Skip to main content

About domain authentication (DKIM, SPF)

In this article, we will explain why you authenticate your domain, and what the DKIM and SPF records provided by Sendinblue are.


Why should I authenticate my domain?

Domain authentication is a way to verify that an email is sent from the sender they claimed to be. It is an important process and is often used in blocking harmful content such as phishing scams. Emails that fail the authentication will have a higher chance to be filtered to the spam or junk folder.

Secure the online reputation of your domain

Authenticating your domain allows you to secure the brand and online reputation of your domain by preventing spoofing attacks, which happen when someone fakes the identity of a sender to send malicious emails.

For example, if a phisher starts using Sendinblue’s identity to send malicious content, then Sendinblue’s reputation will be badly impacted. To avoid this situation, we must ensure that our domain is correctly authenticated to prevent anyone from using our domain name without our authorization. 

Increase the level of trust from ISPs and webmails

Adding more security to the email flow will automatically increase the level of trust from the ISPs and webmails, leading to a higher delivery rate and a better inbox placement rate.

When the identity of a sender cannot be authenticated, the email looks less reliable and as a consequence, mailbox providers may reject the email or send it through additional filters to determine whether it should be delivered in the inbox or not. The chances of delivering in the spam folder or being blocked by mailbox providers are much higher without domain authentication.

Sign your emails with your own domain name

By default, all your emails are digitally signed by Sendinblue, but you have the possibility to personalize your domain signature by authenticating your domain.


What are DKIM and SPF protocols?

When an email is sent, the recipient's server runs some checks to see if the message is legitimate and sent by an authorized sender. These checks are possible with the implementation of two protocols on the sender domain: DKIM and SPF.

Here are some more in-depth definitions for each protocol:

  • The DKIM protocol, which stands for DomainKeys Identified Mail, is a cryptographic protocol based on the use of public keys that are published in your DNS. The protocol allows you to sign your email with your domain name, just as you would sign a letter with your signature. The recipient of your email will then be sure that the email they received has been written by you and has not been altered during transmission. This protocol is particularly effective against "man in the middle" attacks.
  • The SPF protocol, which stands for “Sender Policy Framework”, is based on the DNS of your domain name and is used to certify that the issuing IP has the right to send emails. This protocol is used to prevent fraudulent use of your domain name and prevent third parties from pretending to be you. This protocol is particularly effective against phishing attacks.

How can I authenticate my domain?

To authenticate your domain, you need to configure the records provided by Sendinblue on your domain host. Learn how to authenticate your domain in our dedicated article Authenticate your domain to improve the deliverability of your emails (DKIM, SPF).

🤔 Have a question?

If you have a question, feel free to contact our support team by creating a ticket from your account. If you don't have an account yet, you can contact us here.