If you’re seeing low or declining deliverability rates, chances are your sender reputation isn’t exactly up to snuff. There’s a ton of factors that ISPs check when determining sender reputation, and one important aspect is the sender’s email authentication setup. This needs to be a critical area of focus in your email deliverability best practices.
Email authentication helps ISPs prevent forged emails from reaching their users’ accounts. In other words, it’s a way to prove that an email you sent really comes from you (not some sender pretending to be you). From this, it’s easy to see why your email deliverability best practices should also include sender authentication.
How Email Authentication Works
Email authentication allows ISPs to properly identify the authenticity of emails their users receive. When a receiving server gets an incoming mail, it verifies whether the message really did come from the sender. To do this, it checks for specific pieces of information in your email and DNS records.
According to SparkPost, the email authentication process varies from approach to approach but typically consists of the following steps:
- A business or organization that sends emails establishes a set of authentication policies.
- The email sender configures its mail servers to publish and implement these policies.
- The receiving server authenticates an incoming email by referring to the sender’s policies.
- The receiving server accepts, flags, or blocks the incoming email based on the results of step 3.
In the next section, we’ll go into steps 1 and 2 in greater detail, plus outline the specific ways to set up email authentication.
How to Set Up Email Authentication
We’ve seen that email authentication affects sender reputation which, in turn, impacts email deliverability. To set up authentication for your email marketing program, follow these quick steps:
Step 1: Use SPF and DKIM authentication
Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) are authentication protocols stored in the sender’s DNS records. These contain the “pieces of information” we briefly mentioned earlier that ISPs use to check an email’s authenticity.
Simply put, SPF and DKIM prevent the bad guys from impersonating you as the sender. The details can get a little hairy, but the important thing to keep in mind is that without SPF and DKIM, there’s no way for ISPs to be sure it’s really you who’s sending the email.
Step 2: Record all your sending IPs
The sending IP address is the numeric label that uniquely identifies every sending source you use. It serves as the passageway through which emails are sent to your recipients. You need to let ISPs know all the sending IP you use (including those of your email service provider).
This is achieved through what’s called a reverse DNS record. Reverse DNS records do the opposite of what normal DNS records do; they return the name associated with a given IP address. Without a valid reverse DNS record, many ISPs will block your emails.
Step 3: Put it all together
Reverse DNS records, SPF, and DKIM are the three basic DNS entries to help ISPs authenticate your emails. Once you’ve already set all of these up, here’s how to put them into action:
- Create your authentication record on SPF and DKIM, then publish them
- Configure your mail server to sign outgoing mail with DKIM
- Test your DKIM, SPF, and reverse DNS records
Step 4: Use a genuine, personal From name
The final step doesn’t involve anything fancy, but is arguably the most important one. Make sure that your emails’ From line contains an authentic name of a person. Avoid departmental or role-based addresses like firstname.lastname@example.org. You want to build a personal relationship, so it pays to start connecting on a personal level.
Now start building your sender reputation with these email deliverability best practices in mind. The main takeaway is that being authentic doesn’t end with email verification protocols. It’s all about building a long-term relationship with recipients.