Sign up now!

SPF Coming of Age – Un-Authenticated Emails Now More Likely to Be Treated as Suspect

Friday 30 November 2018, 9:10PM
By Beckie Wright

Gmail is well-known for having rigorous specifications for bulk email service providers. In Google’s ongoing bid to curb spam, they are constantly tightening their best-practices. Gmail, along with leading ISPs, are continually working to improve their email validation systems, so it pays for marketers to be up-to-date with the latest guidelines.

These guidelines are regularly released by the company themselves, and then sifted through by major market players, in order to extract primary insights, such as exactly how email is filtered into spam folders, and which emails even reach a user’s inbox at all.

Email authentication is the key. Some sources online may also refer to the process as domain validation, but the underpinning principle is the same – ISPs can better route an email if they can easily identify the domain it originated at.  This aims to eliminate spoofing and phishing, in which mail originates with a different sender than the one it appears to originate from.

Essentially, authentication allows tolls used in the email-marketing sphere to be implemented without worrying about the domain name being misread by Gmail or your ISP. Here’s an example using MailChimp, a popular email marketing tool; authentication eliminates that placeholder data (via that MailChimp fills in for your campaign’s From field, and replaces it with your own domain, as you want your newsletters to be traced back to you for validation purposes.

For a long time, this sort of email authentication has not been considered a requirement for your average mass email service provider, even though it has always resulted in higher chances of newsletters being delivered to spam folders. Implementing authentication doesn’t have to be difficult either – it’s a generally a case of uploading a single file to your server, or creating a few DNS records. The file in question is typically generated by your delivery tools.

Sender Policy Framework, or SPF, validates your envelope HELO and MAIL FROM identities “by comparing the sending mail server’s IP address to the list of authorized sending IP addresses published by the sender domain’s owner in a “v=spf1″ DNS record.”

This process is even more vital if your mail is sent via an IPv6 IP address. Domains used for sending are required to meet SPF and DKIM benchmarks – if they don’t it’s likely they’ll be marked as spam.

To clarify, when you get a new email in your mail client, your ISP uses SPF to read the IP address it came from, along with the IPs of the website. If they are the same, no alarms are triggered.

While SPF is a now a cardinal rule of email blast marketing, it’s worth making clear that implementing it isn’t a fix-all solution. There are a number of different reasons you may be having delivery issues with Gmail, as SPF isn’t the only required authentication for email, not to mention other core elements of bulk email business, such as data hygiene, content, and address list gathering.

For more information on this topic, get in touch with the experts at Cumulo9, by following this link: