First of all, we suggest you read these articles:
Sender & Reply addresses – Best Practice and Sender & Reply addresses – Setup.

Why Authenticate domains?

Authentication technology allows the receiver of an email and the ISP to confirm the identity of your sender address. If the identity of your sender address cannot be authenticated, then ISPs may reject your messages, or put it through additional filters to determine if it should be delivered. Without authentication, your chances of being filtered or blocked by major ISPs are greatly increased. By authenticating your domains, you can instantly bypass certain filters, giving your emails a better chance of arriving in the receivers inbox. Not only that, but many ISP’s like Yahoo! and Hotmail will flag your email as authenticated, which helps to build trust between you and your subscribers and improves the chances of your emails being opened.

There are 4 most common types of authentication:

  1. SPF
  2. SenderID
  3. Domain Keys
  4. DKIM

We highly recommend ALL authentications to be setup for each of you sending domains!


SPF (Sender Policy Framework) is an email authentication system that verifies that the message came from an authorized mail server. If so, it verifies if the sending IP address is allowed to send mail for the sending domain. Most major ISPs check for SPF records and will usually place your email in their junk folder (or equivalent) without one. One major reason to implement SPF is that forging your maildomain is harder and you are therefore less likely to become a victim of phishing attempts.

Add a TXT record for the domain you will be using for the Sender Address using the following: “v=spf1 ~all”


The Sender ID Framework is an e-mail authentication technology, based on Sender Policy Framework (SPF) records in the DNS system that helps address the problem of spoofing and phishing. This is an important check and is strictly enforced at the Microsoft owned domains (i.e. Hotmail).

Sender ID is automatically set up by Carma, aswell as Ownership status.

Domain Keys

Domain Keys is an authentication method developed by Yahoo! that verifies the sending domain through encryption. The current major ISPs that use Domain Keys are Yahoo!, Gmail and Earthlink. It is important to use Domain Keys since Yahoo! will be requiring it in the future to sign up for their whitelist and feedback loop.

Create a subdomain like: k5._domainkey.<>

Add a TXT record to this subdomain using the following value:



DKIM authentication is a synthesized and enhanced Yahoo!’s Domain Keys and Cisco’s Identified Internet Mail specifications. DKIM aims to become the standard for authentication in the future and larger ISP’s will support DKIM. Today one of the larger ISP’s using DKIM is Gmail.

DKIM is automatically setup by Carma IF you have setup Domain Keys as described above (under “Domains Keys”)


Common obstacles

Many web hotels and some basic domain managing tools might not support the options you need to get the authentication to work. Here are some of the troubles you might run into:

  • TXT records get line breaks even though it might look ok in the tool you are using. You can avoid this problem by putting the TXT record value within “” (Included in the descriptions above).
  • Impossible to create sub domains with special characters witch stops you from adding the DKIM domain (k5._domainkey..)
  • No option to add or edit the TXT records for your domain.


SPF Testing Tool for verification

If you are uncertain of the setup of your domain, you can go to a external tool called Kitterman and test the verification!

Want to learn more about deliverability? Take the Campus Class on the subject.