google mail page

5 Steps to Set Up Your Email Authentication Properly

Your email campaigns’ effectiveness is determined by the volume of emails you send, the relevance of its contents to the recipient, the timing, consistency, and subject line.

It is also essential that as an email marketer, you must make your campaigns secure in a way that they cannot be tampered with or impersonated for nefarious purposes.

Through email authentication, you can ensure that your customers’ messages and potential leads will receive from you are legitimate and 100% safe.

5 Steps to Set Up Your Email Authentication Properly

All of these results will ruin your email marketing experience because you won’t reach out to your customers to make sales or grow your business. But if you set up proper email authentication, your campaign recipients will be confident to open your emails.

How Does Email Authentication Work?

There are a lot of email authentication types, and the approaches vary from one another. But the general authentication setup process works like this: The business or entity that sends the email creates rules that make the emails legitimate messages from the sender’s domain.

The email sender will then configure the mail servers or email service settings they use to implement and publish these rules. After that, the mail server receiving the business emails will authenticate the messages by checking the details of the incoming message.

This is done by comparing the rules inside the email against the rules defined by the domain of who the email claims it came from.

Depending on the results of rule comparison, the receiving mail will choose to deliver (matching rules), flag (mismatched rules), or even reject the message (also mismatched rules) because it might contain malware like Chromium.

Join Our Small Business Community

Get the latest news, resources and tips to help you and your small business succeed.

How to Set-Up Your Email Authentication

1. Setup SPF Authentication

The Sender Policy Framework (SPF) authentication is a protocol that tells the email receiver’s mail server which IP addresses and email servers are authorized to send emails on behalf of your domain.

List down all the IP addresses you’ll use to send your email campaigns. List down the domains you’ll be sending emails from (if you have) as well. Create your SPF record. This is done by coding all your email-sending IP addresses and domains in TXT format.

Then, publish your SPF record to the domain name server (DNS) records and test your SPF record using an SPF check tool. This is one common step to ensure that your emails aren’t sent to the spam folder.

2. Setup DKIM Authentication

The DomainKeys Identified Mail (DKIM) is another email authentication protocol that adds a digital signature to all your emails. The signature will then be validated against a public cryptographic key in your business’s DNS records.

It is impossible to tamper with an email without changing the digital signature. Making the DKIM authentication is a great protocol to prevent phishers from inserting phishing links into your emails. But note that the DKIM authentication setup varies depending on the email marketing platform you use. Be sure to read all manuals first.

To set up a DKIM authentication protocol, generate a DKIM key pair for your email-sending domain first. The tool needed to do this depends on your operating system of choice—PUTTYGen for Windows and ssh-keygen for Linux and Mac. Add the DKIM public key to DNS settings in TXT format. Then turn on DKIM signing by saving the setting and signatures.

3. Establish DMARC

DMARC stands for Domain-based Message Authentication, Reporting, and Conformance. An email authentication protocol gives instructions to the email what happens to it (reject, ignore, block, or push-through) if the message fails to get authenticated by the email receiver’s server.

To establish a DMARC for your emails, log in to your domain’s registrar. Find the option to manage or configure DNS settings. Click it. Find and click the add new record option and choose the TXT record format. Add the host value – input is usually _dmarc.yourdomainhere.com.

Then, add value information – can be “v,” “p,” or “rua.” When you’re done, click create or save. Validate your DMARC record if it is set up correctly by running a DMARC record check. See if you have entered the correct values and syntax. If there are errors, make modifications.

4. Implement BIMI

BIMI or Brand Indicators for Message Identification is an authentication protocol that adds legitimacy to your emails on the front end.

Through BIMI implementation, your email receiver will know that the email really comes from you because your business logo is displayed right at the sender’s photo of their inbox list.

Ask your email service provider first if their services support BIMI. If they do, make sure you have implemented SPF, DKIM, and DMARC authentication on all your emails. Choose the business logo that you want to show to your campaign recipients. It must be a square image, centered, and without text.

Convert a copy of your business’s logo into an SVG format. Select the visual mark certificate if you have one and input the certificate. Skip if you don’t have one. Create a DNS TXT record that your domain can use. Publish your BIMI record to get your BIMI selector header. Then, insert or sign the BIMI-Selector header you have received into your emails.

5. Revisit Your Email Authentication Setup

Once you’re done setting up all your email authentication protocols, you’ll need to revisit them all and manually check if all values are correct and each protocol works perfectly in tandem with one another.

Expect to revisit your authentication setups in the future as well, especially if you see a sudden drop in your deliverability and engagement rates. Bugs in system changes commonly cause these issues.

Conclusion

Email authentication builds customer trust because it shows them that you value their security a lot.

This will then increase your email campaign success because your email recipients are confident enough to open the emails coming from you.

Remember never to skip the authentication setup process and learn all you can on how to do it properly.