Authentication 101: a guide to why and how to authenticate your sender domain

Jun 4
6 min read
In today's digital landscape, it's essential to authenticate your sender domain, proving to inbox providers that your emails are legitimate and trustworthy. Without proper authentication, your messages may be filtered out or sent directly to spam folders, leaving your carefully crafted campaigns unseen by your target audience. This guide will explore why domain ownership and authentication are essential for successful email marketing campaigns.
Image of a stamp - Photo by Dominika Roseclay

Why domain ownership matters

The first step to authenticating your sender domain is to actually own it. This means registering your domain name and hosting it with a reputable provider. This ensures your domain is unique and cannot be used by anyone else for email marketing purposes. By owning your domain, you control your email reputation, which is crucial for ensuring your campaigns reach your intended audience. It also allows you to establish a consistent brand identity across all your email communications.

The importance of authentication protocols

Authentication refers to the process of proving that your emails are authentic and trustworthy. To achieve this, you need to implement authentication protocols such as DKIM (Domain Keys Identified Mail), SPF (Sender Policy Framework), and DMARC (Domain-based Message Authentication, Reporting and Conformance). These protocols provide a layer of security by verifying your email's source, ensuring it isn't being sent from an unauthorized domain or a spoofed email address. By implementing these protocols, you increase your chances of email deliverability and protect your brand from phishing scams and domain spoofing.

New ISP regulations

As the need for greater email security and deliverability has become increasingly important, ISPs like Google and Yahoo have implemented stricter regulations for email senders. For example, Gmail now requires all senders to adopt DMARC authentication to improve email delivery. Failure to comply can result in your emails being sent straight to spam or rejected outright. With these new regulations, it's never been more crucial to authenticate your sender domain to ensure your campaigns are delivered properly.

Get Ready to Authenticate

To begin the authentication process, you must work with your domain and email service providers to implement the required protocols, such as DKIM and SPF.

What is SPF?

The Sender Policy Framework (SPF) is an authentication standard that has been in existence since 2003. It operates by publishing a list of permitted IP addresses for sending emails on behalf of your domain. When receiving mail servers encounter messages from your domain, they utilize SPF to verify that these messages were indeed sent from one of the approved IP addresses. In essence, SPF authenticates the Return-Path domain by matching it with the IP address used to transmit the email.

SPF plays a crucial role in safeguarding your domain from spoofing and preventing your outgoing messages from being flagged as spam by receiving servers. The Authentication-Results header reveals whether the SPF passes or fails. However, it's important to note that SPF only verifies the sending server, not the integrity of the email content. To ensure content integrity, we rely on DKIM (Domain Keys Identified Mail).

What is DKIM?

DKIM, short for DomainKeys Identified Mail, is an intricate authentication method that enhances email security. It achieves this by encrypting the email while in transit, using a digital signature known as a "hash value." When an email is signed with DKIM, the receiving party can authenticate the message using a pair of "keys." This process ensures the integrity and authenticity of the email, bolstering overall security measures. 

1st key - “Private Key” is kept safe by the sender and cannot be shared.

2nd key - “Public Key” is stored in the DNS of the client's From domain.

Once the email is received, the recipient will utilize these keys to decrypt the hash value in the header. If both keys correspond, it indicates that the email remains unaltered and the DKIM signature is then verified. On the other hand, if the keys don't match, the DKIM signature will fail, potentially leading the recipient's ISP to classify the email as spam or block it altogether. 

However, the question remains: How can I identify unauthorized usage of my domain? This is where DMARC comes into play.

What is DMARC?

DMARC, an acronym for Domain-based Message Authentication, Reporting & Conformance, is a standard employed by mail servers to verify the trustworthiness of incoming emails. It allows domains to authenticate the sources of the emails they send.

DMARC utilizes SPF or DKIM to authenticate the sender's legitimacy and goes a step further by sending a report back to the sender, detailing who is utilizing their domain. In order for DMARC to succeed, the email must pass either SPF or DKIM, and the domain in the From header must align with the corresponding SPF or DKIM domain. 

The primary advantage of DMARC lies in the sender's ability to control the fate of spam originating from their domain, rather than the receiver. By instructing the receiver to block unauthorized mail and receiving reports on domain misuse, DMARC proves to be a robust and widely accepted solution in combating email abuse. 

Click a quick overview on how SPF works by DMARCIAN.

Click a quick overview on how DKIM works by DMARCIAN.

Click here for a quick overview of how DMARC works by DMARCIAN.

How to authenticate your domain DNS

To accomplish this, you must access the DNS records for your domain from the hosting provider and incorporate the accurate DNS settings. 
If you are using Cakemail, you'll find help and instructions directly into the product. Need help? Contact us!

Take these steps:

1. Visit your domain provider's site and log in.

  • To find out where your domain is managed, contact the person or team that manages your website or email address. 
  • If you're not sure where to find this information, we've compiled the four biggest domain hosting service providers for your reference:some text
  • You can also look up your domain host by checking this website: 

2.  On the top right part of the platform, click on the arrow next to your user name.

3.  Select Senders and Domains.

4. In the menu to manage the sender email addresses and domains, select the option Authenticate domain.

  • Or, alternatively, you can click directly on our Get Started button, and select Authenticate Domain. This will redirect you to the same authentication steps.

5. Follow the steps outlined in this page to add the platform's records to your DNS. 

6. Wait for the verification. 

7. The Domain authentication status is displayed on the last step.

Authenticating with DMARC

Please make sure you have already set up the SPF/DKIM on your From domain before proceeding with DMARC. Once your SPF/DKIM is done, we recommend you set up an account with DMARCIAN and run through their  DMARC RECORD WIZARD  to create your DMARC record.


DMARCIAN is a trusted partner for our application. Once you set up your DMARC record, you'll receive a flood of XML reports revealing who is using your domain. These valuable reports offer insights into how your emails are moving through the ecosystem, enabling you to identify any unauthorized domain usage. It can be challenging to make sense of these reports as they can be plentiful. Fortunately, DMARCIAN not only simplifies the creation of your DMARC record but also provides a platform for visualizing and analyzing these XML reports. With DMARCIAN, you can take informed actions based on how your email domains are being utilized.

You will need this visibility in order to ensure you do not block legitimate mail before moving your DMARC policy towards p=quarantine or p=reject.

Who will send me these reports?

Here is a current list of known receivers checking for DMARC:

  • Amazon WorkMail
  • AOL
  • Apple
  • ATT
  • BT Mail
  • Cisco Email Security
  • Comcast
  • Gmail
  • Google Apps
  • Hotmail
  • Hover
  • LaPoste
  • Mimecast
  • Office 365
  • Onet
  • Proofpoint
  • Rackspace
  • Rogers
  • SFR
  • Shaw
  • Skynet Proximus
  • Sophos
  • SpamExperts
  • Symantec
  • Vade Secure
  • Yahoo!
  • Yahoo! UK
  • Ziggo
  • Zoho

In today's digital age, email marketing is an essential tool for businesses of all sizes, but simply sending emails is no longer enough. It's important to take the necessary steps to authenticate your sender domain to ensure your campaigns are delivered to their intended audience. By owning your domain and implementing authentication protocols, you improve your email's deliverability and security and establish your brand identity and reputation. 

So, start authenticating your sender domain today and watch your email campaigns flourish.

Share this