When sending email through Bronto, you may have seen the option to “Enable sender authentication” during the send process. In this post, we’d like to shed some light on Sender Authentication: what it is, how it works, and why you should be using it.

What is Sender Authentication?

Email Sender Authentication is a broad term that describes a number of technologies with a common goal: to verify the identity of the sender of an email. By identifying the server that is sending the email, authentication systems make it easier for email receivers to identifying phishing and other types of malicious emails.

Bronto has incorporated two of the most widely-used Sender Authentication technologies to help verify your messages: SenderID and Domain Keys (DKIM).


SenderID is an email technology, primarily promoted by Microsoft, that minimizes phishing attacks and ensures that permission-based email marketing emails get delivered. This is based off of the Sender Policy Framework (SPF).

SenderID works by specifying which mail servers are allowed to send mail for a given domain name. The Bronto application has this framework in place, but you will need to make changes to your website DNS record to fully take advantage of SenderID.

SenderID/SPF is an older technology but is still in use by some mail servers. For the most part though, it has been succeeded by DKIM.


DKIM is an acronym for DomainKeys Identified Mail. DomainKeys is another authentication technology, developed by Yahoo!, that works by creating a digital signature of the contents of an email. This digital signature is verified by the receiving mail server to ensure that it's not forged.

What Happens When I Enable Sender Authentication?

Sender authentication attempts to match up the IP address sending the email with the domain shown in the From Address. When the two do not match up, as is usually the case when you are sending from an ESP like Bronto, many email clients will display the From Name differently. Here's an example of how it appears in Outlook 2007.  In the example here, the From Name used to send the message was "BrontoTest@acme.com." Because the IP address that sent the message is registered to bronto.com - and not to acme.com - the From information is displayed in this way.

This "on behalf of" information will be displayed anytime Sender Authentication is enabled in Bronto and you are sending to a DKIM-enabled email provider. This includes MSN/Hotmail, MS Outlook, and Gmail, among others. However, if you set up a private domain with your Bronto account, you can associate your own domain with the IP address(es) sending your deliveries to prevent this from occurring. Private domain is included free of charge with every Bronto Professional account.

Why Do I Need It?

While using Sender Authentication can't guarantee your delivery, not having it can almost guarantee delivery problems. A great analogy was made in a post from 2008 called Email Authentication: Are You In The Game?, comparing sender authentication to a license plate. You may be a perfectly legal, careful, and courteous driver, but if your car is missing a license plate, you'll get pulled over not long after you get on the road.

If you want to get anywhere on the email "highway," you'll need to make sure you're using sender authentication, keeping your email away from phishing and fraud filters and one step closer to your subscribers' inbox.