Why?
Because they increase the security of your emails, which is what Internet Service Providers love.
Subsequently, they raise your sender reputation, leading to better open rates and higher ROI for your email outreach.
However, despite their usefulness, people often confuse SPF with DKIM and vice versa. We’ll explain below how they are different.
Find the 7 differences
Well, maybe not exactly 7…
However, there are a few essential differences between SPF and DKIM that you should take note of.
In simple terms:
SPF ensures that only authorized servers can send emails on your domain’s behalf, and DKIM ensures that emails are not tampered with during transit.
Let’s start by explaining SPF:
SPF explained
SPF, short for Sender Policy Framework, lets you specify which servers are allowed to send emails from your domain.
For example:
If you use Salesforce to send emails, you’d add their server to your SPF record.
The SPF record would look something like this:
v=spf1 include:_spf.salesforce.com ~all
With this server authorized, any server other than Salesforce’s will cause emails to fail authentication.
In other words, SPF stops email spoofing. Criminals dentist phone number list use email spoofing to pretend to send email from a trusted domain.
With the correct settings, emails from unauthorized servers will not reach their intended recipients, helping to make the Internet a safer place.
Since SPF-authenticated emails are deemed safer, they can boost your sender reputation and increase your open rates.
Hopefully, you now understand SPF better. Let’s move on to DKIM:
DKIM explained
While SPF operates on the server level, DKIM is concerned with the email’s content.
If an email fails DKIM authentication, it means its content has been tampered with during transit – a sure sign of criminal activity.
DKIM prevents tampering by using public and private cryptographic keys to sign emails digitally.
Your email Service Provider or sending tool provides both keys. The public key goes into your DKIM record, and the private key is only accessible by your ESP.
The ESP usually decides what to include in the DKIM signature. Some of these variables could be:
The from address
The subject line
The body of the email (the actual content)
If any of these variables get altered during transit, the email will fail authentication.
Why you need both SPF and DKIM… and then some!
In 2024, landing in your audience’s inbox is harder than ever.
However, a good open rate can be achieved by having your technical setup in order and not sending any spammy content.
SPF and DKIM are part of your technical setup. But you can’t have just one of these. You need both.
In fact, your technical setup doesn’t stop there. You also need DMARC and a Custom Tracking Domain.
SPF VS DKIM in short
Both SPF and DKIM are implemented through DNS records
SPF provides email authentication on the server level
If an email comes from an unauthorized server, authentication will fail
DKIM provides email authentication on the content level
If one of the predetermined variables’ content differs from what’s in the DKIM signature, authentication will fail
In the SPF record you include the server(s) you allow to send emails from your domain
The DKIM record includes the public key given to you by your ESP or email-sending tool
Typically, through DMARC, another email authentication DNS record, you decide what to do with emails that fail authentication. Unauthorized emails can get a pass (delivered normally), be sent to the spam folder, or get rejected and not delivered at all.
