Domain authentication protocol
Method by which you confirm that the sender is who they say they are before agreeing to send their message. It is used to reduce the risk of phishing because it rejects those that do not match the previously validated domain.
Authenticating a domain is not just good practice: it is essential for protecting your reputation as a sender and improving the deliverability of your campaigns. If you do not configure the authentication protocols correctly, your emails could end up in the spam folder or, worse still, be spoofed by third parties for phishing purposes.
What is the difference between SPF, DKIM and DMARC?
Although the three work together, each one fulfils a specific function:
- SPF (Sender Policy Framework): verifies that the server sending the email has permission to do so on behalf of the domain
- DKIM (DomainKeys Identified Mail): digitally signs the message to ensure that it has not been modified during transit
- DMARC (Domain-based Message Authentication, Reporting and Conformance): tells providers what to do if the message fails SPF or DKIM and allows them to receive reports on impersonation attempts.
The joint implementation of all three provides a much more robust layer of security.
How do you know if a domain is properly authenticated?
You can check this with free tools that analyse the domain's DNS records. In addition, many email marketing platforms report in real time whether SPF, DKIM and DMARC records are correctly configured.
A clear sign that something is wrong is an unusually low open rate, or an increase in bounces and messages ending up in the spam folder.
What are the benefits of having correctly configured protocols?
- Greater deliverability: providers trust your messages more
- Reduction in spam placement rate
- Protection against phishing and fraudulent use of your domain
In addition, authenticated domains allow the use of technologies such as BIMI, which add the brand logo to compatible email clients, reinforcing your brand image.