There aren’t many silver bullets in online campaigning, but following a few simple steps to authenticate the marketing emails you send will protect your supporters and improve your email’s delivery in their inboxes. As an added bonus, you’ll be implementing a key security feature to protect your campaign from being hacked.
Even though this method is completely free and only takes a few minutes, a recent report found that few of the 2020 presidential campaigns have this basic email marketing infrastructure in place. Put yourself ahead of the pack (and run a better online campaign) with email authentication.
What Is Email Authentication?
Email authentication is a set of technical protocols that enables an email marketer to prove to the recipients (via their email provider) that they are who they say they are. It helps prevent phishing attacks like the one that got Hillary Clinton’s campaign chairman John Podesta. Because email providers like Gmail want to protect their users, marketers that don’t follow these steps to authenticate their emails may have difficulty reaching inboxes.
There are three records you need to have in place for your domain: a Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM), and Domain-based Message Authentication, Reporting and Conformance (DMARC). Each of these represents a DNS record attached to your domain name (e.g. bestpracticedigital.com).
How Do I Set Them Up?
First, you’ll need to have access to your DNS records, which is typically with your domain registrar (like GoDaddy). If someone else handles this for you, just send them this link and ask them to follow the instructions.
The SPF record is a TXT record that says which services should be allowed to send emails on your behalf. Usually this will be your campaign email (like GSuite) and your email marketing platform (like Mailchimp).
Here’s the SPF record for BestPracticeDigital.com:
Value: v=spf1 a mx include:servers.mcsv.net -all
- Locate the specific SPF instructions for your email marketing platform (here are Mailchimp’s).
- Add “a mx” to that record to ensure you can also send from your firstname.lastname@example.org email.
- Create the TXT record where your DNS settings are (GoDaddy instructions)
- Save the record.
Use this tool to find out what, if any SPF record you already have, or to create your own.
DKIM is another authentication protocol that email inbox providers (like Google, Yahoo, and AOL) rely on to protect their users and you should have in place. It’s complicated and involves cryptography (learn more here) but it’s easy to set up.
Here’s the DKIM for BestPracticeDigital.com (which uses Mailchimp)
- Locate the specific DKIM instructions for your email marketing platform (Mailchimp again)
- Create the CNAME record in where your DNS settings are (GoDaddy instructions).
- Save the record
Use this tool to make sure your DKIM record is valid.
DMARC records work together with SPF records to protect users and maximize the benefits of using email authentication. DMARC gives instructions to other mail servers regarding what to do about email that doesn’t pass authentication. Over time, you’ll ramp up your restriction so that only authenticated mail is sent.
Here’s the DMARC record for BestPracticeDigital.com
Value: v=DMARC1; p=none; fo=1
Use this tool to generate your own DMARC record.
- Generate a DMARC record for your domain using the link provided above.
- Create a TXT record in your DNS settings (same as before).
- Save the record
Once every couple of weeks you’ll want to use the tool to increase your quarantine percentage by 20% until you reach 100%. At that time, after another few weeks, switch to a reject policy, increasing by 20% every few weeks.
You’re going to spend a lot of time on your email program – writing, approving, testing – and you’re going to spend money building your list, but none of these investments matter if your email isn’t reaching inboxes. Even though these steps may seem complicated, it’s critical that you follow them.