Support CenterEssential Email Authentication Protocols

Essential Email Authentication Protocols

January 2024

What are Essential email authentication protocols?

SPF (Sender Policy Framework)

Technical definition: SPF authenticates which servers are enabled to send emails out with your domain credential.

Explanation for humans: SPF is a security guard for your emails. Imagine you have a friend who wants to send you an email. SPF helps you make sure that the email is really from your friend and not from someone pretending to be them.

DKIM (DomainKeys Identified Mail)

Technical definition: DKIM is a digital signature which enables your recipients' server to authenticate your email campaigns.

Explanation for humans: When you receive an email from a known sender (your 'friend'), you want to know the email they sent you hasn't been altered in any way after it was sent.

So your friend creates a lock that they make available to everyone and attaches a digital signature to the email, which functions a bit like a key for that lock.

When your email system receives the email, it checks to see if the digital signature fits the lock. If the email has been altered after it was sent, the signature won't fit the lock anymore. If the signature successfully opens the lock, it means the email is authentic, and its content has not been altered.

DMARC (Domain-based Message Authentication, Reporting & Conformance)

Technical definition: DMARC adds an additional layer of protection and authentication onto the two protocols above. DMARC informs recipients' servers on what to do if an email fails SPF and/or DKIM checks.

Explanation for humans: DMARC is like your friend giving you a set of rules for how they want their emails to be handled. It's as if your friend is saying, "If you get an email from me, it should have a valid signature (DKIM) or come from an approved location (SPF)."

DMARC provides instructions on what to do if an email doesn't meet these rules. It's like your friend saying, "If you get an email claiming to be from me but doesn't have my signature (DKIM) or isn't sent from an approved place (SPF), it might be suspicious. Here's what you should do with it."

Who configures what?

  • SPF is automatically created and managed by EcoSend.
  • DKIM is automatically created and managed by EcoSend.
  • ⚠️ DMARC is not automatically created for you by EcoSend.

With the changes Gmail & Yahoo introduced in 2024, if you are using a custom domain, or send a high-volume of emails per day, you will need to set-up a DMARC authentication.

How do I set up DMARC authentication?

1. Define your DMARC policy

Your chosen policy level defines how your recipients' server should manage emails which fail SPF and/or DKIM. The policy options are:

  • none
  • quarantine
  • reject

Selecting none means no action will be taken, aside from collecting the data in a report. quarantine means unauthenticated emails will be diverted to your recipients' Spam/Junk folders. Selecting reject will block the emails.

As a general best practice, we recommend starting with p=none and monitoring reports to ensure your SPF & DKIM setup is working correctly before enforcing a stricter policy.

2. Define your policy's percentage

Your DMARC policy's percentage defines how much of your domain's email traffic will follow the DMARC policy you have set above. This is useful for your intial setup to ensure you have settings set up correctly prior to rolling out for all recipiets.

3. Create your DMARC record in the TXT field of your DNS settings

You can create a variation on the below, substituting dmarc-report@example.com for your own email address to receive reports. Consider using a service such as PostMark's free DMARC reporting tool to receive the raw emails and process them into a nicely-formatted report.

v=DMARC1; p=none; pct=100; rua=mailto:dmarc-report@example.com; ruf=mailto:dmarc-report@example.com

Once you've entered your chosen values into the TXT field of your DNS, save and publish your DNS records, and congratulations, you've created your DMARC record! 🎉

Continue to monitor your reports over time, and adjust your policy accordingly, to optimise your email deliverability and security.

For further information, you can learn more about the policies of Yahoo and Google for regarding DMARC setup.

Ready to grow with purpose?

Start sending smarter campaigns that build your brand and the planet.

Designed for mission-led brands • Good for your growth and your impact • Risk-free to try

👉 Get Started Free