In simple words, authentications are ways to show to the MBPs (MailBox Providers) that Splio has authorization to send messages, using your "credentials". In practice, authentication exists to associate a domain name to a message, validate the author or origin of a message, validate the content of a message, and create reputation. It can also help preventing phishing.
The most used entries when it comes to email athentication are:
- SPF (Sender Policy Framework) record: it is a TXT record that publishes the list of servers allowed to officially use a domain name in the “HELO” (or “EHLO”) and “MAIL FROM” (not the Visible “From:” header field) steps of the SMTP transaction. Simplifying: it is a list of authorized email servers, for a given domain.
- DKIM (DomainKeys Identified Mail) record: this TXT record publishes a series of “public keys” that can be used by anyone to control a cryptographic signature that we will include in your message headers. If the signature cannot be successfully verified, it could mean the headers or the content of the message have been tempered with.
- DMARC (Domain-based Message Authentication, Reporting and Conformance) record: this TXT record is built on the widely deployed SPF and DKIM protocols (Visible From: domain + SPF + DKIM), adding a reporting function that allows senders and receivers to improve and monitor protection of the domain from fraudulent email.
- MX (mail exchanger): is like a postal box; it contains the place the message should be delivered. If you have more than one entry pointing to different servers, the postman won’t be able to deliver the message.
- Google Postmaster Tools: is used to follow reputation and other behavior related to your sendings.
- BIMI: Yahoo and AOL allow you to put an Avatar in your emails. It is possible that Gmail requires purchasing a Verified Mark Certificate (VMC) which costs around 1000 USD. You can find more details here
Each MBP has its own rules, some providers check all items, others just a few. For this reason, it is strongly recommended to keep all entries implemented to mitigate any possible issue.