- Authentication (SPF, DKIM, and DMARC)
- Main takeaways
- Try ConvertKit's deliverability in action
- Stay in touch
In episode 6 of the Deliverability Defined podcast, my co-host Melissa Lambert and I dive deep into email authentication, and what you need to know to be sure your emails pass SPF, DKIM, and DMARC.
Authentication (SPF, DKIM, and DMARC)
Email authentication can be very complex, but it's crucial for your email deliverability. In this episode, we talk about why authentication exists, how to quickly determine if your emails are passing authentication, and the three types of authentication you should become familiar with.
Authentication exists to verify that a message is coming from a specific sender.
- This prevents spam and phishing and makes email more secure.
- Authentication also protects senders’ reputation from being harmed by a spammer who uses the sender’s domain to send malicious emails.
All emails have two “from” addresses, the friendly-from and the return-path.
- The friendly-from address is the address that subscribers see and recognize
- The return-path address is hidden in the headers of your email and isn’t typically seen by subscribers. This address is usually your
- Email Service Provider’s (ESP) domain.
A quick way of determining if you’re passing authentication is to send yourself a test email and pull the message headers.
There are three types of authentication: SPF, DKIM, and DMARC
SPF (Sender Policy Framework)
- SPF is essentially a list of IP addresses that are allowed to send mail on behalf of your domain.
- SPF is checked on the return-path domain, not the friendly-from domain
- This means, ConvertKit (and most other ESPs) takes care of SPF for you
DKIM (DomainKeys Identified Mail)
- DKIM uses a public key and a private key to verify the sender is not being spoofed and that the message hasn’t been tampered with
- DKIM isn’t tied to the return-path or the friendly-from. Instead, it is checked using the domain listed in the DKIM header of the message
DMARC (Domain-based Message Authentication, Reporting, and Conformance)
- DMARC ties SPF and DKIM to the friendly-from domain, making emails much more secure
- DMARC does require some upkeep and proper setup, so be sure you fully understand the repercussions of DMARC before setting it up for your domain
- If you want to use DMARC on your domain and you’re a ConvertKit user, be sure to verify the sending domain in your ConvertKit account
Try ConvertKit's deliverability in action
It's now free to use ConvertKit with an audience of up to 1,000 subscribers! Start building your audience and reaching their inboxes: convertkit.com/pricing.
Stay in touch
To receive email notifications when new episodes of Deliverability Defined are available, or to submit topic suggestions, sign up to our email list.