Authenticating you sending domains is crucial in todays email sending landscape. Due to the escalating threaths from Phishing, spoofing, viruses sent via emails, all email providers like Gmail, Hotmail, Yahoo etc will scan you email sendings for these certifications which are made via the sending domains DNS settings.
Email authentication refers to a series of standards available to publish and verify the origin of your emails approved by your organization. The basic standards used today is:
Sender Policy Framework (SPF) SPF record validates that the emails appearing from a particular domain in your “Mail from” are sent from IPs that are authorized by the owner of the domain. You need to publish your delivery IPs to your DNS records to have a valid SPF record.
Typical a SPF record could look like this one for sending with a mySMTP dedicated server:
v=spf1 mx a include:web.shared.mysmtp.com ~all
The record is inserted a TXT in the domain DNS panel. The hostname is typical “@” and if you send out using a subdomain like mail.domain.com, the hostname must be “mail” and each subdomain must have its own SPF record to be validated.
The max lookups for a SPF record is 10. Also only 1 universal SPF is allowed for the sending domain and same for subdomains.
Meaning Domain Key Identified Mail (DKIM) The message is encrypted with a digital signature using a private key while the email is sent from sender to receiver. This lets Email Service Providers verify whether the message was changed or tampered with during the transit. The public key used to verify the signature needs to be published in your DNS records and will be part of the email header.
A DKIM record typical looks like this
default._domainkey.mysmtp.com is placed in the DNS TXT field as HOST
The key could look like this:
v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5aWQC8ERQGFgWfpVDSXkJpgony6XhUJxWn8nHLXxSlttfr8jT5XTMfymHZZHlk0CuIZjUFOUYFEkygM146Yw2S4LRNWB9vrr6W9/Rw34HNRPM/Q/sb42LE3amtVVMBYSwlkaFEhiG8TIg3NEednyqyzvaZjP+wdd14L7I/tb+/QIDAQAB
You are able to generate keys for the sending domains via the dedicated mySMTP server dashboard
Meaning Domain-based messaging, authentication, reporting, and conformance (DMARC)
DMARC record provides you with reporting on your sending domain’s authentication and delivery status. DMARC requests that a mailbox provider take specific action when an email fails both SPF and DKIM validation. But only one needs to be successful for DMARC to be passed.
v=DMARC1; p=quarantine; rua=mailto:firstname.lastname@example.org
The DMARC record is also inserted in the sending domains DNS panel as a TXT record
We always want to “force” the usage and validity of these records before any emails are sent. It really makes no sense if not active. Your campaigns will fail and in best case just go to the junk folder with zero engagement. Your valuable data will suffer and quickly degrade in quality.
For more in depth information about domain certifications and test tools, please visit DMARCIAN the no#1 ressource for these implementations.