Skip to main content
Email Authentication - Safe Sending

Email authentication, TLS, IP number

Updated over 3 months ago

Email Authentication - Safe Sending

We care for your sendings to be safe, as your email reputation is very important to us.

Therefor, we have a well organised system of setting up email authentication, monitoring IP numbers and using TLS encryption.

We also have good tips for on how you can affect your email deliverability!


In this Article


What is Email authentication?

Email authentication helps you protect and improve your email delivery rate by preventing email fraud and identity theft. The authentication proves that your emails are being sent from you and not another illegitimate source.

We Help You Set It Up!

The common standards are SPF, DKIM and DMARC authentication. When you onboard with efficy Marketing (Apsis), we will ensure your emails will be authenticated with SPF as well as DKIM, under our own authentication protocols. This way, your emails are delivered right to your Profile's inbox with the efficy Marketing seal of approval.

SPF

SPF (Sender Policy Framework) prevents forged emails from being sent from an illegitimate source impersonating your domain. SPF elevates your reputation, combats email spoofing and improves deliverability.

SPF is setup for the technical sender domain. When you send emails with Apsis One, the technical sender is our domain "apsisone.com". We have set up SPF in our DNS, which means you do not have to set up SPF on your DNS. The "technical sender" domain is separate from your "from domain", which is authorised with DKIM (see below).

DKIM

We strongly recommend that you set up DKIM authentication. (Domain Keys Identified Mail.) DKIM authentication verifies that you, as a sender, are indeed authorised to send emails on your behalf. The recipient's server then knows that you are who you claim to be.

Why is DKIM Important?

DKIM is set up with an encryption key and digital signature, and thereby proves the emails to be authentic. This significantly decreases the risk of emails landing in a spam folder or bouncing from being caught in spam filters.

Without DKIM implemented, a large part of the emails will very likely be classed as spam when sent to recipients using Gmail, Yahoo or O365/Outlook. Large email providers are from February 2024 enforcing DKIM as a requirement for anyone sending more than 5000 emails within a single day.

During your onboarding to Apsis, our Consultants will help you det started to get DKIM set up. You can always reach our Customer care team through our chat.

How To Set Up DKIM

What information do we need?

  1. What domain you want to send emails from.

  2. A Selector (a keyword that you choose).

Efficy Delivery team create a key pair and provide you a DKIM key.

How to implement DKIM?

  1. Publish the DKIM key in your DNS*.
    - Add key as a TXT record.
    - Sometimes the key needs to be divided into two posts.
    - If you are using several domains, you need several DKIM.

  2. Let Efficy know your DKIM key is published, and we will activate DKIM signing on our MTA.

* The Domain Name System (DNS) Server is a server, specifically used for matching website hostnames (like example.com) to their corresponding Internet Protocol or IP addresses. The DNS server contains a database of public IP addresses and their corresponding domain names.

DMARC

DMARC is a validation system for your emails which detects and prevents email spoofing. (Domain-based Message Authentication, Reporting & Conformance). It's built on top of SPF and DKIM, and while they help identify fake emails, DMARC provides reports on how and when emails are being rejected and the reason why. Also, it allows you to have more control over how receivers handle emails that failed authentication or validation.


IP numbers

IP number (Internet Protocol number) is an identification and location of a network device. All IP numbers are owned and managed by our Delivery team, who monitors them regularly, performs warm-ups, and ensures they always have a high reputation.

Additionally, the team also monitors a number of server blacklists to make sure that none of our IP addresses are listed on them. All aspects of IP management are taken care of, so you don't need to worry about your IP address having a bad reputation.


Transport Layer Security (TLS)

TLS encrypts data in transit. It encrypts data while sent over the Internet to ensure that hackers are unable to see what you transmit.

Why is TLS Important?

TLS is basically a cryptographic protocol that provides end-to-end security of data sent between applications. It is especially useful for private and sensitive information such as passwords, credit card numbers, and personal correspondence.

Efficy Marketing requires at least TLS encryption 1.2. In some jurisdictions the GDPR regulations call for a higher level of security when you send emails. Make sure to investigate regulations for your local jurisdictions.

TLS as Default Standard

  • Sending through the Email tool
    Emails sent with the Email tool have TLS encryption as the default standard. But if the recipient email server do not support TLS encryption, the email will be delivered unencrypted.


    You can make the TLS encryption forced, by requesting all emails to be sent through channels that require TLS. However, with a possible slightly decreased delivery rate (read more below).

  • Sending with Marketing Automation
    For Emails sent through our Marketing Automation tool forced TLS encryption is the default standard since they are considered personal emails.

If you wish to enable forced TLS encryption for all types of sending, please reach out to our Support Team and they will help you set it up. If you decide to, it will cover all sections in your account.

The Impact of Enabling Forced TLS encryption

When enabling forced TLS encryption, emails are sent through channels - specific email server accounts - that are configured to require TLS encryption. If the recipient mail server does not support encryption, the connection is dropped, and the mail is discarded - meaning you might experience slightly higher bounce rates.

Note: We do not offer an encryption of the email's content: If you are sending sensitive content that needs to be encrypted, solutions like PGP, S/MIME encryption or Microsoft 365 Message Encryption are recommended.


Next Step

Did this answer your question?