What is email authentication and how do I set it up?

Campaign Monitor provides email authentication to increase the deliverability and security of your email campaigns. This article explains what authentication is, why it's a good idea to use it, and what your options are for setting it up.

On this page:

Authentication, and how it works

Because of the way email was originally built it's very easy to forge, meaning an email sender might not be who they say they are. An example of this is an email message claiming to be from your bank, when it's actually a scam aimed at stealing money or spreading malicious software.

Authentication technology prevents this from happening by giving ISPs a record of identification to check, to ensure the sender is legitimate. Emails that fail to pass authentication checks may be blocked or put through additional filters, potentially preventing them from reaching the inbox.

ISPs like AOL, Gmail or Yahoo! (as well as corporate email servers) use one or more of these authentication methods to verify sender identity:

  • DKIM (Domain Keys Identified Mail)
  • SPF (Sender Policy Framework)

There's no agreed best method for authentication and, because of the pros and cons for each, you can't rely on all ISPs using the same one. That's why it's best to employ all of them, and we make that easy to do by authenticating every client in your account by default.

Why it's important to send authenticated emails

ISPs now rely heavily on authentication to fight spam and prevent phishing and other means of fraud.


Authentication is essential for securing your brand and preventing spoofed messages from damaging your online reputation.

Imagine a phishing email being sent from your company because someone had forged your information. Angry recipients and spam complaints resulting from it become your mess to clean up, in order to repair your reputation.


Many ISPs use authentication, among other things, to track sender reputation. Without it, the chances of your emails being filtered are much higher.

Options for setting up email authentication

To access authentication settings for a client, follow the steps below.

  1. Open Clients from the top of your account page and select the relevant client from your list.
  2. Go to Client Settings and click Authentication Settings, in the right sidebar, to open the "Email Authentication Settings" page:

Each authentication option is explained in more detail here:

Authenticate all emails for me

This is the default setting for every client in your account, and it's the simplest option because you don't need to do anything.

On this setting all of the authentication methods, DKIM and SPF, are set up for you meaning you authorize our servers to send email on your behalf. But they still look like they're coming from you because you set your own From address, as shown here:

Note: Certain email clients, such as Outlook and Gmail, will add extra sender details to the From field, as shown in the example below:

When this happens, the domain names added will be white label, for example: cmailx.com or x.com where the x is a numeral. If you are rebranding Campaign Monitor, rest assured, the sender domains will never be anything like campaignmonitor.com that points back to us.

Don’t authenticate my emails

With this method your emails will be sent without any authentication at all, which we do not recommend. A couple of years ago it was not as big a problem but ISPs now rely heavily on authentication to fight spam.

However, if the mention of cmail or domains really is a major issue, and you don’t have the capability to manage your own authentication, you can still choose this option.

Your campaigns will still be sent out as normal, and you will still see all the reporting, but you will be risking the deliverability of your emails.

I'll manage my own authentication

If you have access to the DNS records for your domain, and a bit of technical knowledge, you can set up your own authentication records.

This option is for advanced users because it can be a bit tricky to get working, given the variety of DNS management systems out there. Learn more about this in our guide to setting up email authentication yourself.

Tip: This is the best option for building and maintaining a good sender reputation. By handling authentication through your domain, it means you have control over all emails that affect deliverability for your domain.