With their permission, we're republishing it here.
Email authentication allows ISPs to properly identify the sender of the email so it can make smarter decisions about the delivery of your mail. Authentication has become a best practice for email senders since spammers have gotten really smart about disguising malicious email under the veil of a trusted brand. By pretending to send email from your domain, a practice known as phishing, spammers are tricking your customers into giving out their passwords, account information and other personally identifiable information for their own financial gain.
In today's world, email authentication is a “must do” for legitimate organizations in order to secure their online reputation and maintain customer trust in their brand. While authentication can be tricky, it's imperative that any web application that sends email makes sure they add this to the top of their best practice list. Here's how:
1) Authenticate using SPF and DKIM as these two protocols have become the standard especially with the advent of DMARC, the new standard by which ISPs will identify and treat email that is not properly authenticated.
2) Create a roadmap of all the IP addresses that you use to send email including internal and external sources like your ESP. You will need the authenticate all of your mailstreams or risk being blocked by ISPs at the gateway.
3) Create your authentication record on SPF and DKIM, then publish them. These protocols have different processes so visit each their websites for details or you can use these two wizards to help you out —http://www.socketlabs.com/services/dkwiz or http://www.port25.com/support/support_dkwz.php.
4) Setup your mail server to sign outbound email with DKIM. DKIM requires that your MTA have the appropriate software implementation to sign all outgoing emails. Learn more at: http://www.sendmail.com/sm/wp/dkim/
And remember, SendGrid customers can always contact our deliverability experts for help when needed.