About Email Authentication
Email authentication helps you protect and improve your email deliverability rate by preventing email fraud and identity theft, proving that your emails are being sent from you and not another illegitimate source.
The common standards are DMARC, DKIM and SPF authentication:
SPF stands for Sender Policy Framework. With SPF, you can define the IP addresses that are allowed to send emails for your domain.
Emails can be proven to be authentic with an encryption key and digital signature provided by DKIM (Domain Keys Identified Mail).
Once you have SPF, DKIM or a private technical sender domain in place, you can set up DMARC for a more unified framework. DMARC (Domain-based Message Authentication, Reporting & Conformance) allows you more control, and the ability to set up responses for handling different scenarios when an authorization test is failed.
APSIS One and Email Authentication
When you onboard APSIS One, you can start sending email messages as soon as you have set up your Audience. These emails are authenticated via SPF and DKIM, under APSIS' own authentication protocols, so they're delivered right to your profile's inbox with the APSIS seal of approval. This is enough for most smaller businesses, yet custom authentication is recommended for those who intend to communicate with larger Audiences, more frequently.
There are many benefits to having custom authentication, the largest and most important being that custom authentication is very good for deliverability rates.
Would you like to set up custom authentication?
We're happy to hear that. First, make sure that at least your SPF authentication is already in place. Then reach out to your APSIS Account Manager, who will be able to redirect you to our Delivery professionals. DKIM and DMARC are currently a part of our custom authentication service offering.
Our custom domain for links and system pages and private technical sender domain services are coming soon!
Even if you intend to send very few emails and have an essential setup, we suggest that you still set up SPF authentication in order to safeguard emails sent from your domain.
SPF stands for Sender Policy Framework. It is an authentication method that will allow specific email servers to send emails from your domain.
Click on an item below to expand:
Here's why you should set up SPF authentication.
Sender Policy Framework prevents forged emails from being sent from an illegitimate source impersonating a domain.
It will generally not stop spam or junk emails, but it does allow domain owners to partially confirm and legitimise specific servers to send emails in their name and behalf. SPF only applies to the Sender domain, which for newsletters usually is customername.apsisone.com. It does not apply to the From domain, which is the domain the sender sets as "From" in the actual mail: this is handled by DMARC (Domain-based Message Authentication, Reporting and Conformance).
However, emails like “forgot password” emails or those sent through our SMTP-service use the same customer domain as both Sender and From domain. Hence why it’s a good idea to add APSIS One to your SPF record.
Setting Up SPF Authentication
1. Get in touch with your development team, since this will require medium technical skills.
2. Log in to your existing domain's account.
3. Find your domain management section and locate your DNS settings.
3. Paste the following line into a new TXT record and add it to your DNS:
v=spf1 mx include:_spf.apsisone.com -all
If you already have an existing SPF record, just add include:_spf.apsisone.com to it.
4. That's it! Next time you send emails, APSIS One will be recognised as a trusted server.
Private Technical Sender Domain
Setting up a private technical sender domain will soon be a part of the services offered by APSIS' Delivery professionals. Meanwhile, let's look at the two types of senders in an email:
There's the from sender, also known as a "friendly from", which is the one that you enter when setting up your Email tool activity.
And then there's the verified, technical sender, which without a private technical sender domain setup remains as APSIS' domain. So, same as with the links included in your email, you will be building your reputation as an individual sender instead of sharing it with other APSIS One senders. Also, although it's rare that a recipient looks into this aspect, your private technical sender domain will be shown in the email header instead of APSIS', which also inspires trust and maintains brand consistency.
For improved deliverability rates, it is good that your from sender is the same as your private technical sender.
Why is this important?
If you intend to set up DMARC authentication, you must have SPF authentication and DKIM or a private technical sender domain. It's important, even if you don't intend to set up DMARC, because email clients will be able to verify that the domain you're sending from is legitimate. Also, by not sharing a sender domain, you have more control over your sender reputation and consequently your deliverability rates.
Setting up DKIM and DMARC
DKIM authentication verifies that you, as a sender, are indeed authorized to send emails on your behalf. This significantly decreases the risk of emails landing in a spam folder or bouncing from being caught in spam filters.
DMARC is a validation system for your emails which detects and prevents email spoofing. It's built on top of SPF and DKIM, and while they help identify fake emails, DMARC provides reports on how and when emails are being rejected and the reason why. Also, it allows you to have more control over how receivers handle emails that failed authentication or validation.
APSIS' Delivery department provides you with everything you need in order to get your email authentication ready. Reach out to your APSIS Account Manager, who will be able to redirect you to our Delivery professionals!