNS panel. The hostname is typical “@” and if you send out using a subdomain like mail.domain.com, the hostname must be “mail” and each subdomain must have its own SPF record to be validated.
The max lookups for a SPF record is 10. Also only 1 universal SPF is allowed for the sending domain and same for subdomains.

Meaning  Domain Key Identified Mail (DKIM) The message is encrypted with a digital signature using a private key while the email is sent from sender to receiver. This lets Email Service Providers verify whether the message was changed or tampered with during the transit. The public key used to verify the signature needs to be published in your DNS records and will be part of the email header.
A DKIM record typical looks like this

default._domainkey.mysmtp.com is placed in the DNS  TXT field as HOST
The key could look like this:

v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5aWQC8ERQGFgWfpVDSXkJpgony6XhUJxWn8nHLXxSlttfr8jT5XTMfymHZZHlk0CuIZjUFOUYFEkygM146Yw2S4LRNWB9vrr6W9/Rw34HNRPM/Q/sb42LE3amtVVMBYSwlkaFEhiG8TIg3NEednyqyzvaZjP+wdd14L7I/tb+/QIDAQAB

You are able to generate keys for the sending domains via the dedicated  mySMTP server dashboard

Meaning Domain-based messaging, authentication, reporting, and conformance (DMARC)

DMARC record provides you with reporting on your sending domain’s authentication and delivery status. DMARC requests that a mailbox provider take specific action when an email fails both SPF and DKIM validation. But only one needs to be successful for DMARC to be passed.

v=DMARC1; p=quarantine; rua=mailto:abuse@mysmtp.com

The DMARC record is also inserted in  the sending domains DNS panel as a TXT record


We always want to “force” the usage and validity of these records before any emails are sent. It really makes no sense if not active. Your campaigns will fail and in best case just go to the junk folder with zero engagement. Your valuable data will suffer and quickly degrade in quality.

For more in depth information about domain certifications and test tools, please visit DMARCIAN the no#1 ressource for these implementations.

BIMI – ny email certificering på vej

 Du kender allerede SPF, DKIM og DMARC. Nu kommer BIMI der står for Brand Indicators for Message Identification. BIMI er en en ny mekanisme der skal verificere at det brand der sender emails til dig også er det rigtige brand og ikke et spoofed eller andet scam. Det foregår ved at der vises et brand logo udfor afsenderens navn i toppen af emails i stedet for f.eks. et billede eller typisk to bogstaver som initialer. BIMI skal indsættes som en DNS TXT record, og du skal have gyldige SPF, DKIM, DMARC records for at det bliver annonceret korrekt.
Der vil selvsagt være en masse fordele ved denne certificering når den endelig bliver rullet fuldt ud. PT er det kun OATH (Yahoo, AOL, Verizon) der kan vise brand logoer med en BIMI record i indboksen. Gmail og Hotmail m.fl. bakker op, og der kan forventes en global udrulning i løbet af 2020. Som brandejer vil man have bedre styring på at logo vises grafisk korrekt og ensartet. Email modtageren vil sandsynligvis åbne flere emails når man føler sig sikker på det ikke er scam og det vil igen medføre bedre åbnings og klik rater. Fremtiden vil være no brands logo – no trust.

BIMI rimer på IBM: https://bimigroup.org