How to Improve Email Deliverability with SPF, DKIM, and DMARC

Email marketing can be a powerful tool in any organization’s toolbox. If an email is read, it can deliver significant return on investment. Why? Because the conversation occurs directly with the customer. That makes email deliverability–being able to deliver emails to subscribers’ inboxes–critical to success. Raising your sender reputation is a means of getting to more inboxes. And that’s why we’re here to explain how to improve email deliverability with SPF, DKIM, and DMARC.

Sender Policy Framework (SPF)

SPF tries to detect whether an email coming from a domain came from an authorized IP on that domain. That is, it fights email spoofing. Email spoofing occurs when someone fakes an email’s “From” address, making it look like the email came from somewhere else. SPF prevents spoofing because if a message came from an unauthorized IP, that domain is not allowed to send emails on behalf of your company and thus cannot fake your From: Email Address.

DomainKeys Identified Mail (DKIM)

DKIM is like a digital signature for an email, which allows the email sender to link their domain with the email messages they send. This shows that the emails are authentic. There are a variety of email authentication services you can use to test a message’s authentication (see links below).

Domain-Based Message Authentication, Reporting, & Conformance (DMARC)

DMARC helps organizations prevent their domains from senders engaged in phishing or email spoofing scams. First, to enable DMARC, you must first set up SPF and DKIM records first. For an email to pass DMARC, it needs to pass and align either SPF or DKIM. Passing both is better, but either works. SPF and DKIM back each other up. Email providers who support email authentication will check both before allowing the message to go through. Email service providers send DMARC reports back to your Sender Policy Framework (SPF) record.

Improve Email Deliverability with SPF, DKIM, and DMARC

SPF, DKIM and DMARC authenticate your mail server and prove to ISPs, mail services, and other receiving mail servers that senders are authorized to send email. When properly configured, SPF, DKIM, and DMARC prove that a sender is legitimate, that they’re not sending email on behalf of someone else, and that their identity has not been compromised. Email authentication standards work independently, but their benefits are multiplied when used together because they verify different parts of the email identity chain.