This list is compiled and updated based on common questions we receive about the primary means of authentication.
Why should I care about Authentication?
SPF and DKIM Authentication are email standards that help get your emails delivered to your subscribers' inboxes. Each provides a method to prove that your emails are authorized by your brand and is not malicious. We highly recommend setting up SPF and DKIM Authentication early to avoid any potential deliverability issues that may arise.
What is SPF?
SPF is a something email servers use to verify that emails are legitimate and that your domain has not been spoofed by a hacker. Your domain's SPF record lists the domains or IP addresses of services that are allowed to send emails on your behalf. By including our domain (ne16.com) on your SPF record you are telling your recipients' servers that you have given us permission to send behalf of your domain and that your mailing can be trusted.
Does SPF relate in any way to the fact we send newsletters “from” different email addresses?
When sending your mail, the only part of an email address that matters from a deliverability standpoint is your domain. The domain is the part of the email address after the "@" (as in email@example.com). Sending from firstname.lastname@example.org and email@example.com both use the same domain so they will use the same DNS records. We do not need to authenticate two email addresses using the same domain.
How do we combine multiple SPF records?
For your domain's SPF record to be valid and work as described above, you can only have 1 SPF record. When you have multiple records you will need to "combine" those records into one. This is basically done by creating a new SPF record that contains all of the parts of the existing different records. A useful tool for making sure your SPF record is valid is this website: https://vamsoft.com/support/
What is DKIM Authentication?
Much like SPF, DKIM is another way to prove to your recipients' servers that your mailing can be trusted.
While SPF proves that the email was originally sent by a domain you trust, DKIM will prove that the email has not been altered between the time it was sent and the time it is received by your recipients' servers. This protects your mailings against being 'hijacked' or otherwise intercepted and tampered with by a 3rd party. This works by both parties (yourself and your ESP) utilizing a "DKIM Key". When mailing is sent from your ESP on your behalf, the mailing is 'signed' with a unique DKIM key. If any changes are made to the mailing between the time the mailing is sent and the time the intended recipient receives the mailing, the DKIM signature will have been altered and no longer match the key your server is expecting.
This is especially useful in industries where email spoofing is most common and most destructive like financial services, education, etc.
How do I enable DKIM Authentication
This process is typically handled by your IT team with a little help from your Site administrators. Full instructions can be found here, but the general process is outlined below:
- Site administrator logs into our software, navigates to the Domain Keys page, and generates a DKIM key.
- Site Administrator provides DKIM Host and Key values to IT team
- IT team logs into DNS provider's software and creates a TXT record using the provided Host and Key values
- Once TXT record is published, Site administrator logs back into our software, goes back to the Domain Keys page, and clicks 'Enable Signing' for the domain.
Can I send without SPF and/or DKIM authentication?
You are able to send without SPF or DKIM authentication set up, but your ability to get emails into your recipients' inboxes may be impacted because these records are looked for by receiving servers. Implementing both of SPF and DKIM will help you get more emails into recipients' inboxes and help to reduce the number of contacts get moved into 'Held'.