There are three main ways you will authenticate your email that you send from your CRM using Click, SPF; DKIM; and DMARC. We'll look at each of them in turn here, and in the next article you'll set up both SPF and DKIM in our Email Sending Domains section of ClickDimensions Marketing Automation Settings. If you want to skip straight to those instructions they are HERE.
First, we should examine why you must authenticate your email. Authenticating your email when using an Click is crucial to ensure the security and reliability of your communications. Email authentication helps to verify that you are the legitimate sender of the emails. This prevents your messages from being flagged as spam or, worse, blocked entirely. Additionally, authentication protects your recipients from phishing attacks, which could damage your reputation and lead to legal consequences. Without proper authentication, your email deliverability rates may suffer, undermining your efforts to effectively reach your audience. In essence, authenticating your email builds trust, safeguards your brand, and ensures your messages land where they are meant to be.
SPF
The Sender Policy Framework (SPF) is an email authentication protocol designed to prevent unauthorized individuals from sending emails on behalf of your domain. It works by allowing you the domain owner to specify which mail servers are authorized to send emails from their domain. This information is stored in the domain's DNS (Domain Name System) as a TXT record. When an email is sent, the receiving server checks the sender's IP address against the SPF record to verify if Click is authorized. If it were not, the email may be flagged as spam or rejected outright.
Important Note: We have required in the past that you have the Click SPF mechanism on your organizational domains. We are happy to report that we are now phasing that out for two reasons:
- The MailBox Providers (MBP) that receive the email messages on behalf of your subscribers, such as Gmail, Yahoo and others, have become better and more accurate in checking against the subdomain that is used for storing the authenticating DNS records.
- Our Email Sending Domains feature is becoming a required feature to use Click for Marketing Automation, and they always require a very specific set of TXT records for SPF that are guaranteed to be in place on your chosen subdomain.
DKIM
DomainKeys Identified Mail (DKIM) is an email authentication method that helps ensure the integrity and authenticity of your emails. It works by adding a digital signature to the headers of outgoing emails, which is then validated by the receiving mail server. Click generates a pair of cryptographic keys—a private key is used to sign the email, and the public key is published in your domain's DNS records. When the recipient's mail server receives the email, it uses the public key to verify that the signature is valid and that the email hasn't been altered during transit.
This process helps confirm that the email truly originates from you the sender and prevents spoofing or tampering. By implementing DKIM, you can enhance your email's credibility, improve deliverability rates, and protect your domain's reputation.
DMARC
DMARC (Domain-based Message Authentication, Reporting, and Conformance) is an email authentication protocol designed to protect email domain owners from unauthorized use, such as email spoofing. It works by allowing domain owners to publish policies in their DNS records that specify how to handle emails that fail authentication checks.
Key Components of DMARC:
- Authentication: DMARC builds on two existing email authentication mechanisms, SPF and DKIM. It ensures that emails are properly authenticated using these methods.
- Alignment: DMARC checks that the domain in the "From" header field (RFC5322.From) aligns with the domains used in SPF and DKIM authentication.
- Policy: Domain owners can specify policies for handling emails that fail authentication, such as rejecting, quarantining, or delivering them.
- Reporting: DMARC provides a mechanism for receiving feedback about emails that pass or fail authentication checks, helping domain owners monitor and improve their email security.
We have a lot more detail around DMARC in another article HERE
What is an organizational domain?
An organizational domain usually refers to the primary domain name associated with an organization or business that is used for sending and receiving emails. For example, in the email address "info@example.test," the organizational domain is "example.test."
Most RFCs define an organizational domain as the domain at the top of the namespace hierarchy for a given domain, sharing the same administrative authority. This domain is determined by applying specific algorithms, such as those found in RFC 7489 (https://datatracker.ietf.org/doc/html/rfc7489).
It typically includes the main domain name without any subdomains, representing the primary administrative entity.
What is an author domain?
An author domain is the domain found in the "From" header field of an email, also known as the RFC5322.From domain (https://datatracker.ietf.org/doc/html/rfc7489). This domain is used to identify the sender of the email and is crucial for validating the authenticity of the message. It is what you will enter in the domain part of the From Email section of an Email Send Record. Here it is the tomatogardens.org part of the info@tomatogardens.org email address:
You'll notice that tomatogardens.org is also an Organizational Domain in this particular example, but an author domain could be a subdomain, such as news.tomatogardens.org for the From email address hello@news.tomatogardens.org.