What to do: Make sure your SPF record is up to date and includes all your legitimate senders — your ESP, your CRM, your support system, anyone sending on your behalf. Here’s more detail.
DKIM: The Tamper-Evident Seal
DomainKeys Identified Mail (DKIM) adds a digital signature to each email, so the receiving server can verify that the message hasn’t been altered in transit and that it came from you. Think of it as your wax seal on the envelope.
What to do: Publish a south africa telemarketing database public DKIM key in your DNS, and ensure your ESP is signing outgoing email with the matching private key. Here’s more detail.
DMARC: Your Inbox Policy
Domain-based Message Authentication, Reporting and Conformance (DMARC) is the protocol that ties it all together. It tells mailbox providers what to do if an email fails SPF and/or DKIM, either monitor, quarantine, or reject that message.
What to do: Start with p=none so you can monitor. But the long-term goal is p=quarantine or p=reject, because most major inbox providers (like Google and Yahoo) require enforcement for full trust and things like BIMI.
Bonus: DMARC reports give you visibility into who’s sending email from your domain. Sometimes you’ll find unauthorized senders; sometimes you’ll discover your own dev team forgot to authenticate something. Here’s more detail.
BIMI: Show Your Logo, If You’ve Earned It
Brand Indicators for Message Identification (BIMI) is where authentication meets branding. If you’ve passed DMARC with enforcement and set up the right DNS records, BIMI lets your logo appear next to your emails in supported inboxes.
What to do: Publish an SVG logo, set up a BIMI record, and if you're sending to Gmail or Yahoo users, you’ll also need a Verified Mark Certificate (VMC). Yes, that’s a paid third-party certificate — welcome to enterprise email. Here’s more detail.
Authentication: Final Words
All four protocols require DNS configuration. If that’s not your lane, loop in your IT or dev team. But don’t skip this step. Without proper authentication, you’re starting every send with a deficit. Even your most beautiful, best-segmented campaign will be suspect if the infrastructure doesn’t check out.
And remember: passing authentication isn’t a gold star, it’s the baseline. You’re not getting rewarded for doing it right, but you will be penalized if you don’t.
2. Maintain a good sender reputation.
Once your authentication is squared away, the next big inbox gatekeeper is sender reputation. If authentication says you are who you say you are, reputation tells mailbox providers whether you’re someone worth trusting.