What you will learn in this article:

  1. What are the different types of authentication required and their purpose?
  2. How to authenticate the domain?
  3. We will also learn how to check if the authentication was successful
  4. Steps to warm up the email domain to ensure that our domain reputation stays intact. 

What is the Purpose of Email Authentication?

Imagine you try sending email to your potential lead, but unfortunately all these emails get lost in the spam folder. What's the outcome? Your time is wasted, plus no leads generated. 

This is because the servers were not able to recognize if you were a legit domain sending valuable content. To combat this, there was a full proof “verification” system setup to identify your brand authenticity and protect your brand’s reputations by discarding messages from spammers trying to impersonate your brands. 

As of early 2024, it has become a mandatory requirement for major email providers like Google, Yahoo etc to provide these 3 email authentications called SPF, DKIM and DMARC before sending any cold emails. 

Show some examples of Malicious phishing attacks.

What is SPF, DKIM and DMARC?

Sounds so technical right? But trust me, it's very basic. Lets understand in simple terms:

-SPF (Sender Policy Framework) is your Office’s receptionist with a visitor list. 

When a guest (cold email) comes to your office, your receptionist (email server) will check your visitor list (SPF record)  to see  if we were expecting them or not. If he was expected, his SPF check will PASS and he will be allowed to enter the office.

SPF is nothing but a list of “authentic domains” that have been verified and granted the privilege to be delivered to the receiver's inbox without being marked as “SPAM”.

-DKIM (DomainKeys Identified Mail) is the Visitor's ID

The guest is given a Visitors ID to enter the office. DKIM acts as this Visitor ID. It is a signature or a seal that the email is assigned while being delivered to ensure that the email remains intact during the end to end delivery process. If in any case this email was tried to be tampered with, this signature or seal will break and the DKIM verification will FAIL.

Now we know that if the email SPF record and email dkim check PASS, the email will be delivered to the host. But what happens if spf and dkim check FAILS? This is where DMARC becomes the decision marker. 

-DMARC (Domain-based Message Authentication, Reporting, and Conformance) if your office security rule-book/policy

It defines the instructions on what to do when the visitor (email) fails SPF and DKIM checks. This power to control the DMARC policy lies with the domain owner, which is YOU. You can decide how you want your emails to be handled when they fail authentication. But it is important to understand, each policy has a different impact on your domain quality. We will understand about “domain quality” in detail in the coming section. 

There are 3 different policies:

  1. p= none: This allows the emails to be delivered to the recipient while making a note of this security failure in the daily reports (report that is accessible to you). If not used correctly, it can lead to a drop in the quality score rapidly. It is suggested to use this policy when you are just starting out with sending emails, because a brand new domain will not have any historic emails to measure the quality of the domain.

  2. p=quarantine: This delivers the email in the “spam” folder. This is a great policy to use if used responsibly, if you are sure that all the emails you plan to send are spoof proof, then there should be nothing to worry about.

  3. p=reject: This is the most strict policy that immediately blocks the email from being sent anywhere. This ensures your domain maintains the highest quality score as only the most legitimate email will be delivered.

Okay lets start setting our Domain Authentication. 

1. How to set up SPF? 

Lets start by finding your SPF record first. SPF record is a combination of values based on your email sending server. Meaning if your send is sent via Google workspace, there will be a certain format, vs if you plan to send your email through a different service provider, there will be some additional values to your record. Please see the table below for examples, you can directly copy and paste these exactly SPF Record Values based on your sending service. 

Sending Service(s) Your Combined SPF Record Value
Google Workspace ONLY v=spf1 include:_spf.google.com ~all
Google Workspace + Mailchimp v=spf1 include:_spf.google.com include:servers.mcsv.net ~all
Google Workspace + Salesforce v=spf1 include:_spf.google.com include:_spf.salesforce.com ~all
Google Workspace + Microsoft 365 v=spf1 include:_spf.google.com include:spf.protection.outlook.com ~all
Google Workspace + Zendesk v=spf1 include:_spf.google.com include:mail.zendesk.com ~all

Now its time to upload the SPF record value to your DNS:

  • Sign in to your Domain provider and go to DNS management section 
  • Find the option to add a New Record
  • Enter the following details:
    Type: TXT
    Name: @
    Value: Your SPF record value
    TTL (Time to Live): Default Value
  • Save the record. 

To make it more relevant and easy for your, find the exact steps of the setup for the top Domain providers:

2.How to setup DKIM?

Creating DKIM Key on Google Workspace:

  • Log in to your Google Admin Console with an administrator account.
  • Go to Menu > Apps > Google Workspace > Gmail.
  • Find and click on Authenticate email.
  • Find the Selected domain menu, select the domain for which DKIM needs to be configured
  • Click the GENERATE NEW RECORD button.
  • A pop-up dialog box will appear, configure the settings as follows:
    • DKIM key bit length: Select 2048.
    • Prefix selector: Leave the default value, which is google.
  • Click GENERATE.
  • The DNS record value will be generated. Make sure to copy the following values:
    • DNS Host name (TXT record name): google._domainkey
    • TXT record value: A very long string of characters beginning with v=DKIM1; k=rsa; p=...

Adding the DKIM Record to Your DNS:

  • In the DNS, find Add New Record.
  • Enter the details as follows:
    • Type: TXT
    • Name or Host: Paste the DNS Host name value: google._domainkey.
    • Value: Paste the long TXT record value generated by Google.
    • TTL: Leave as default.
  • Save the record.

Find the exact steps of setting up DKIM for the top Domain providers:

3.How to set up DMARC? 

Before we set up DMARC, it's crucial to ensure that both SPF and DKIM are setup on the DNS for at least 48 hours before setting up DMARC. 

Setup your DMARC record (PHASE 1):

  • When we setup DMARC for the first time, it's important to setup the policy as “none” during the first 1-2 weeks. The purpose for this is to be in a monitoring mode or a data-collection phase. If this phase is skipped it could lead to blocking of the important business communications. This phase allows to build the domain reputation, but it's important to ensure that only legitimate emails are sent during this time. 
  • DMARC Record, looks as follows:
    v=DMARC1; p=none; rua=mailto:dmarc-reports@yourdomain.com
  • The following table decodes the essential tags in this record.26
Tag What it Means Your Starting Value Plain English
v Version DMARC1 "This is a DMARC record."
p Policy none "Do nothing to failing emails, just monitor them and send me a report."
rua Reporting URI for Aggregates.
To this mailbox, you will receive your daily DMARC reports		 mailto:dmarc-reports@yourdomain.com "Send daily summary reports of all my email activity to this address."

Add the DMARC Record to Your DNS:

  • Create a new TXT record in the DNS management interface.
  • Enter the following details:Type: TXT
    • Type: TXT
    • Name (or Host): _dmarc (The leading underscore is mandatory).
    • Value: Paste the DMARC record string: v=DMARC1; p=none; rua=mailto:dmarc-reports@yourdomain.com.
    • TTL: Leave as default.
  • Save the record.

Find the exact steps of setting up DMARC for the top Domain providers:

Setup DMARC for Phase 2 and 3. 

  • Phase 2: Quarantine Phase (2-4 Weeks)
    • Policy: Start with p=quarantine; pct=5;v=DMARC1; p=quarantine; rua=mailto:dmarc-reports@yourdomain.com
  • Phase 3: Reject Phase (Post 4th week)
    • Policy: Start with p=reject;v=DMARC1; p=reject; rua=mailto:dmarc-reports@yourdomain.com

Entire setup video: Cold Email Setup: SPF, DKIM and DMARC for GoDaddy & Google Workspace

We have now completed all our setup and Domain Authentications. But a question arises: Have I done it correctly? So, let's find out how you can verify if the setup is correct and good to go.

First Way: Using Online Tools

There are several online tools that can help with checking your domain's authentication records. Adding one of our preferred and reliable tools below:

MXToolbox: It is very easy to use this tool. Enter your domain name and run the tests. If all is good, your will see a report marked in Green.
- SPF Checker - https://mxtoolbox.com/spf.aspx
- DKIM Checker - https://mxtoolbox.com/dkim.aspx
- DMARC Checker: https://mxtoolbox.com/dmarc.aspx

Second Way: Testing by sending emails to the internal team.

  1. After the setup is complete, test it out by sending emails to your secondary email IDs or to your internal team members.
  2. Open the email from the recipient's inbox.
  3. In Gmail, click on the three dots (More) near the reply button and click Show original.
  4. A new tab will open, showing the raw message. The summary table will show the authentication results. If successful, the status should read PASS.

Great, let's start sending out our emails, BUT  it's very important to follow the best practices as we start out. 

  1. Domain authentication: We are already done with this. 
  2. Plans a gradual approach to sending emails. Meaning, instead of sending a bulk email, start by sending emails to small bases, then slowly increase the recipients. This helps to build the domain reputation positively. 
  3. As you send out the email, try to select recipients who tend to engage with your emails. This helps the servers to understand that the email being sent is valuable and recipients tend to engage with the emails to give the domain a positive quality score. 
  4. As you keep increasing the number of recipients, it's also important to keep cleaning the recipient list. Eg: You are now sending email to 1,000 recipients, but 100 recipients have not opened any of your last 5 emails. So, it's better to eliminate these 100 recipients from your next email. 
  5. Continuously monitor your Domain reputation through Google Postmaster Tools.

We have prepared a warm-up plan to support your journey to successful campaign delivery. 

Phase Day(s) Daily Sending Limit Who to Email & What to Do
Phase 1 1–3 10–20 emails/day Send these emails to internal teams or existing customers who have very high chances of opening and interacting with the emails.
Ensure that the emails are opened and interacted.
Phase 2 4–7 20–50 emails/day Send these campaigns to most engaged users with the same outcome in mind of highest interactions like opens, clicks etc.
Phase 3 8–14 50–100 emails/day Now you can increase your audience to last 60–90 days engagers while closely monitoring open and click rate.
Phase 4 15–30 Increase daily volume by ~20% each day Keep expanding the audience while monitoring the engagements. If you notice an increase in bounce rate or low engagements, go back to limiting the emails to high engagers.
Post Warm-up 31+ Normal sending volume With a good domain reputation, and healthy email practices, you should be good to go.

Maximization through Optimization: How to Save Money with Campaign Monitoring?

Read More

Gamification in CRM: The Key to Unlocking Customer Loyalty and Retention

Read More

Agency vs. Client-Side Experience: A Balanced Approach for Organizational Growth

Read More

Navigation

Home

Our Story

Our Team

Blogs

Contact Us

Address

UAE Office : 1508, Business Central Towers, Dubai, UAE

UK Office : High St, Leicester

Info

Founded in 2021, we have rapidly become a trusted name among businesses worldwide. Using an omni channel, conversion-centric approach, we drive digital growth and deliver value faster, more efficiently, and at a lower cost.

Newsletter

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Copyright © 2025

SellThru

Disclaimer
Privacy Policy