In a little under two weeks, we’ll be making a subtle change to the way we handle email authentication in Campaign Monitor. For those of you new to the concept, email authentication tells your subscribers it’s OK for our servers to send email on your behalf. It can help you avoid spam filters, and also proves your email isn’t a forgery. All good things.
Right now, email authentication is an opt-in kind of thing. It’s not on by default, but we’ve tried to make it as painless as possible to set up. The problem is, it’s still pretty painful. For starters, you need to have access to the DNS records for your domain. In many cases that can rule this process out, or at the very least start your eyes glazing over.
The trouble is, this stuff is important. So, we’re taking a different approach. Starting Monday, March 26 we’ll be turning on email authentication for everyone.
A small change in Outlook
If you’ve already set up your own authentication, we’re not changing a thing. For those of you that haven’t, there’s one small change that we want you to be aware of. Because we’ll be authenticating on your behalf, we add a couple of new details to the header of any emails you send. To the vast majority of your subscribers, this won’t change a thing. But, there is a subte change your Outlook subscribers may notice. Here’s what they’ll see:
It’s the extra from address and on behalf of that I highlighted in yellow that’s new here. Because we’re authenticating for you, we need to include our own domain in your mal headers/ Outlook lets their users know this at the top of the email. It’s also worth pointing out we’ll only ever use our white label domains when sending on your behalf – there’s never any mention of Campaign Monitor. It’s also worth adding that this small snippet is something any Outlook user would already have seen at the top of countless emails in the past. We think it’s a small price to pay to help avoid spam filters and ensure your email never appears to be a forgery.
If you’re not crazy about the “on behalf of” snippet, we’ve made it nice and easy to opt-out of us authenticating for you. Remember, we won’t start this until March 19, so you have some grace time. To change this setting, just head into “Client Settings” and click on the new “Authentication Settings” in the sidebar. Here’s what you’ll see (click for full-size):
By default, “Authenticate all emails for me” will be checked. If you’d like to opt-out, you have two options…
Set up your own authentication
Authentication is a great thing. If you don’t want us to do it for you, we recommend you do it yourself. This is the same approach we’ve always supported, and it will mean your domains are authenticated and no “on behalf of” text will appear in Outlook or “via” snippet will be shown in Gmail. The only drawback is that you’ll need to have access to the domain’s DNS settings to complete the process.
Don’t authenticate my emails (not recommended)
If you don’t have access to your DNS settings and you really don’t like the “on behalf of” text in Outlook, you can disable authentication entirely. It’s not something we recommend, but it’s the easiest way to avoid any Outlook subscribers noticing a change. This is the default for how we’ve been sending email for you to date, so you won’t see any negative impacts, you just won’t experience the positive impacts of letting us sign for you.
After further testing, we’ve confirmed that the “via” text in Gmail isn’t impacted by letting us authenticate your email for you. Even if you turn authentication off, the “via” text will still appear for all your Gmail subscribers. This is exactly what they would have see before this update, so nothing is actually changing here for your Gmail subscribers.
The only way to avoid this “via” snippet altogether is to set up your own authentication by following our step-by-step guide to updating your DNS.