Gmail has recently put in place new authentication rules, and given that it's the world's largest email provider, it's a good idea to comply with them!
Understanding SPF, DKIM, and DMARC Protocols
Authentication is a process that helps prevent spammers from using your domain to send emails without your permission. Currently, three main authentication protocols are used: SPF, DKIM, and DMARC. Each protocol helps validate that your email is legitimate, increasing the chances of your email being delivered successfully.
SPF (Sender Policy Framework) validates the IP addresses of the email servers allowed to send emails on behalf of your domain.
DKIM (DomainKeys Identified Mail) validates the email using a private key to sign the email and a public key to verify the signature.
DMARC (Domain-based Message Authentication Reporting & Conformance) is a policy that combines SPF and DKIM to give domain owners control over how their emails are delivered and handled.
DMARC offers a significant advantage in that it puts the power in the hands of the sender, allowing them to control spam sent via their domain instead of the receiver. Using DMARC, you can instruct the receiver to block any email you did not send. Furthermore, you will receive a report of any email that uses your domain without authorization. DMARC is a highly effective email authentication protocol considered the industry standard.
"To add further clarification, Gmail will require authentication for email senders who send 5,000 or more (messages a day) to Gmail accounts." - Kevin Huxham Director of Delivery - Cakemail Inc.
Authenticated Email Marketing
To authenticate your email marketing, you must ensure that the email servers from which you send emails are authorised properly. You also need to sign your emails with DKIM and set up a DMARC policy that tells the receiving servers what to do with your email.
See the full method for authentication here.
Here is an abbreviated version of how to authenticate:
Visit your domain registrar's site and log in.
- To find out where your domain is managed, contact the person or team that manages your website or email address.
- If you're unsure where to find this information, we've compiled the four biggest domain hosting service providers for your reference:
GoDaddy
Network Solutions
Domain.com
namecheap.com
You can also look up your domain host by checking this website: https://lookup.icann.org/
On the top right part of the platform, click on the arrow next to your user name.
- Select Account.
- In the Account page, select the Senders tab.
- In the menu to manage the sender email addresses and domains, select Authenticate domain.
- Follow the steps outlined on this page to add the platform's records to your DNS.
- Wait for the verification.
- The Domain authentication status is displayed in the last step.
Authenticating with DMARC
Be sure you have already set up the SPF/DKIM on your From domain before proceeding with DMARC. Once your SPF/DKIM is done, we recommend you set up an account with DMARCIAN and run through their DMARC RECORD WIZARD to create your DMARC record.
Why DMARCIAN?
DMARCIAN is a trusted partner with our application, and as soon as you set up your DMARC record, you will get flooded with XML reports telling you who is using your domain. These reports provide insight into how your email moves through the ecosystem and allow you to identify if anyone else uses your domain. Making sense of these reports can be tricky, and they can be numerous. Not only can DMARCIAN help create your DMARC record with ease, but their platform can also be used to view these XML reports and provide visualization on how your email domains are being used so you can take action. You will need this visibility to ensure you do not block legitimate mail before moving your DMARC policy towards p=quarantine or p=reject.
Who will send me these reports?
What started with a small list of ISPs like Gmail, AOL, and Yahoo has grown into a long list worldwide, with more and more being added daily.
You'll find here a current list of known receivers checking for DMARC: Authenticating my domain with SPF, DKIM and DMARC protocols
Sending Your First Authenticated Email
To send your first authenticated email, you must configure your domain's SPF record, generate a DKIM key pair and set up a DMARC policy. Once you have done this, send a test email to your Gmail account and check the message headers for the authentication results.
Troubleshooting Authentication Issues
If Gmail is still rejecting your emails, it's essential to troubleshoot the authentication issues. Common issues include incorrectly configured DNS records, inconsistent DKIM signatures, and DMARC policies to reject emails without proper authentication. Keep an eye on your email metrics, such as delivery and open rates, to promptly identify and fix authentication issues.
Best Practices for Authenticated Email Marketing
Finally, following best practices for authenticated email marketing is essential. These include sending emails only to subscribers who have explicitly opted-in, providing an unsubscribe link in your emails, avoiding spam trigger words, and regularly monitoring your email metrics to stay on top of authentication issues.
Domain authentication with SPF, DKIM, and DMARC is crucial for your email marketing success. By following the steps outlined in this guide, you can ensure that your emails are correctly authenticated and avoid rejection by Gmail. Remember to follow best practices for authenticated email marketing and to monitor your email metrics regularly to maintain a healthy email list and improve your deliverability rates. With these tips in mind, you can take your email marketing to the next level and increase ROI for your business.
Resources
Authenticating my domain with SPF, DKIM and DMARC protocols
Prevent spam, spoofing & phishing with Gmail authentication
Gmail now rejecting unauthenticated mail