Email authentication

Email authentication is a collection of techniques that equip your emails with verifiable information about its origin.

Proper authentication is crucial for internet service providers (ISPs) to recognize you as a sender of desirable emails and deliver your mail immediately. Without authentication, your outreach is presumed to be fraudulent.

Methods of authentication

Sender Policy Framework (SPF)

This method confirms that your Braze email-sending IP address is authorized to send mail on your behalf. SPF is your basic authentication and is accomplished by publishing the text records in DNS settings. The receiving server will check the DNS records and determine whether they are authentic. This method is designed to validate the email sender.

Your SPF record will be set up when Braze configures your IPs and domains - beyond adding the DNS records we give you, no further action is required.

Domain Keys Identified Mail (DKIM)

This method confirms that your Braze email-sending domain is authorized to send mail on your behalf. This method is designed to validate the sender’s authenticity and validates the integrity of the message is preserved. It also uses individual cryptographic digital signatures so ISPs can be sure the mail they’re delivering is the same as the mail you sent.

Braze signs the mail with your secret private key. The ISPs verify the signature against your public key, which is stored in your custom DNS record. No two signatures are exactly alike, and only your public key can successfully verify your private key signature.

Your DKIM record will be set up when Braze configures your IPs and domains-beyond adding the DNS records we give you, no further action is required.

Domain-based Message Authentication, Reporting, and Conformance (DMARC)

This method takes the SPF and DKIM authentication protocols one step further. If you decide to use DMARC, you can instruct ISPs on how they should handle mail that failed your signature or authentication checks. Failures could indicate that others are trying to imitate you or your email. You can tell the ISPs to reject or quarantine the mail and even send you automated reports about the bad mail.