Email Authentication 101: A Guide to SPF, SenderID, DKIM, Domain Keys, and BIMI

Learn everything you needed to know about Email Authentication 101 A Guide to SPF, SenderID, DKIM, Domain Keys, and BIMI

Are you a new email marketer, wondering what email authentication is?

Perhaps you’ve already tested out a campaign, but it suffered a poor open rate. Have you considered why some emails end up in the junk folder in the first place?

From an email receiver’s point of view, email authentication can prevent some nasty messages from getting through. Recently, a tax phishing scam was able to bypass the Google Workspace email authentication checks.

Understanding how email authentication works is essential in email marketing to increase deliverability.

We’re going to run through the basics of email authentication. We’ll also discuss the technical standards and protocols working behind the scenes. Read on!

What Is Email Authentication?

Email authentication provides a way to check that an email is genuine.

Its primary function is to stop spam messages and phishing attempts from arriving in the inbox. Several technical standards allow email authentication to take place.

The Simple Mail Transfer Protocol (SMTP) is the internet standard for communicating electronic mail (email). The SMTP protocol is also the foundation that enables emails to send and receive.

When a server receives an email, it will inspect the domain where it was sent from. This might be found in the “envelope from” address (or return-path). It may also be obtained from the HELO SMTP command, which an email client sends when connecting to the email server.

If you’ve ever used a tool to check your email authentication (and you should), you may have received warnings regarding SPF, DKIM, or DMARC. We’re going to cover what these mean next so you can correct any problems with your emails.

If you fail to have your email authentication set up correctly or you have other inconsistencies in your emails, you’re likely heading straight for the spam folder!

What Is Sender Policy Framework?

Sender Policy Framework (SPF) is an email authentication method designed to detect forging sender addresses during the delivery of the email.

It’s used to indicate mail servers that are allowed to send an email on behalf of the domain. By cross-checking the authorized IPs with the sending IP, a result posts in the email header. The receiving server will consider this result when deciding if it will accept the email or filter it. There can be instances of false-positive results, such as with email forwards that have a different source IP.

What Is Sender ID?

Sender ID is Microsoft’s authentication protocol, built on SPF and their Caller ID specification. Its main use is to identify spoofing – an altered email that’s changed to appear to originate from a different sender.

The Sender ID protocol parses the SPF record (if it’s available) and finds out if the source IP is authorized to send an email on behalf of the sender’s address. The “Received” SMTP header is used to validate the email.

Your Domain Name System (DNS) record translates your domain name into its corresponding IP address. A DNS record query is also used to check the authenticity of an email using Sender ID.

What Is DKIM?

In 2004, Domain Keys by Yahoo merged with Cisco’s Identified Internet Mail specification. It is now a widespread email authentication standard used by major ISPs to verify inbound email.

Domain Keys Identified Mail (DKIM) is another technique that verifies email authentication. It allows the receiving server to ensure that the email was genuinely sent by the domain owner where it originated.

In doing so, the DKIM standard increases the likelihood that an email will be successfully delivered.

A securely encrypted DKIM digital signature is added to the email as a header. The receiving server is then able to validate that the email body and/or attachments are unmodified.

What Is DMARC?

DMARC stands for Domain-based Message Authentication, Reporting, and Conformance.

The protocol uses the SPF record and DKIM signature to decide if an email is genuine. Phishing attempts often use domain spoofing, where an attacker pretends to be a company or employee. This is done by using a fake domain that looks real or a website address with only a few character changes.

If an email authentication with SPF or DKIM fails, then the DMARC record specifies what happens. This could be an action to block the email or to send it to the junk folder.

The email sender’s DMARC record helps the Internet Service Provider (ISP) prevent spam and harmful email going through. DMARC also reduces the number of emails that are incorrectly identified as malicious or junk.

What Is BIMI / Brand Indicators?

BIMI is short for Brand Indicators for Message Identification.

Unlike email specifications that verify sender information, BIMI verifies brand information. It allows logos that are under the control of brands to be used in email clients that allow the specification. Using BIMI makes it possible for a brand logo to appear in inboxes that permit it.

Some email clients attempt to grab an image from the email to display in the inbox already. BIMI gives you the power to signal which logo should show. This gives end recipients confidence that the email is genuine.

Like SPF, BIMI functions as a text record on your servers. In short, it’s another specification that authenticates your identity to an email client.


Without the proper email authentication for your outbound email marketing, chances are your messages will be sent off into the void or end up hidden away in the spam folder.

New to Email Marketing?

Want to know more? We produce a free guide that contains 27 free tools Every eMail Marketer Needs In Their Toolbox. If you’re new to email marketing, we’ll take you to the next level by improving your open rates and boosting conversions.

If you’re a beginner at email marketing, we can help. We provide training for new email marketers that will grow your sale and web traffic with engaging emails.  We’ll help you learn the basics, choose technology, and even find an agency to help you with your email marketing.

Learn more about eMail Marketing today with The eMail Guide.

Meet the author:

Jeff Ginsberg

Jeff Ginsberg

20+ year email marketing veteran who wants to help NewBees BEEcome eMail Marketing Ninjas. Want to contribute to our blog? We are always looking for eMail Marketing Ninjas to come share their knowledge and help NewBees create and send better eMail messages.

Connect with: Jeff Ginsberg

Share this page:

Share on linkedin
Share on facebook
Share on twitter
Share on email

Connect with us:

To stay in the know and get the best eMail Marketing information that will teach you how to BEE an eMail Marketing Ninja.

Share this page:

Share on linkedin
Share on facebook
Share on twitter
Share on email

to download our
“27 Free Tools Every
eMail Marketer Needs
in Their Toolbox”


Your privacy is our privilege!
We will never rent, sell or share your data. 
You can unsubscribe at any time, but you won’t want to 😃

  • No comments yet.
  • Add a comment

    SUBSCRIBE to our newsletter
    to download our FREE GUIDE
    “27 Free Tools Every
    eMail Marketer Needs in Their Toolbox”

    Download our free guide 27 Free Tools Every eMail Marketer Needs in Their Toolbox

    Download our FREE GUIDE

    Your privacy is our privilege!
    We will never rent, sell or share your data. 
    You can unsubscribe at any time, but you won’t want to 😃

    This website uses cookies to ensure you get the best experience on our website.