What is email authentication? 

Setting up email authentication is a bit like showing your ID card for official purposes. An authentic domain proves that you, the sender, are who you say you are. 

For this, you can use three tools: 

1. Sender Policy Framework (SPF), an identification method designed to detect forged addresses during email delivery; 

2. DomainKeys Identified Mail (DKIM), a method that checks whether an email from a particular domain was actually sent by that domain; 

3. Domain-based Message Authentication, Reporting and Conformance (DMARC), an identification protocol that works as an extension of SPF and DKIM. 

Don't worry if this all sounds a bit too technical for you: our email and deliverability experts are happy to help you get your domain authentication right.  

Email Service Providers (ESPs) like HubSpot, Campaign Monitor, and Mailchimp use their own email servers, but before you can send emails through those servers, you need to be able to prove that you, as a user of those tools, also own the domain. 

Why is authentication important? 

There are three main reasons why authentication is important in terms of email: 

• Authentication protects recipients from harmful messages, like spoofing and phishing; 

• Authentication protects you and your organisation from imitation of your identity; 

• Emails with authentication are less likely to be rejected or marked as spam by Gmail. 

How do you set up email authentication? 

SPF and DKIM authentication is handled by DNS records on your website's domain. Instructions on how to set all that up correctly can often be found in your ESP's general account settings. In other words, you need access to your DNS settings to add the right records. Your domain manager (or you) will then need to add those records through your web hosting portal or where your domain name resides. 

An SPF record is linked to your domain name. This means you don't need a separate SPF record for each email address (e.g. yourname@yourcompany.com), but you do need one for each domain name (e.g. yourcompany.com). All email addresses linked to that domain are protected this way. 

If you send more than 5,000 emails a day to Gmail users, you should also set up a DMARC policy. This is an encompassing set of SPF and DKIM controls. The associated DMARC policy specifies what the receiving email server should do with the message if the DMARC check should fail for an email. 

For now, it's still sufficient to set this policy to "p=none". In that case, the email is treated the same as if there were no DMARC record. That policy is typically used to map your email flows without sacrificing deliverability. 

When you only send emails to people who want to receive messages from you (and/or your organisation), they're less likely to report those emails as spam. And that's great news, because the more people report messages from your domain as spam, the more likely the same will happen with your future messages.

How do you get an engaged audience?

Use these tips to reduce your chances of being reported as spam:

• Make sure recipients actively choose to receive emails from you;

• Confirm each recipient's email address before subscribing them (two-factor authentication, or 2FA);

• Send regular emails to confirm that recipients want to stay subscribed;

• Consider unsubscribing recipients who do not open or read your messages (often).

Provide an easy way for recipients to unsubscribe

Organisations that send emails need to provide an easy way for their recipients to unsubscribe. By including that option in your emails, you can improve your open rates and click-through rates. Contacts who unsubscribe from your communications are always better than contacts who mark your emails as spam — after all, spam complaints have a much bigger impact on your sending reputation.

Moreover, an unsubscribe link at the bottom of your emails ensures that your contact lists stay up-to-date and that you only reach interested contacts. And, we repeat: if you send more than 5,000 emails a day, contacts should be able to unsubscribe with one click. Most ESPs have that functionality. If your ESP doesn't, you'll need to manually change your email headers. You can read how to do that in Gmail's Help Center.