How do I authenticate my From email address?

The From address is key to the success of your email marketing campaigns in the ZiftONE portal. It influences recipients to open the email as much as the subject line. Recipients often see the From address before seeing the Subject line. 

Your email From address should be easily recognized and consistent. If the recipient does not recognize the From address, they are likely to unsubscribe or flag the email as spam.

In addition, an authenticated domain for the From address gives email providers assurance that messages using your email address are trustworthy and originate from senders approved by you. 

We strongly advise that you authenticate your From email addresses/domain, using the instructions in this article. Authentication maximizes the deliverability of your emails to recipients' email inboxes. 

IMPORTANT

Gmail and Yahoo require that email marketers authenticate their DNS with SPF, DKIM and DMARC. This is to reduce the amount of spam email relayed through their systems. If authentication is not in place, they will not deliver the email. Implement the configuration in this article to ensure that your emails get delivered.

ZiftONE has a fallback process in place to handle non-authenticated domains. If your domain does not have proper SPF, DKIM and DMARC in place, your sender email address will be sent from @bounce.zift123.com. For example:

sales@partnercompany.com will send from sales+partnercompany@bounce.zift123.com

This will ensure that your email will not be rejected due to domain authentication, but it may result in emails being flagged as spam due to an unexpected domain (@bounce.zift123.com)

If you are not directly responsible for DNS configuration, provide these instructions to your IT team for review and implementation. The PDF linked to the bottom of this article provides a summary of the required configuration.

What are SPF, DKIM, and DMARC?

SPF, DKIM, and DMARC are email authentication methods. Your DNS record provides information abut who you are on the internet. You can add authentication to the record to improve the security of your emails. Each authentication method works in a slightly different way:

  • SPF (Sender Policy Framework) - a method that prevents your email from being used without your permission. When you authenticate via SPF, you are providing permission for a sender (in this case, ZiftONE) to use your email domain on your behalf.
  • DKIM (DomainKeys Identified Mail) - confirms that sender email addresses are not forged, for example for phishing attempts or spam messages, and that emails are being sent from an authorized sender.
  • DMARC (Domain-based Message Authentication Reporting and Conformance) - gives email domain owners the ability to protect their domain from unauthorized use. A DMARC protocol requires that you have SPF and DKIM in place, and allows you to instruct servers how to handle messages from your organization that don’t pass SPF or DKIM.

These authentication methods add a digital signature to your email headers.

DNS Verification and Propagation Check

The next sections contain the instructions for you to configure your DNS with authentication. Once you've completed them, you can use these tools for checking:

You will be ready to send emails when you see the entries from your recent update appearing on the DNS Propagation Checker site. If your configuration is unsuccessful, reach out to your DNS provider to check your entry syntax as it is unique to your provider's requirements. 

Notes

  • Your individual propagation timeline is directly related to the TTL on your DNS configuration and the accuracy of your entries. It can take up to 48 hours for authentication status to update to mail servers globally.
  • DNS updates are carried out in the DNS provider's application by the email domain owner, for example your organization's IT team or website manager.

If your configuration is unsuccessful, reach out to your DNS provider to check your entry syntax - it is unique to your provider.

SPF Authentication

You can use SPF to authenticate the From domain you will be using to send your emails.

  • You can use a tool such as mxtoolbox.com/SPFRecordGenerator to create an SPF record. If you already have SPF in place for other servers (for example Outlook), you will update your existing SPF record.
  • Add this phrase to your SPF record:

    include:md02.com

    For example, if your existing record looks like this:

    v=spf1 ip4:1.2.3.4 

    Add the include so it looks like this:

    v=spf1 ip4:1.2.3.4 include:md02.com 

    Note: The -all xx is

To confirm that SPF authentication has been successful, check your domain using the mxtoolbox.com tool. Your SPF details should report that include:md02.com is present.

DKIM Authentication

Add a CNAME record to the DNS for DKIM authentication.

We provide two methods, please use ONE of them. Replace any references to insertyourdomainhere with your company email domain.

  • Method A

    CNAME HOST: dkim._domainkey.insertyourdomainhere.com Value: dkim._domainkey.md02.com

  • Method B

    CNAME HOST: dkim._domainkey.insertyourdomainhere.com Value: dkim.md02.com

To confirm that DKIM authentication has been successful, check your domain on a site such as  https://mxtoolbox.com/SPFRecordGenerator.aspx. The result should include the following data:

v=DKIM1;k=rsa;
p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu2gAtnNzEfzNxLKMcfPJuuFoocS/ mMTkSMoCz0ClygNC7Ojqc3aXw1GW+NAIGO9M62EX+lfWTt+/4Eksdn7NovdR0FbjfDOrTlVAeaePwXB1S/ kNBpOEk/4vTDYW3oam2uSm2GTMiQRMlj1vYKx/ wG5jAjHyWNMblyOTYXsSd3iz4vjGEDsZMZplaAZX+Tkx3eAsCoDAPLEmsOFhLIm570WCAYwtXErPMhR6XcDzKpleN7f9koc5zcupX/ pHalnWsIHTdSEcrJ9NNkXE9ZOllTz/9cjkZJu28UN/XRczjfrF6zuuBm+QkY2qHxU9edT3YUM1CqX6terkmxGUxVOLtwIDAQAB Public key length: 2048

Note that it can take up to 48 hours for authentication status to update.

DMARC Authentication

Create your DMARC policy on your DNS record. We recommend updating your SPF and DKIM records before addressing DMARC, as a DMARC policy requires that the other two records are available.

This is the minimum DMARC policy required. Replace any references to insertyourdomainhere with your company email domain:

_dmarc.insertyourdomainhere.com                TXT                  "v=DMARC1; p=none;"

The v tag must have the value DMARC1.

The p tag can have one of three possible values - none, quarantine, or reject.

 Training

Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Article is closed for comments.