This Email Authentication is Critical for Email Deliverability

 Kevin Glatz  0 Comments

Email marketing remains a top marketing channel to generate engagement and leads. The hardest part is coming up with the topics, writing the content, and figuring out who to send it to. The last thing you want is for hard-earned marketing emails to get blocked by email service providers because of a technicality.

Don’t Let This Technicality Sink Your Email Campaigns

Data privacy laws are increasingly strict, and scammers are becoming more creative; getting marketing emails into contacts' inboxes requires that email servers deem your company's email domain identity safe and verified.

If your email-sending domain is not authenticated, it signals to email servers that your email may be fraudulent or malicious, landing your marketing emails into spam or junk folders, bouncing, or otherwise not being delivered.

Email marketing platforms like Constant Contact, HubSpot, and MailChimp typically have a basic level of authentication, but the rules keep changing, so it's essential to stay in the know about email marketing best practices.

If you're reading this article, it's time to check your email authentication settings.

There are three DNS record types that should be verified to ensure your email sending domain is authenticated: DKIM, SPF, and DMARC.

Whoa! I'll stop there.

That's a lot of technical mumbo-jumbo. If those acronyms are Greek to you, get in touch with the person or company who set up your website domain and manages your DNS (Domain Name System). For example, we use GoDaddy to purchase domains. Once the domains are purchased, we can modify the domain settings to link a domain to a website or email marketing system. 

Here are some screenshots to help you visualize the meaning of this email authentication business. The following scenarios use HubSpot and GoDaddy as an example. And remember! This information changes  frequently, so I can't guarantee the correctness of the following details. But it will give you a starting point!

1. Check to see if there is a problem

Check your email marketing system to see if there are warnings on the Domains and URL settings that the domain is not fully authenticated. Here is what it looks like in HubSpot.


You can choose to continue to domain setup and use HubSpot's guided tool to help authenticate. If it works, great! But sometimes, there are snags.

You can also choose to do a manual setup. Here are some snapshots from GoDaddy for an example.

2. Correct DNS Settings


DomainKeys Identified Mail (DKIM) aims to prevent spoofing or sending emails with forged sender addresses.\Proper DKIM settings require two CNAME records in your DNS provider. Here's what it looks like in GoDaddy.



Sender Policy Framework (SPF) verifies that the sending email server is authorized to send email on behalf of the domain. Here's what it looks like in GoDaddy. If you need to do multiple "includes" on one SPF record and use HubSpot, call tech support to get the values.



Domain-Based Message Authentication, Reporting, and Conformance (DMARC) further safeguard the email sending domain from unauthorized use. Here's what it looks like in GoDaddy.



HubSpot Resources

Here are a couple of articles from HubSpot to learn more:

Don't let a simple technical error sink your campaigns: unauthenticated emails are likely to bounce, quarantine, or be categorized as spam. Properly authenticate your email sending domain to increase email deliverability and ensure your communications reach their intended recipients.


Stay Connected