Email authentication helps you protect and improve your email deliverability rate by preventing email fraud and identity theft, proving that your emails are being sent from you and not another illegitimate source.

The common standards are DMARC, DKIM and SPF authentication:

SPF stands for Sender Policy Framework. With SPF, you can define the IP addresses that are allowed to send emails for your domain.

Emails can be proven to be authentic with an encryption key and digital signature provided by DKIM (Domain Keys Identified Mail).

Once you have SPF, DKIM or a private technical sender domain in place, you can set up DMARC for a more unified framework. DMARC (Domain-based Message Authentication, Reporting & Conformance) allows you more control, and the ability to set up responses for handling different scenarios when an authorisation test is failed.


In this article

APSIS One and Email Authentication

When you onboard with APSIS One, you can start sending email messages as soon as you have set up your Audience. These emails are authenticated via SPF and DKIM, under APSIS' own authentication protocols, so they're delivered right to your profile's inbox with the APSIS seal of approval. This is enough for most smaller businesses, yet DKIM authentication is highly recommended for all APSIS One accounts.

There are many benefits to having custom authentication, the largest and most important being that custom authentication is very good for deliverability rates.

Would you like to set up custom authentication?

We're happy to hear that. First, reach out to your APSIS Account Manager, who will be able to redirect you to our Delivery professionals. DKIM is currently a part of our custom authentication service offering, while DMARC relies on your own efforts.

Our custom domain for links and system pages and private technical sender domain services are coming soon!

SPF Authentication

Even if you intend to send very few emails and have an essential setup, SPF authentication always exists in the sender domain in order to safeguard emails sent from your domain.

SPF stands for Sender Policy Framework. It is an authentication method that will allow specific email servers to send emails from your domain.

This is part of APSIS' standard service offering, and our SPF record is automatically created with your sender domain when you get started with APSIS One.

Why is SPF important?

Sender Policy Framework prevents forged emails from being sent from an illegitimate source impersonating a domain.

It will generally not stop spam or junk emails, but it does allow domain owners to partially confirm and legitimise specific servers to send emails in their name and behalf. SPF only applies to the Sender domain, which for newsletters usually is It does not apply to the From domain, which is the domain the sender sets as "From" in the actual mail: this is handled by DMARC (Domain-based Message Authentication, Reporting and Conformance) and DKIM (Domain Keys Identified Mail).

Private Technical Sender Domain

In Development

Setting up a private technical sender domain will soon be a part of the services offered by APSIS' Delivery professionals. Meanwhile, let's look at the two types of senders in an email:

There's the from sender, also known as a "friendly from", which is the one that you enter when setting up your Email tool activity.


And then there's the verified, technical sender, which without a private technical sender domain setup remains as APSIS' domain. Also, although it's rare that a recipient looks into this aspect, your private technical sender domain will be shown in the email header instead of APSIS', which also inspires trust and maintains brand consistency.

For improved deliverability rates, it is good that your from sender is the same as your private technical sender.

Why is this important?

If you intend to set up DMARC authentication, you must have SPF authentication and DKIM or a private technical sender domain. It's important, even if you don't intend to set up DMARC, because email clients will be able to verify that the domain you're sending from is legitimate. Also, by not sharing a sender domain, you have more control over your sender reputation and consequently your deliverability rates.

Setting up DKIM and DMARC

DKIM authentication verifies that you, as a sender, are indeed authorised to send emails on your behalf. This significantly decreases the risk of emails landing in a spam folder or bouncing from being caught in spam filters.

DMARC is a validation system for your emails which detects and prevents email spoofing. It's built on top of SPF and DKIM, and while they help identify fake emails, DMARC provides reports on how and when emails are being rejected and the reason why. Also, it allows you to have more control over how receivers handle emails that failed authentication or validation.

APSIS' Delivery department provides you with everything you need in order to get DKIM ready. Reach out to your APSIS Account Manager, who will be able to redirect you to our Delivery professionals!

Did this answer your question?