Penny's Security Blog

Preparing for Email Authentication Changes: A Step-by-Step Guide

Published on: 25th January 2024

We can all agree that spam is harmful and annoying, right? Mailbox providers are tightening their authentication to help them ditch spam and keep your inboxes clear and relevant.

However, this involves you because there is a step you need to complete in this process.

Mailbox providers check the credentials of every email; one check looks at your domain name settings, one at the content and another at your sending reputation. It will be filtered off as spam if it doesn’t meet the required standard.

From the 1st February your Domain Name System (DNS) settings need to contain SPF, DKIM and DMARC records. You need these records for every system that sends emails using your domain name, such as your mail server, website, bulk email sender, etc.

Also, the importance of your sending reputation is rising from this date. To reap the benefit of email for marketing and everyday communication, you must be squeaky clean and ensure your senders will not report your emails as spam. Just 3 reports per 1000 emails will permanently blackmark your reputation and impact the future deliverability of your emails.


Before you spiral into overwhelm, let’s look at what needs to be done.

The steps you need to take are as follows


  1. Identify the services that use your domain name to email on your behalf.
    Eg your primary email account, email marketing, accounting systems and perhaps your website.
  2. Obtain information from these services.
    They will provide you with the SPF, DKIM key, and DMARC
    SPF – Is likely already in place
    DKIM – has been optional for a while and is now required
    DMARC – reasonably new, now required.
  3. Locate where your domain name’s DNS records are
    Your website developer may know if you don’t know the answer to this question.
  4. Create the records
    Login to your DNS records and set up the SPF, DKIM and DMARC records as advised
  5. Check they work
    Go back to your providers to check the records work. In some instances, you can click a button on their website to verify that the records are correct; in others, you will need to contact their support team and ask them to check for you.

If I manage your emails, you will receive confirmation from me soon that the authentication steps are in place.



This relates to email marketing.

  1. Be careful to only send to engaged contacts.
    For bulk email, this requires monitoring your contacts’ engagement and not sending them any further emails when their engagement dips to a certain level.
  2. Keep your email content authentic and of value to the reader.
    To achieve this, you need to avoid using vague, generic language and known spammy words. The best way to ensure a good reception is to write authentically and ensure every email is valuable to the customer.
    The email address you send from matters. It must match your reply-to address and be the regular domain name where your website is published. Ideally, it will feature a person’s name rather than an anonymous ‘office’ or ‘mail’ type of prefix.
  3. Ensure one-click unsubscribes
    This step is to avoid overly complicated unsubscribe processes, so ensure you have a simple system in place.


I hope this explanation has been helpful. Please contact me if you have any questions or if I can help you set this up in your business.


One Hour Consultations

Draw on my expertise to help you progress with your cyber security or marketing technology.

A one-hour online session costs £114 (incl VAT)

Book a call

Client Feedback

"Penny has been amazing helping me get my online security sorted. I knew I was burying my head in the sand, but I didn't know where to start. She metaphorically held my hand the whole way through, and is still there for tech support when needed, in it's various forms. Thanks Penny!"

Sue Palmer, The Horse Physio

Penny's Security Email

Practical security tips delivered to your inbox

Your subscription could not be saved. Please try again.
Your subscription has been successful.

I will use and protect your data in accordance with my privacy policy. You can unsubscribe any time.