Email tactics that 96% of email marketers don’t know!

In 2019, global email users reached 3.9 billion (Statista, 2020). By 2023, that number touched 4.3 billion, making email one of the most pervasive communication channels in the world.

Naturally, brands leaned into email marketing for its relatively low CAC and high intent. But with great reach comes great risk. Email has also become ground zero for phishing, spoofing, and domain abuse.

Today, email marketing isn’t just about pushing out campaigns. It’s about protecting your domain, your users, and your brand reputation.

That’s where SPF, DKIM, and DMARC come into play. These three acronyms form the holy trinity of email authentication. Here’s how they work:

1. SPF – Sender Policy Framework

SPF is a DNS-based authentication protocol. It lets a domain owner specify which IPs or servers are allowed to send emails on behalf of their domain.

Example SPF record:

v=spf1 ip4:34.243.61.237 ip6:2a05:d018:e3:8c00:bb71:dea8:8b83:851e include:thirdpartydomain.com -all

• v=spf1 defines the version.

• ip4 and ip6 define valid sender IPs.

• include: allows third-party platforms (like SendGrid or Mailchimp) to send on your behalf.

• -all means any server not listed should hard-fail.

Which qualifier should you use?

• +all: Accept all (bad idea)

• ~all: Soft fail (land in spam)

• -all: Hard fail (get blocked)

Best practice: Use ~all during testing, and move to -all when fully confident in your sender list.

2. DKIM – DomainKeys Identified Mail

DKIM adds a digital signature to your emails, validating that the content hasn't been tampered with.

• A private key signs the message on the sending server.

• A public key (published in your DNS) allows recipient servers to verify the signature.

It’s like a wax seal on an envelope — if the seal is intact, you know the message is authentic.

Pro tip: DKIM survives email forwarding, unlike SPF.

To check if an email passed DKIM, view the original message headers and look for dkim=pass.

3. DMARC – Domain-based Message Authentication, Reporting, and Conformance

DMARC sits on top of SPF and DKIM. It tells mailbox providers what to do if an email fails authentication and sends reports back to you.

DMARC policies:

• p=none – Monitor only

• p=quarantine – Send to spam

• p=reject – Block outright

You also get insights through:

• RUA (aggregate reports): Daily summaries of senders using your domain

• RUF (forensic reports): Real-time alerts with message-level data for failures

🛠️ Generate your DMARC record here🔗 Set up DMARC via CNAME

Domain Strategy: Separate Subdomains for Clean Reputation

Avoid blasting from your main domain. Use purpose-built subdomains:

• Transactional: no-reply@emails.yourdomain.com

• Support: support@help.yourdomain.com

• Marketing: offers@yourdomainmailers.com (better still, use a separate sending domain)

Why?Cold outreach and low-engagement marketing emails can hurt your root domain’s deliverability. Keeping them isolated protects your core brand.

Monitoring Tools You Should Use

To keep a pulse on your sender reputation and deliverability:

• 🔍 GlockApps – For inbox placement and spam checks

• 🧪 Mailtrack – To track opens on personal Gmail-based cold outreach

• 📡 DMARC reports – For insights into unauthorized use of your domain

TL;DR: Protect Before You Promote

The best-performing email campaign is the one that actually reaches the inbox.Before you chase conversions, set up:

• ✅ SPF – Define your legit senders

• ✅ DKIM – Sign your emails

• ✅ DMARC – Monitor, quarantine, or reject fakes

These aren’t just technical nice-to-haves. They’re a strategic moat for your email infrastructure.

Want help auditing your domain or setting up your email infrastructure? Drop a comment or DM me. Let’s make your emails land where they should — in the inbox.