October 21, 2021

Understanding Email Authentication Protocols: SPF, DKIM, and DMARC

Reading time about 13 min

Email marketing is front and center to the growth of any business today. As it stands, over 4 billion people use email globally, making email the marketing channel with the most extensive reach.

And with COVID-19 still a factor in our daily lives, consumers are using their emails more than ever. This trend explains why over 60% of consumers still prefer email communication to connect with their favorite brands.

But these emails can only lead to conversion if they reach the target consumers. If the email fails to deliver or ends up in the spam folder often, your return on investment will decrease significantly.

And this is where email deliverability comes in: you need a fool-proof authentication strategy to ensure your emails reach your consumers every time. Read on to discover what email authentication is and how your business can benefit from it.

But first, a quick reminder about email deliverability and why it’s so important.

What is Email Deliverability?

Email deliverability is a metric that determines the probability of your email arriving at the subscriber’s inbox smoothly. This metric is valuable to marketers because only emails that make it to the inbox can be opened.

Like other email marketing metrics, some measurable factors affect email deliverability, including:

  • Reputation: If your domain is trustworthy — that is, it has a high domain score — your email will fall into fewer blocklists and spam folders.
  • Email content: ISPs consider spam-ish content, non-conventional headers, and suspicious links in emails when determining the quality of your email content.
  • Authentication: The presence (or absence) of protocols like SPF, DKIM, and DMARC determine if your domain and email content are authentic. We’ll discuss these protocols in detail later.

Why care about email deliverability?

Marketers often argue that email deliverability doesn’t really matter: once you send your email, who cares what the recipient does with it, right?

Absolutely wrong! This thought process is problematic and can stagnate your company’s growth.

Let’s explore why prioritizing email deliverability is essential.

  1. Email deliverability positions your brand as a trustworthy entity by bolstering your reputation with email service providers (ESPs).
  2. Email accounts for 40% of customer acquisition ahead of social media platforms like Facebook and Twitter.
  3. You can improve customer experience and loyalty by improving email deliverability.
  4. Companies with high email deliverability enjoyed 4400% returns on investment over the past year.

If you don’t know how to authenticate your email, let’s take you through the process starting from the definition.

What is Email Authentication?

Email authentication refers to the process of verifying your domain and email addresses before you can send email content through an ESP. When an email passes this verification process, it becomes authenticated.

In the past, businesses could buy email lists and send generic email content to random people — which led to massive spam cases. 

To curb spam content in emails, anti-spam agencies and top companies — like the Anti-Spam Research Group (ASRG) and Yahoo — pooled resources to develop email authentication protocols. 

As a result, they developed several authentication methods to protect users and businesses from harmful content. 

Email Authentication Methods Explained

The standard SMTP (Simple Mail Transfer Protocol) server only receives and sends emails without any authentication. So, these SMTP servers need extra authentication standards to boost the security of mail transfers.

In the early days, the Internet Engineering Task Force (IETF) served as the Rangers to the Wild West of the internet by introducing email protocols to prevent spam. 

Through their research and persistent efforts, we have come to enjoy the following email authentication methods:


SPF (Sender Policy Framework) is a record that tells the receiving server that the sender’s IP address and domain are authenticated. 

Graphic detailing the SPF authentication process

Source: Rejoiner

The SPF record that the server receives contains DNS TXT records linked to a specific domain (or range of addresses belonging to the same network).  

SPF came into existence in the early 2000s, making it the first widely recognized email authentication protocol.

Today, email senders without valid SPF records often go through a stringent secondary verification to determine their authenticity. And most of them end up in the spam folder.

Although SPF authentication can suffice sometimes, it doesn’t offer full protection from spoofing and other malicious email activity. You still need to update the records when you change ISPs.


DKIM (DomainKeys Identified Mail) uses OpenDKIM to generate encrypted tokens required for validating the sending address on the recipient’s server. 

DKIM relies on two encryption keys — one public and one private — to determine if the original content has not changed during transmission. 

Graphic detailing the DKIM authentication process

Source: Rejoiner 

The private key is accessible only to the domain’s owner and serves as a unique signature to verify the authenticity of outgoing messages.

Although DKIM provides a more secure protocol than SPF, they both work better together to protect the email sender and receiver. Consider them the ‘two-factor verification’ equivalent for email authentication.


As the name suggests, DMARC (Domain-based Message Authentication, Reporting & Conformance) is an authentication process that verifies the message source and generates reports about its conformance to rules. 

Graphic detailing the DMARC authentication process

Source: B2C

DMARC functions in conjunction with SPF or DKIM to process requests sent to the receiving server. These requests inform the server of the action to take if the source domain is not authenticated. The DNS record for DMARC actions can be expressed as the following p-actions:

  • p=none — The receiving server does nothing.
  • p=reject — the receiving server rejects any mail that fails the authentication (SPF or DKIM).
  • p=quarantine — the receiving server flags the unverified email for suspicious content and sends it to the spam folder.
  • v — the receiving server checks DMARC.
Graphic detailing the DMARC authentication process

Source: B2C

You can also configure DMARC to send feedback records containing information about authentication status to your preferred email address. The data from these constant updates helps you monitor your domain and prevent spoofing.

How Does Email Authentication Work?

The working principle of any authentication method varies, but in general, authentication follows a standard process. 

  1. The authentication protocol verifies the domain and the sending address.
  2. The domain owner adds the encryption keys and records to the DNS records.
  3. The receiving server authenticates incoming messages based on the unique private key.
  4. The receiving server decides to send, reject, or quarantine the message.

See this article for information about verifying a domain on Sendinblue.

Why You Should Always Start with Authentication 

From the issues discussed above, authentication sounds like a complicated process. So, why should your business spend time and resources to authenticate your domain and email address?

Prevents phishing

Your company’s emails go through SMTP Servers before they arrive at the recipient’s inbox. However, these servers are prone to attacks from malicious actors. One option is to set up a fake SMTP server to review and test your email campaigns before running them.

Graphic detailing how DMARC helps prevent phishing

Source: B2C

Unfortunately, a phisher can mimic your domain or email address using advanced mail servers to bypass standard checks. 

But without the private key from the DMARC protocol, they cannot access the recipient server, which means the message will not be delivered.

Eventually, you can access the report to blocklist these malicious emails and protect your IP address.

Deters scammers

Scammers can pose as your company to defraud your customers or spread false information. 

According to the FBI’s Internet Crime Complaint Center (IC3), there were nearly 800,000 online fraud cases, leading to financial losses of over $4.2 billion. And these were only the reported cases!

But how can you protect consumers from these scams?

Only email service providers that send authenticated emails to users. You should also make your PTR record available to the mail provider to verify your brand’s identity (as is the case for Sendinblue users on dedicated IPs).

By doing so, the receiving email server will flag incoming emails that don’t match your PTR record (and encryption keys) and keep them out of your consumers’ inboxes.

Boosts your brand reputation

Email authentication verifies your brand’s domain name and email address, thereby promoting them as reputable entities. With authentication protocols like DMARC in place, your consumers won’t receive phishing emails from ‘you’. As a result, they will view your brand as legit. 

Since every company relies on reputation to boost sales, you need to authenticate your email to validate your online presence.

Sets apart your brand

Figures from Oberlo show that 90% of marketers use email. These figures signify that the competition for consumers’ inboxes is fierce — and you don’t want to end up in the spam folder. 

Infographic: 9 of 10 marketers use email marketing to distribute content organically.

Source: Oberlo

Therefore, email authentication can distinguish your brand from the ‘crowd’ and boost your reputation further.

Improves email deliverability

And it all comes down to this: deliverability

If you want your email to get to recipients without any hitch, you need email authentication protocols. Besides, ISPs and inbox providers gather reports about your email engagement and delivery — which they factor in when determining your brand reputation and domain score.

How to improve email deliverability

Now that you have discovered why you need to improve your brand’s email deliverability let’s explore ways to do it.

1. Optimize for mobile

According to Brafton, over 75% of consumers will not read your email if it is not mobile-friendly. Besides, over 40% of internet users browse the web using their smartphones. 

Poll results showing that email users frequently check emails on mobile devices.  Source: email monday.

Source: EmailMonday

So, optimizing your emails’ mobile experience makes the content more deliverable and attracts the right attention from customers.

2. Clean your email list

Users often subscribe to your newsletter, which expresses permission to send them emails. Although these permissions are valid, inactive emails can harm your email deliverability. ESPs use spam traps to detect spammers. And if you don’t declutter your email list, you can fall into these traps.

3. Fine-tune the content

In the past, spammers used images to skate past text-based authentication protocols and spam filters. Coincidentally (and unfortunately), consumers digest visual information better than text.

And this presents a dilemma: should images accompany the text in email content?

If you want your email to reach more people, use images to ONLY supplement your email text. This way, spam filters (and consumers) will accept your email message.

4. Provide unsubscribe options

Sometimes, people get tired of receiving your newsletter. This is normal: you should give your consumers an option to unsubscribe without any hassle. 

If you don’t include the “Unsubscribe” option in the email body, your consumers might end up blocking your email address. As a result, your email deliverability score will plummet.

5. Use double opt-in

Users often sign up for newsletters without confirming their emails. So, you need a second layer of verification to filter out these opt-in emails. This approach helps you segment and filter the mailing list.

6. Avoid short URLs

Using URL shorteners is a major red flag in email marketing: it signifies that you are trying to hide something. Not only that, scammers are notorious for using shortened URLs to mask their actual domain.

So, use hyperlinked texts to include links to your email content. And if you must share the entire link, leave the original URL.

7. Personalize the text

Every email you send should contain personalized messages and clear CTA messages. Use a familiar conversational tone that resonates with the readers in the email content. By maintaining a consistent writing style, you also improve your email deliverability.

8. Authenticate your email

Sending confirmation emails from an unverified account harms your email deliverability. So, ensure to authenticate your email according to GDPR standards and other local internet protocols. 

Email Deliverability Starts with Authentication

With a better understanding of email deliverability and authentication, you should have all the information you need to configure successful email campaigns. 

Use authentication methods like SPF, DKIM, and DMARC to boost your email deliverability. Verify your domain names and DNS records to position your brand as reputable to mail service providers. 

Also, don’t forget the human factor. Use genuine subject lines and CTA messages in your email to increase engagement. Filter your email list to get rid of spam traps. And most importantly, update your authentication standards and study the feedback reports.

Till next time!

Andriy Zapisotskyi is a Growth Marketing Lead at Mailtrap, a product that helps people inspect and debug emails before sending them to real users. He has over 5 years of experience in the field of marketing & product.

Ready to find your marketing zen?

Take the stress out of your work day with a solution that’s built for you!

Get started free