ESP Email Authentication – Does it Really Matter?

Are you using your ESP’s email authentication? If not, you probably should be!

Note: if you’d like a refresher on email authentication first, check out this guide courtesy of MailChimp.

FreshAddress uses MailChimp for our marketing emails and I noticed one set-up option is to “authenticate” emails. I’ve never thought much about this choice, simply assuming, “Yeah sure, sounds great if MailChimp will handle authentication for me.” This option is selected by default and MailChimp strongly encourages users to leave it that way. I also noticed that our emails are deployed from a not-so-pretty email address that reads “on behalf of” FreshAddress. This was the only downside I’d considered.

A few months ago, though, our web hosting provider (and email configuration guru) sent me an email that made me think more about it. He recently implemented several aggressive anti-spam measures. To make sure honest mail is delivered, he developed a list of domains that he “trusts” from an email perspective. Email from trusted domains gets to bypass most of his filtering. He noticed that our newsletter deployments from were DKIM signed, but with’s DKIM selector. He didn’t know or trust Turns out, is MailChimp’s mail servers domain. He suggested it would be better from a “trust” perspective for our emails (or any emails) to be DKIM signed with a selector whose domain matches the sending domain.

He offered, “I know and trust FreshAddress. I like you guys (even if you weren’t my customer) and want to continue to get your emails. I don’t know or trust Further, I’m not going to give preferential treatment to all emails from a bulk mailing organization because I don’t know all their customers. But I would give preferential treatment to emails from an organization I know and trust (you guys) even if they come from a bulk mailing organization. The only way I can do that is if they send your email from your domain with authorization (DKIM, SPF) from your domain.”

That all sounded good.  Was it possible? I could easily edit my DNS entry to configure SPF by including MailChimp’s mail servers, but I couldn’t do anything with DKIM. If I turned off MailChimp’s authentication, it would get rid of the “on behalf of” and only show, but MailChimp did NOT recommend this. They said, “ISP’s prefer to see authentication if we’re sending on behalf of another domain.”

A MailChimp blog post describes the SPF situation nicely in a blog post, “Basically, when you send an email using MailChimp, but your reply-to address is “” it kind of looks suspicious to ISPs. So a receiving ISP would ask, “Why does it say it’s from “” when I can tell it came from MailChimp’s servers (,,…etc)” But so long as your email isn’t very spammy, it’s usually okay, and you have nothing to worry about. They’ll just let it slide. But ISPs are increasingly checking for SenderID authentication now. So when you send your email campaign and put “” in the reply-to, a receiving ISP will go to “” and ask if MailChimp is an impostor, or if we’re truly authorized to send emails on your behalf. Adding that line of code tells ISPs, “Yeah, MailChimp’s cool. You can trust him.”

Great, but that blog post is a few years old. What about DKIM authentication? Does it matter now to ISPs, or just my on-top-of-his-game email hosting provider? Is it worth turning off MailChimp authentication?

I decided there was only one way to determine how MailChimp’s authentication was affecting our deliverability – by actually testing it out. During last month’s newsletter deployment, I did an A/B test on a select portion of our list. The results were overwhelming.

Part A (authenticated by MailChimp) Part B (no authentication by MailChimp)
Open Rate 15.7% 11.1%
Click Rate 5.4% 2.8
Delivery Rate 97.2% 97.2%

As you can see, the authenticated  campaign outperformed the one with no authentication with significantly higher open and click rates. It’s also interesting to see that the delivery rates were the same. This may suggest that the Part B deployment would be more likely to end up in the Spam folder.

Ideally, ESPs should allow users to configure all forms of authentication so sending domains match the DKIM selector. I’m only familiar with MailChimp’s options, but I suspect that ESPs that service large corporations have more capabilities. Regardless, you should review your ESP’s advice on how to best configure authentication for sending emails!

Perils of Going Cheap Banner_728x90

Recent Posts

As you put your 2022 marketing plans together, you’ll concentrate on acquisition, budget and campaigns. We would like to add another item to your list and move it to the No. 1 priority: Your data! Why data? Because data is the lifeblood of your marketing program. Without fresh, accurate and useful data, you can’t market […]

We want to wish all of our FreshPerspectives readers a happy, healthy, and prosperous 2022! As we close out 2021, it’s a great opportunity to set priorities for the coming twelve months. Whether you’re new to email marketing or an industry veteran, consider these New Year’s Resolutions to help ring in a banner year in […]

In my holiday letter a year ago, I hoped that in 2021 we’d be seeing each other in the office and at trade shows. That has not yet come to pass, so I am especially grateful for the significant milestones our company has achieved this year: TowerData received a strategic investment from TZP Group, a […]
Chat with us