Email Authentication verifies the authenticity of the sender and improves email delivery.
Authentication includes two records: SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail):
- SPF includes domains and IP addresses which are permitted to send emails from your domain;
- DKIM provides a digital signature that verifies that an email is authentic and is sent from a verified source.
Email authentication serves as a means of verification: emails are received and sent upon verification by service providers.
Authentication provides two advantages:
Greater chances of emails being sent successfully. Thorough verification by service providers, emails get sent through without being shortlisted as spam messages. Authentication also helps to prevents fraudulent and inappropriate mails.
Access to additional services. Customers can enjoy additional services from email providers,(Gmail, Outlook) such as “postmasters” which displays the spam rate or domain and IP reputation. It is quite impossible to have access to this sort of information without email authentication.
Email authentication can be set up unaided or ordered through UniSender.
This article contains step-by-step instructions on how to set up email authentication on one’s own.
To set up authentication, you need to know which hosting is yours. You can do it using MxToolbox or a similar service.
For example, let’s check the hosting of Reserved.com.
Remember the name of the hosting, you will need it later.
Sign in to your UniSender account, click on your ID, and select «Account setup» on the drop-down menu.
Before moving to the domain settings, make sure that you have at least one confirmed email address on this domain. To check this, click on the «Confirmed emails» tab. If there are no confirmed emails on your domain, click on the «Add» button, and follow the instructions to confirm the address.
Now go to the «Domain authentication» tab. You need to configure authentication for the domain, from where emails are being sent out. Click on the «Create» button.
Click on «Obtain settings».
Next, you will see the records that you need to copy to the hosting.
In this instruction manual records, we would be using GoDaddy as an example. You may have another hosting, only the interface will be different. How to add TXT records on other popular hosting sites:
After receiving the records from UniSender, go to the hosting, click on the «Home» button, and select «Domains» on the menu.
Here, click on the three dots next to the domain and select «Manage DNS».
On the page with DNS records click the «Add» button to create a new record.
From the records received in UniSender take the string @ TXT v=spf1 include:spf.unisender.com ~all and add it on the hosting in the «DNS Management» section.
What this string signifies:
- @ — record name (host). If @ is not accepted, enter in «Host» your domain, such as yourdomain.com.;
- TXT — record type;
- v=spf1 include:spf.unisender.com ~all — record value.
Select the same record type as for SPF — TXT.
Copy the subdomain us._domainkey from the records received in UniSender and paste it into the «Host» field on your hosting.
On some domain control panels, you need to enter us._domainkey with a second-level domain, for example, us._domainkey.yourdomain.com.
TXT Value: k=rsa; p=xxxxxxxxxxxxxxxxxxxxxxxxxxxx.
This is how it looks like in the interface.
After submitting the data on the hosting, go to «Account settings» → «Domain authentication» and check if the domain status in UniSender has been updated. It does not get updated immediately; it usually takes from 30 minutes to several hours.
It’s ready! You have finished setting up email authentication for your domain.
What to do if I already have an SPF record of another service?
It is correct to have only one SPF record. At the same time, it can include all servers from the different services you use to send emails.
For example, you send emails via UniSender, but you also send directly via Gmail for business (G Suite). In this case, in the existing record «v=spf1 include:_spf.google.com ~all» you need to insert «include:spf.unisender.com» before «~all».
In the end, the record should look this way:
v=spf1 include:_spf.google.com include:spf.unisender.com ~all
For some services, such as Yandex and Mail.ru, the SPF record may look different: with «redirect=» instead of «include:». For example, «v=spf1 redirect=_spf.yandex.net». In this case, add «include:spf.unisender.com» to the existing record «v=spf1 redirect=_spf.yandex.net», and replace «redirect=» with «include:». At the end of the record add «~all».
v=spf1 include:_spf.yandex.net include:spf.unisender.com ~all
You can also edit a standard SPF record from any other email provider using the same principle.
What can I do if I have added records, but UniSender still shows «created» or «disabled» status?
If a notice was displayed during the update that signifies that no error was found, wait for 30 minutes. After the stipulated time, the status will be updated and changed to «enabled».
What errors may occur after updating:
- DKIM record not found;
- The SPF record does not exist;
- A required setting is missing in the SPF record include:spf.unisender.com.
In this case, you should check the accuracy of records at your hosting. We recommend that you pay attention to extra spaces, as the verification of the record takes them into account. Also, it makes sense to check if you have added records on the hosting. If everything is correct, wait until the records are distributed by the Name Servers of your hosting and the cache of our Name Server is updated.
Do I need to set up DMARC?
In addition to SPF and DKIM, you can also set up a policy that reads the record called DMARC (Domain-based Message Authentication, Reporting, and Conformance). With this policy, email providers will send instructions on what to do if an email is sent from your domain but does not match your SPF and DKIM record. This happens when somebody sends spam from your domain. Or worse, sends emails from your domain pretending to be you and tries to steal your customers’ personal information, such as their passwords, credit card details, e.t.c, using a fake website.
This situation is called phishing. If your domain has a strict DMARC policy, the scammer will not be able to send phishing emails.
DMARC allows you to receive reports and decide what to do with emails that do not pass SPF and DKIM verification.
It is not compulsory to set up DMARC if you have just started the authentication process. You can send emails without this record. But if you want to protect your domain from phishing and acquire a creditable reputation from your email providers, you can set up DMARC.
Email authentication is not as difficult issue as it might seem at the beginning. If you don't have the time to figure it out, or if something doesn't work out, you can order setting up from UniSender Customer Care team.