Email Authentication Series: Episode 1 – AN INTRODUCTION AND GLOSSARY – Zap Knowledgebase
Skip to content

Email Authentication Series: Episode 1 – AN INTRODUCTION AND GLOSSARY

3 min read

To improve your sender reputation, you should consider authenticating your email domain.

This might sound complicated, and there are a few moving parts to keep track of. But, as always, we’re here to guide you through. 

Authentication is worth your time. It improves your email deliverability which is crucial to your campaigns’ success.

1. What does ’email authentication’ mean?⚡️ #

Email authentication is the process of verifying your email domain. 

Think of it as the tick beside a celebrity’s name on social media. It helps viewers to know they’re dealing with the real person, and not a spoof account.

2. Who does it benefit?⚡️ #

Authentication proves your domain identity to both email service providers, and recipients.

An email from an un-authenticated domain is more likely to:

  • Never reach your customers at all, and get flagged by spam filters
  • Have poor Click-Through and Conversion rates, due to customers’ lack of trust

3. The basics⚡️ #

There are three authentication processes you can use.

  1. SPF (Sender Policy Framework) – to prevent unauthorised senders from spoofing your domain
  2. DKIM (Domain Keys Identified Mail) – gives your emails an encoded signature, to verify it upon arrival
  3. DMARC (Domain-Based Message Authentication, Reporting, Conformance) – to instruct domain owners on how to handle unauthenticated emails. DMARC generates reports on authentication results, too

The process of sending and receiving an email looks like this:

  1. A business writes an email
  2. They click ‘send.’ Their mail server (Outlook/Gmail etc) inserts a DKIM header
  3. The email arrives in the recipient’s inbox.
  4. Provided the recipient has SPF, DKIM, and DMARC in place, authentication then happens:
    • The server retrieves DKIM information to see if the content is legitimate
    • The server checks the SPF records to see if it’s a valid sender
    • The server applies the relevant DMARC policy: Pass (email is allowed in), Quarantine, or Reject (it is flagged or it bounces)

You’ll see, then, that all three methods work together to keep your emails safe. That means you need to employ all three methods to authenticate your email.

A table explaining the purpose, action, and method of SPF vs DKIM vs DMARC. It summarises that they all work best when utilised together.

4. A glossary #

To get started, it’s helpful to understand some of the key terms involved in authentication.

  • SPF – No, not suncream… Although, like suncream, ‘SPF’ provides a layer of protection. It stands for ‘Sender Policy Framework’. SPF authorises the host that the sender uses, so recipients can be sure messages come from a legitimate source. This prevents unauthorised senders from spoofing your domain to phish, or scam customers.
  • DKIM – ‘Domain Keys Identified Mail’ uses cryptographic (encoded) signatures to verify emails. This ensures emails are not altered in transit.
  • DMARC – This stands for Domain-Based Message Authentication, Reporting, Conformance’. It functions as a set of rules for domain owners, so that they can publish policies on how to handle emails that fail authentication. It will generate reports on authentication results, on an ongoing basis.
  • TXT Record – Or ‘Text Record’. Found in the settings of your domain provider, this is the catalogue of SPF, DMARC, and DKIM codes that your system saves. Basically, it forms the set of instructions for providers and recipients. These systems then know what to look out for, what to allow, and what to filter out.
  • DNS- ‘Domain Name Servers’ are responsible for translating domain names into IP addresses. It’s the internet’s directory.
  • IP Address – An ‘Internet Protocol Address’ is the unique, identifying number assigned to every device which uses the internet. It allows the internet and the device to communicate.
  • Domain Registrar is the place you bought your domain name from. For example, GoDaddy, Google Domains etc. 
  • Domain Name: the address of a website or email. For example, zap.co.uk
  • Email Delivery host – the platform that sends the email for you. For example, Klaviyo, MailChimp etc. Sometimes referred to as ESP – ‘Email Service Provider’.
  • MX Records- ‘Mail Exchanger Records’ are the addresses of the servers which send emails on behalf of your domain.
  • Email Spoofing – sending messages with a fake sender address, as a form of spam, or harvesting personal data for later use.
  • IPV4 – ‘Internet Protocol Version 4’ is a version of IP Address which uses a 32-bit address space
  • IPV6 – ‘Internet Protocol Version 6’ is gradually replacing IPV4. It uses 128-bit addresses, so it can provide more addresses than IPV4.

    You can determine if an IP Address is version 4 or version 6 by looking at its format. If it has four sets of numbers separated by full-stops (192.168.1.1) it’s IPV4. Eight groups, separated by colons, means IPV6.

Make sense so far?  #

Good news! This article forms part one of a four-part series to break down this process for you. So, plenty more where that came from…

If you’re curious about the whys and the how-to’s of email authentication, and want to know which methods to use, we recommend reading up on: 

Email Authentication Series: Episode 1 – SPF

What is domain credibility?

How to improve email deliverability

These articles provide a great starting point, but if you want to talk to us, we’re always on hand. Send us a message; we’d be zappy to help!

What are your Feelings

  • Happy
  • Normal
  • Sad

Pavilion 2, Finnieston Business Park, Minerva Way
Glasgow, G3 8AU

© Think Zap Limited 2009-2024
Registered in Scotland: SC509259 | VAT Reg Number: 270887176