What is email authorization (SPF, DKIM)?
Create: 1000 days ago
Update: 873 days ago
Reading time: 4 min
When you start diving into the topic of email marketing, two of the acronyms you'll quickly come across are SPF and DKIM. These are crucial pieces of email authorization that you will need to familiarize yourself with if you hope to successfully send email campaigns to a list of customers or followers.
This lesson will explain why email authorization is essential, what the SPF and DKIM acronyms mean, and what happens if an email sender does not correctly set up their email authorization keys.
Why Email Authorization is Important
In Medieval times, messages between officials were often sent after a paper scroll was sealed shut with a wax seal. If that wax seal had been tampered with, or if it did not look like the wax seal of the "sender" (often a king or court official), the recipient could know that the message had been possibly tampered with or forged.
In modern times, email authentication works under a similar principle. The SPF and DKIM signature on your email tells the recipients' email server, "This is a real message that was sent by the person who claims to be the sender." SPF and DKIM sort of work like the "wax seal" that ensures that your messages don't get sent to your message recipients' spam folders.
SPF: Sender Policy Framework
SPF is an authentication system that allows an email recipient's domain to know that your email is valid, and it was really sent from an email server authorized by you. When you publish an SPF record on your domain, you create a list of IP addresses that are authorized to send emails from your domain.
If an email is sent to a recipient that claims to be from your authorized sending domain, the receiving email server runs a quick check against your SPF record. If the IP addresses match, the recipient server knows your email is "safe." If the IP addresses don't match or your, the receiving domain can entirely reject your message or send it to the recipient's spam folder.
DKIM: DomainKeys Identified Mail
DKIM is a second layer of email authentication hidden in the "behind-the-scenes" code of every email, known as the headers. DKIM uses public-key cryptography to tell the email recipient's provider that your email is authentic and not a forgery.
The owner of a domain sets up a cryptographic key and then publishes it within their DNS. Each time that domain owner sends out an email, their personal, unique DKIM signature is attached to the email header.
The recipient email server can then decrypt the DKIM and check it against the email sender's key. Think of it as a secret handshake that is near-foolproof.
SPF and DKIM Work in Tandem
It's well worth the time to set up both SPF and DKIM signatures if you plan on sending emails from your domain. These two systems work together as a dual layer of security for your brand. Without DKIM and SPF, it would be nearly impossible for a domain owner to send emails to their clients, customers or followers.
What Happens if You Don't Set up SPF and DKIM?
If a domain owner sends out a large volume of emails that do not have SPF and DKIM authentication set up properly, they would quickly find their address "" by all the world's major email providers. This means that your domain would be tagged as a "spammer." The domain owner would then be unable to send emails to any recipients from any of their domain's IP addresses. !
SPF and DKIM are critically important email authentication procedures. Without them, many email address provider domains will block your emails entirely, which will lead to.