mailmodo-hamburger

Understanding Email Authentication Protocols: SPF, DKIM, and DMARC

author image

Written by:Suryanarayan Pal

Share

Facebook logo
Linkedin logo
Twitter logo
Whatsapp logo
Pinterest logo
mail logo
copy link

Authentication is an integral part of our daily lives. You enter your office, the punch-in machine authenticates your identity, you board a flight or a train only after authenticating your identity!

In the old times, letters sent had a seal that authenticated the content of the letter, which indicated that the letter hadn’t been tampered with.

Similarly, emails use authentication techniques as well. However, to understand how email authentication works, we have to start from the early 2000s. Back in those days, spam originated from a known pool of IPs. So the spam filters were simply rule-based: If the emails originated from a blacklisted pool of IPs, the emails would be filtered.

However, anti-spam vs spam has always been a cat and mouse game. Spammers found ways to flout the laws of the rule-based filters. Each new attempt by spammers was countered by the anti-spam bodies with a new authentication technique! Hence a few authentication techniques were developed.

Let’s discuss these authentication techniques in detail:

SPF

With rule-based filters, emails from known blacklisted IP pools started getting blocks. Instead of changing the sender server, spammers started using hops to send the emails so that the recipient server software detected a whitelisted IP address. Hence anti-spam communities wanted to authenticate the sender server. That’s when SPF as an authentication protocol was introduced.

DKIM

Imagine that the President of the United States is sending an email to the President of Russia. Hackers may interrupt the pipeline and tamper with the message.

To avoid such incidents and let the recipient know that the email is untampered, it’s essential to authenticate the emails. The emails are encoded at the sender level and decoded at the recipient level and the received email is compared with the decoded message.

To know more about how DKIM works, click here.

DMARC

DMARC ensures that an authoritative action is being taken if DKIM and SPF don’t pass. DMARC stands for Domain-based Message Authentication Reporting & Conformance. DMARC is a standard email authentication protocol that helps you verify your email, safeguards against spoofing. DMARC enables you to request reports from email servers to resolve deliverability and authentication issues.

2 simple conditions for DMARC to pass are:

a) SPF must pass on the envelope domain

b) DKIM must pass on the sender domain

Following is an example of a DMARC record:

_dmarc.yourdomain IN TXT "v=DMARC1; p=none; rua=mailto:dmarc@yourdomain.com"

The three (3) tags are: v, p, & rua, and the three (3) values are DMARC1, none, and mailto:dmarc@yourdomain.com. The "v" tag is the version of DMARC, the "p" tag is the policy (meaning what action to take if the message fails DMARC), and the "rua" tag is the email address to send DMARC aggregate reports to.

AMP email approval from email clients

If you want to send out interactive AMP emails, you will have to get whitelisted with Yahoo Mail, Gmail, or Mail.ru email clients which support AMP emails. For a successful whitelisting of your sender address, you will have to set up all the above authentication protocols for your domain.

Mailmodo helps you to set up authentication

With Mailmodo, you can easily set up all the authentication techniques and start sending out interactive AMP emails. The Mailmodo team assists you in incorporating the DKIM, SPF & DMARC to protect your company's email security easily and reap the benefits of interactive AMP emails.

About the author

author profile avatar

Growth Marketer

Suryanarayan has seven years of experience in email marketing for B2B, SaaS, and e-commerce industries. He specializes in email deliverability and project management.