No Auth, No Entry: Don't Let Your Email Go to Spam or Be Rejected
"No auth, no entry" is a catchy phrase commonly used in the email industry to mean an email won't be considered for delivery unless it's properly authenticated. "auth" here means email authentication based on modern email authentication technologies like SPF, DKIM, and DMARC.
That's is to say, if your email is not authenticated, it will either go to spam or be rejected outright.
What is email authentication
Email authentication is a DNS-based mechanism that allows the receiving email server to check if an email is actually from where it claims to have originated from. For example, if an email claims to have originated from (From address: [email protected]) the domain
example.com, AKA sender domain, with email authentication properly implemented, the receiving email server will be able to verify one of the following:
- the email is from one of the in-house email servers at example.com;
- the email is from one of the 3rd-party email servers authorized by example.com's administrator to deliver emails on behalf of example.com.
If either one of the above is true, we say the email passes email authentication; otherwise it fails.
Email authentication can effectively prevent or stop email spoofing, a commonly used vehicle to initiate email-borne attacks like email phishing, business email compromise (BEC), malware, etc.
Some email service providers (ESPs) like Gmail put unauthenticated emails in spam by default; while Microsoft Office 365 takes a step even further: they block email sender domains automatically if they fail DMARC authentication.
The Antispam policy allows administrators to “Allow” domains regardless of the reputation of the domain. We’re changing our policies to not honor Allow rules when the domain fails authentication.
— Microsoft Office 365, April 2020
Learn more about this rollout.
Benefits of implementing email authentication
As "no auth, no entry" indicates, email service providers are increasingly using email authentication technologies to verify that an email is really from the claimed source before even considering it for inbox placement.
If an email fails both the SPF and DKIM checks, it probably goes to spam or rejected outright, depending on your DMARC settings and the email service provider's policy. Either way, the intended recipient is unlikely to open and read it.
Plus, if your sender domain is not protected by a DMARC p=quarantine or p=reject policy, chances are good that your domain is spoofed. A spoofed sender domain usually has a low sender reputation which results from low engagement rates. Consequently, even legitimate emails sent from your domain might end up going to spam due to the low sender reputation.
Therefore, your best bet is to implement full email authentication using SPF, DKIM, and DMARC to fight off malicious email spoofing attacks, and improve deliverability for legitimate emails.
How to implement email authentication
Implementing email authentication involves 2 things:
- set up SPF and DKIM for your email domain; here are a few tutorials for common email delivery services:
- set up DMARC monitoring to ensure all legitimate email streams are authorized, and authorize new email streams as they come in; here is a 5-minute guide:
To relieve the burden of having to receive and parse DMARC reports everyday, you can use a dedicated DMARC monitoring service to ensure that all your legitimate email streams are properly authenticated.
Protect Business Email & Improve Email Deliverability
Get a 14 day trial. No credit card required.Create Account