Skip to Main Content

Improving Deliverability With Authentication

Posted on 9.25.2008

For many email marketers deliverability is the key to success. Without peak performance in this area, you're wasting valuable resources and putting your company's reputation on the proverbial line. Let's look at several ways to increase email delivery performance rates through authentication.

The Deliverability Hurdle
There are many hurdles you need to overcome as an email marketer, but automated spam filters (on the ISP and desktop level) are the most challenging. As end users become increasingly familiar with and adept at utilizing in-box filtering mechanisms (Report as Spam for example), marketers' challenges increase exponentially - especially when it comes to false-positives (blocking good email from arriving at its destination). Let's look at some tactics to raise your email reputation and deliverability performance through authentication - the process of validating the identity of an email sender.

This may come as a surprise, but there is no universal authentication system in place for email marketers. Shocking, I know. Instead, there are two primary means of authentication; IP-based Sender Policy Framework using Sender ID (SPF/Sender ID) and Cryptograhic based Domain Keys and Identified Mail (DKIM). Both solutions do improve deliverability - I've even got the data to prove it myself.

The purpose of authentication is to improve the likelihood that legitimate email will get through to the intended recipient. Sounds simple enough.  Authentication helps prove that you are who you claim to be and that you have the right to send email from your IP address or the IP address(es) of a third-party sending email on your behalf. All that A marketer has to do is modify their domain name records to indicate which IP addresses are allowed to send email on behalf of their organization’s domain. This allows ISPs something to refer to when attempting to authenticate that marketer’s email. In short, they become "authentic" senders of mail.

The procedure to authenticate is fairly simple. When a sender attempts to deliver an e-mail, the receiving mail system will go out and query a high-level DNS server to see if there are authentication records for the claimed sender's domain name. A successful validation proves the email originated from the same people responsible for the DNS servers for that domain and that neither the headers nor the body of the e-mail were altered on its way from the sender. This authentication check prevents people from forging the sender’s identity.

Let's dig a little deeper into the types of authentication available:

IP-based Solutions: Sender Policy Framework (SPF) and Sender ID Framework (SIDF)
SenderID is used mostly by Microsoft ( addresses for example) but many other ISPs and corporate mail systems use it as well. SenderID and SPF are essentially the same technology but are implemented a little differently. SPF relies on the Envelope (or return-path) address which is also called the bounce address, while SenderID looks at the Purported Responsible Address (PRA) to determine who the sender is.  SPF is used by AOL, GMail, and other mail systems.

Cryptographic Solutions: DomainKeys Identified Mail (DKIM)
Domain Keys Identified Mail is used mostly by Yahoo and AOL as well as a few other ISPs and corporate mail systems. Domain Keys works off the From Address in the message. Customers who have an existing DKIM key can typically provide their email service provider the private key and they will configure their system to sign messages.

Today's Top Picks for Our Readers:
Recommended by Recommended by NetLine

Leave Your Comment

Login to Comment

Become a Member

Not already a part of our community?
Sign up to participate in the discussion. It's free and quick.

Sign Up


Leave a comment
    Load more comments
    New code