Internet Performance Delivered right to your inbox

Dyn Email: Why You Should Setup Authentication With SPF, Domain Keys

With more email than ever being delivered and with the industry devoted to reducing and eliminating spam, there are quick and easy things your IT department can do to ensure that your emails are reaching their intended target and not getting diverted to the dreaded Junk folder.

It’s called email authentication and here’s an explanation of what it is and why it matters.

Authentication plays a big part in your online reputation. If you are a legitimate sender, having proper authentication is not an option. If an Internet Service Provider (the ones that police whether email gets through) cannot identify your mail, it may be rejected immediately or placed in the spam folder.

As you can imagine, spammers, phishers and frauds took full advantage of this technical loophole before authentication was a must for senders. Now with the proper measures in place, companies are able to view all of your outgoing email to determine if the email is properly validated and stop unauthorized emails at their gateways.

Types of Authentication

Almost all major internet service providers (ISPs) require some sort of authentication as they need to know that that email is coming from a trusted source for that domain. Some look for a proper Sender Policy Framework (SPF) and some look for a domain key, so having both set up properly is a must for responsible senders.

SPF is supported by Google (Gmail), Microsoft (Hotmail, MSN), AOL, PayPal, Ebay, Amazon and a slew of other large ISPs and corporations.

Here’s an easy wizard for setting up a SPF record.

Domain Keys (DomainKeys Identified Email, aka DKIM) are supported at Google (Gmail), Yahoo, and many others.

DKIM allows users to digitally sign a message. The receiving server can verify the signature by checking the encrypted DKIM keys, one public and one private. The private key is used to sign the message and must be kept secret. The public key is only used to verify the signature and does not need to be hidden. If you only have the public key, you can not forge the signature. The signature itself is included in the header of the message which does not show to most users.

If you’re a DynECT Email Delivery client, contact our Concierge department for how to set these up. If you’re not, your email service provider should be able to assist you. (If they can’t or have no idea how, you should be delivering your email through Dyn.)

DynECT Email Delivery clients are able to view and set up their SPF/domain keys right inside the application already. If you’re a bulk/transactional sender and want a demo, hit us up and we can show you that and everything else that makes our email platform the best.


If you’re sending to these domains to reach your target audience and you do not have authentication set up, you could see an immediate jump in open and clicks and a decrease in bounces with implementation of these important authentication measures.

Though authentication is very important and identifies the responsible sender, therefore making it difficult to forge your domains, it will not solve all of your deliverability problems. If your content is weak, you don’t process your bounces, remove your complaints or deploy to people without their permission, authentication will not get you more opens and clicks.

It takes time, best practices and a desire to be a clean email sender. If you fit that criteria (or want to get on the right path), let’s talk.

Share Now

Whois: Stephen Wheeler

Stephen Wheeler is a employee at Oracle Dyn Global Business Unit, a pioneer in managed DNS and a leader in cloud-based infrastructure that connects users with digital content and experiences across a global internet.