Mailbites · Issue 15
Three records standing between you and the inbox
SPF, DKIM, DMARC. Boring, invisible, and the reason half your email never arrives.
Anil Kumar
Founder & Principal Advisor
In today's Mailbites, we talk about email authentication, the three unglamorous acronyms that decide whether mailbox providers trust you, and why getting them wrong means your best email never even reaches the spam folder, let alone the inbox.
Now, onto today's story.
The Story
You can write the perfect email, to the perfect segment, at the perfect moment, and have it vanish on the way to the inbox because of a DNS setting you've never looked at. Authentication is the invisible tax on every email program, and since the big mailbox providers tightened their rules, it stopped being a best practice and became the price of entry.
There are three pieces, and they work together. Think of them as proving you are who you say you are.
- SPF tells the receiving server which machines are allowed to send email on behalf of your domain. It's the guest list. If an email arrives from a server that isn't on the list, that's a red flag.
- DKIM adds a cryptographic signature to your emails, so the receiver can confirm the message genuinely came from you and wasn't tampered with in transit. It's the tamper-proof seal.
- DMARC ties the first two together and tells providers what to do when a message fails the checks, and, crucially, sends you reports on who is sending email using your domain, including anyone spoofing your brand.
Here's the part founders miss: these aren't optional anymore. Gmail and Yahoo now require proper authentication from anyone sending in volume, and mail that fails gets quietly filtered or rejected. No bounce you'll notice, no error, just silence and a sinking open rate that you'll wrongly blame on your subject lines.
The good news is that this is mostly a one-time setup. You add a few records to your domain's DNS, usually with copy-paste values your email platform provides, and then you're done. The one piece worth treating as ongoing is DMARC: start in a monitoring mode, read the reports to make sure all your legitimate senders (your email platform, your helpdesk, your invoicing tool) are passing, and then tighten the policy so impostors get rejected.
If you do one technical thing for your email program this quarter, make it this. It isn't exciting, nobody will compliment you on it, and it is the single most common reason perfectly good email disappears. Prove you are who you say you are, and the inbox finally lets you in.
Until next week,
Ani