Table of Contents:
Authentication is the method to verify that the email messages you are sending are from your business and are trusted. Authentication allows other participants like ISPs, message transfer agents (MTA), mail delivery agents (MDA), and mail user agents (MUA) to verify that an email attributed to you as a sender has been sent by you before they transfer or deliver it. There are three main types of email authentication protocols as listed below.
The SPF is a TXT type record you get from your ESP and put in your DNS that specifies what servers may send emails on behalf of your domain.
For a detailed article about the SPF authentication implementation of SPF, see our Ongage Blog Post: Email Authentication Protocols: What are They and Why Are They Important?
Ongage Best Practice Regarding SPF Records With Multiple ESPs
Ongage recommends using different sending domains for different ESPs, for a variety of reasons, one of them being that the reputation of 1 ESP account will affect the reputation of the other ESP account.
Having said that, it is possible to merge 2 SPF records into one. So if you take the SPF record rule from one ESP and another SPF rule from another ESP, the two rules can be merged into 1 SPF record, so that you can use the same sending domain for both ESPs from Ongage, but as noted above this is not recommended.
Ongage Best Practice about using sub domains
To the ESPs that are asking for MX records, you can use email@example.com in the from address so that the reply comes to the actual inbox. The reason for setting this up is you do not face any dns overlap issues. Another reason is setting up an inbox to receive the reply address.
DKIM authentication seals the content of your email using a cryptographic lock referred to as a “DKIM signature.” Adding this encrypted lock to emails’ headers prevents the email from being opened by anyone who doesn’t have the corresponding key.
For detailed steps about the Domain Keys Identified Mail, visit our Ongage Blog Post: Email Authentication Protocols: What are They and Why Are They Important?
The Domain Message Authentication Reporting and Conformance protocol enables you to share authentication instructions with other mail agents and receive reports identifying unauthenticated emails being sent in your domain’s name.
For more about DMARC and how to implement, visit our Ongage Blog Post: Email Authentication Protocols: What are They and Why Are They Important?
Article Explaining DMARC Overview
Image from dmarc.org
How to Set Up Protocols
As Ongage is a front-end platform connecting to back-end email delivery vendors, who do the actual sending of the emails. DKIM and SPF are not set up in Ongage. Rather you need to go to your Email delivery vendor (e.g., Dyn, SparkPost, Mailgun, Amazon SES, etc.) and get the keys from them to put in your DNS. Typically those vendors have either clear instructions on how to do that, or can help you set up those.
Once the set up is done, they will add a DKIM and SPF header to all your email messages, when sent from Ongage via one of those email delivery vendors. Please speak to your back-end email delivery vendor (aka ESP/SMTP vendor) on how to get those setup. ESP will provide you with TXT and/or MX records to be set up ready to configure for your sending domain.
In general, the setup process of these protocols (SPF, DKIM, and DMARC) differ in all ESPs, ideally they will provide a DNS record respectively for each protocol to configure for your sending domain for all three protocols.
To have a detailed view of the TXT type DNS records you can visit our blog post about Email Authentication Protocols: What are They and Why are They Important?
About DNS Services
Following are links to a variety of leading DNS services
- Bluehost: General DNS Setup
- CloudFlare: General DNS help
- DynDNS: General DNS setup
- HostGator: General DNS setup
- Hover: General DNS setup
- Network Solutions: General DNS setup
- Rackspace Cloud DNS: General DNS setup
Check DNS Verification & Propagation of your Sending Domains
Following is a great tool to check your DNS record propagation status once the record is configured for respective domains.
Resources for setting up SPF and DKIM
- Amazon SES: DKIM, SPF
- GoDaddy: SPF
- Dreamhost: SPF
- Namecheap: SPF, DKIM
- United Domains: DKIM and SPF (in German)
Articles about Email Authentication: SPF, DKIM, DMARC and BIMI
- Email Authentication Protocols: What Are They and Why Are They Important? (Ongage Blog: September 2020)
- 3 DNS Records Every Marketer Must Know (March 2017)
- Why DMARC Matters for Email Marketing (April 2017)
- What marketers need to know about DMARC (July 2016)