Understanding Email Authentication: SPF, DKIM, DMARC & BIMI

Know more on Batch default setup for SPF, DKIM, DMARC, MX and BIMI.

About Email Authentication

Email authentication is the first aspect senders should consider when they start sending emails. Email authentication is required by mailbox providers, and crucial for verifying sender identity and minimizing email spoofing risks.

When sending emails, ensure you have correctly implemented the following technical measures:

  • Sender Policy Framework (SPF)

  • DomainKeys Identified Mail (DKIM)

  • Domain-based Message Authentication, Reporting, and Conformance (DMARC)

While this is not related to email authentication, we also recommend implementing:

  • MX records, to specify the servers responsible for receiving email

  • Brand Indicators for Message Identification (BIMI)

As part of Batch default implementation, every sender must use SPF, DKIM and DMARC.

Sender Policy Framework (SPF)

SPF is used for sending IP validation. SPF is designed to stop spammers from sending emails that falsely appear to come from your domain.

To implement SPF, you need to create and publish an SPF record for your domain, listing all authorized email servers.

Sender Policy Framework (SPF) example

DomainKeys Identified Mail (DKIM)

DKIM enables inbox providers to verify the email is authentic and hasn't been modified during the delivery.

DKIM is an email authentication method that helps protect against email spoofing and phishing attacks. It allows an organization to verify the authenticity of an email message, enabling recipients to confirm that the message was indeed sent by the domain owner.

DomainKeys Identified Mail (DKIM) example

Batch uses by default a 1024-bit DKIM key and DKIM over-signing. Our team can generate a 2048-bit DKIM key upon request.

Domain-based Message Authentication, Reporting, and Conformance (DMARC)

DMARC helps prevent email spoofing and phishing by allowing domain owners to set policies that dictate how receiving servers should manage emails that fail SPF or DKIM checks, such as quarantining or rejecting them.

Additionally, DMARC provides domain owners with reports on email delivery and authentication, aiding in the monitoring and enhancement of email security.

Domain-based Message Authentication, Reporting, and Conformance (DMARC) example

We strongly recommend you set up DMARC reports. This will allow you to monitor emails sent using your domain and to identify senders trying to impersonate your domain.

Optional Setup

→ Specify the Servers Responsible for Receiving Email

Some inbox providers may require the presence of a Mail Exchange (MX) record to accept emails. An MX record is a type of DNS record that specifies the mail servers responsible for receiving email messages on behalf of a domain.

MX setup example

You can use the MX records Batch implementation team provides by default as part of the onboarding process, or use your own if you want to process the responses in a specific tool you are already using (e.g., a ticketing tool, etc.).

→ Brand Indicators for Message Identification (BIMI)

Brand Indicators for Message Identification (BIMI) is an email specification that allows authenticated senders to display their logos within supporting email clients, improving brand recognition.

BIMI implementation example

BIMI adds value for brands that want to stand out in the recipient's inbox or that are more likely to be targeted by phishing campaigns (e.g., finance, insurance, etc.). Note that BIMI implementation is optional and not all email providers currently support it.

Implementing BIMI is possible with Batch. It requires additional costs to get a renewable Verified Mark Certificate.

Last updated

Was this helpful?