Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents:

Table of Contents


Authentication is the method to verify that the email messages you are sending are from your business and are trusted. Authentication allows other participants like ISPs, message transfer agents (MTA), mail delivery agents (MDA), and mail user agents (MUA) to verify that an email attributed to you as a sender has been sent by you before they transfer or deliver it. There are three main types of email authentication protocols as listed below.

  • SPF
  • DKIM

About SPF

The SPF is a TXT type record you get from your ESP and put in your DNS that specifies what servers may send emails on behalf of your domain.


To the ESPs that are asking for MX records, you can use in the from address so that the reply comes to the actual inbox. The reason for setting this up is you do not face any dns overlap issues. Another reason is setting up an inbox to receive the reply address.

About DKIM

DKIM authentication seals the content of your email using a cryptographic lock referred to as a “DKIM signature.” Adding this encrypted lock to emails’ headers prevents the email from being opened by anyone who doesn’t have the corresponding key.

For detailed steps about the Domain Keys Identified Mail, visit our Ongage Blog Post: Email Authentication Protocols: What are They and Why Are They Important?


The Domain Message Authentication Reporting and Conformance protocol enables you to share authentication instructions with other mail agents and receive reports identifying unauthenticated emails being sent in your domain’s name.

For more about DMARC and how to implement, visit our Ongage Blog Post: Email Authentication Protocols: What are They and Why Are They Important?

Article Explaining DMARC Overview

Image from

How to Set Up Protocols

As Ongage is a front-end platform connecting to back-end email delivery vendors, who do the actual sending of the emails. DKIM and SPF are not set up in Ongage. Rather you need to go to your Email delivery vendor (e.g., Dyn, SparkPost, Mailgun, Amazon SES, etc.) and get the keys from them to put in your DNS. Typically those vendors have either clear instructions on how to do that, or can help you set up those.


To have a detailed view of the TXT type DNS records you can visit our blog post about Email Authentication Protocols: What are They and Why are They Important?

About DNS Services

Following are links to a variety of leading DNS services

Check DNS Verification & Propagation of your Sending Domains

Following is a great tool to check your DNS record propagation status once the record is configured for respective domains.


Resources for setting up SPF and DKIM

Articles about Email Authentication: SPF, DKIM, DMARC and BIMI

  1. Email Authentication Protocols: What Are They and Why Are They Important? (Ongage Blog: September 2020)
  2. 3 DNS Records Every Marketer Must Know (March 2017)
  3. Why DMARC Matters for Email Marketing (April 2017)
  4. What marketers need to know about DMARC (July 2016)
  5. Article Explaining DMARC Overview