Skip to main content
Understanding email authentication

Know more on Batch default setup for SPF, DKIM, DMARC, MX and BIMI.

Baptiste avatar
Written by Baptiste
Updated over a month ago

Email authentication is the first aspect senders should consider when they start sending emails. Email authentications is required by most Inbox providers (e.g. Google's/Yahoo guidelines), and crucial for verifying sender identity and minimizing email spoofing risks.

When sending emails, ensure you have correctly implemented the following technical measures:

While this is not related to email authentication, we also recommend implementing:

Note: As part of Batch default implementation, every sender must use SPF, DKIM and DMARC.

Sender Policy Framework (SPF)

SPF is used for sending IP validation. SPF is designed to stop spammers from sending emails that falsely appear to come from your domain.

To implement SPF, you need to create and publish an SPF record for your domain, listing all authorized email servers.

SPF authentication

Note: When using Batch, SPF is evaluated on the "Return-Path" (envelope from).

DomainKeys Identified Mail (DKIM)

Enables inbox providers to verify the email is authentic and hasn't been modified during the delivery.

DKIM is an email authentication method that helps protect against email spoofing and phishing attacks. It allows an organization to verify the authenticity of an email message, enabling recipients to confirm that the message was indeed sent by the domain owner.

DKIM email authentication

Note: Batch used by default a 1024-bit DKIM key, but our team can generate a 2048-bit DKIM key upon request.

Domain-based Message Authentication, Reporting, and Conformance (DMARC)

DMARC helps prevent email spoofing and phishing by allowing domain owners to set policies that dictate how receiving servers should manage emails that fail SPF or DKIM checks, such as quarantining or rejecting them.

Additionally, DMARC provides domain owners with reports on email delivery and authentication, aiding in the monitoring and enhancement of email security.

DMARC email authentication

Also, we strongly recommend you set up DMARC reports. This will allow you to monitor emails sent using your domain and to identify senders trying to impersonate your domain.

Additional setup: MX records & BIMI

→ Specify the servers responsible for receiving email

Some inbox providers may require the presence of a Mail Exchange (MX) record to accept emails. An MX record is a type of DNS record that specifies the mail servers responsible for receiving email messages on behalf of a domain.

MX records setup

You can use the MX records Batch implementation team provides by default as part of the onboarding process, or use your own if you want to process the responses in a specific tool you are already using (e.g. a ticketing tool, etc).

Note: Batch includes MX records in the DNS records generated by default for all customers. Make sure you modify them if you want to use your own MX setup.

→ Brand Indicators for Message Identification (BIMI)

Brand Indicators for Message Identification (BIMI) is an email specification that allows authenticated senders to display their logos within supporting email clients, improving brand recognition.

BIMI support

BIMI adds value for brands that want to stand out in the recipient's inbox or that are more likely to be targeted by phishing campaigns (e.g. finance, insurance, etc). Note that BIMI implementation is optional and not all email providers currently support it.

Note: Implementing BIMI is possible with Batch. It supposes additional costs to get a renewable Verified Mark Certificate.

Did this answer your question?