Is your email missing the inbox? Check these 3 things.

Do you know where your emails landed? Let's make sure it's not spam.

Author

Syed Arsalan Raza
June 16, 2025

Good morning,

Happy Monday! May your coffee be stronger than your spam filters. ☕️

Ever wonder why your beautifully crafted emails still end up in spam? You're likely overlooking email authentication, the secret sauce to hitting every inbox.

Today’s reading time is 5:07 min.

Here's what you'll find in today's email:

  • How email authentication protects your deliverability.

  • Finally learn what SPF, DKIM, DMARC mean and do.

  • Audit your email authentication in 5 min.

  • Clear communication tips to speed up fixes with IT.

  • Actionable lifecycle quick hits.

  • Some new feature highlights for Braze, Huspot and Klaviyo.

The email authentication trio your it team never told you about

Deep Dive

Ever wonder why some emails land in spam despite perfect content? Even if your deliverability seems solid at 95%, that missing 5% could cost you thousands in lost revenue. The solution isn't crafting better subject lines; it's auditing your email authentication.

The costly authentication gap

Most lifecycle marketers assume authentication is fine because emails usually reach the inbox. However, incomplete setups cause hidden issues:

  • Gmail delivering newsletters to Promotions instead of Primary.

  • Delayed deliveries due to extra server checks.

  • 5-10% of your audience possibly missing your emails entirely

What's really protecting your emails?

Email authentication is like managing party security.

SPF, DKIM, DMARC - these words give most marketers heart burn.

Let’s break them down:

Your 5-Minute Authentication check

You don't need to be technical to audit your setup. By the end of this section, you should feel like this I hope:

Also you don't need to fix anything, just identify what needs attention. Then you can talk to your IT team with specific requests (more on that in the next section).

  1. Check if SPF exists

    → Go to mxtoolbox.com/spf.aspx

    → Enter your sending domain exactly like this:

    "spf: yoursendingdomain.com"

    For example "spf: lululemon.com"

    → Look for "v=spf1" in the results

    → Verify it includes your email service provider

  1. Verify DKIM

    → Send a test email to a Gmail account

    → Open the email, click the three dots menu

    → Select "Show original"

    → Search for "DKIM" (Ctrl/Command+F)

    → You want to see "DKIM=pass"

    A 20-second how-to video

  1. Confirm DMARC

    → Visit mxtoolbox.com/dmarc.aspx

    → Enter your domain

    → Look for a policy starting with "v=DMARC1"

    → Even "p=none" is better than no policy

  1. Document your findings

    → Note which records exist

    → Screenshot any "fail" or "not found" results

    → Write down your email service provider name

You can literally take action on these 4 steps in a couple of minutes. Give it a shot now!!

What you're looking for:

✅ SPF exists and includes your ESP

✅ DKIM shows "pass" in email headers

✅ DMARC policy exists (even basic monitoring)

Where to get these authentication records

If you passed all three steps from the 5-min auth check, you may skip this section. But its generlly good to know.

Well, one may say, I’m not technical. How do I even know where to get these records from? Do I ask my manager? Do I check with my customer success person? Let’s answer that in 30 sec.

For SPF & DMARC records: These are added to your domain's DNS settings specifically as TXT records. If you have a marketing operations team or IT department, they'll need to update these through your domain registrar (like GoDaddy or Namecheap) or DNS provider.

For DKIM: This involves two parts:

  1. Getting a DKIM key from your email service provider (usually in Settings > Authentication or a similar section)

  2. Adding this key to your DNS records

Most email service providers (like Mailchimp, Klaviyo, or Braze) have setup guides in their help documentation. Search for "[Your ESP name] + Email authentication setup" to find specific instructions. If you're stuck, your ESP's customer success person can point you in the right direction.

Three common authentication failures

Even with good deliverability, marketers often face:

Incomplete SPF Records: Your IT team set up SPF but missed adding your marketing platform or recent ESP change.

Missing DKIM Setup: DKIM requires specific steps in both your email platform and DNS records to work properly.

Weak DMARC Policy: Having "p=none" is better than nothing, but it only monitors problems without protecting you.

The good news?

Once identified, your IT team can fix these quickly. ^These would be good talking points with your IT team You should also share relevant ESP documentation.

Speaking IT's language

You don't need to fix these yourself, but clearly communicating with IT speeds things up.

Instead of asking, "Can you fix our deliverability?" say:

"Can you verify our SPF record includes [your ESP], set up DKIM for our marketing emails, and implement a DMARC policy starting with 'p=none' for monitoring?"

This specific request shows you understand the issue and helps them provide the right solution faster.

One marketing director told me this approach cut her IT request fulfillment time from weeks to days because she bypassed the usual back-and-forth explanations.

Your authentication action plan

  1. Run the checks above to identify any missing or incorrect records.

  2. Document exactly what's missing using the specific terms (SPF, DKIM, DMARC).

  3. Request specific updates from your IT team using the language they understand.

  4. Verify the fixes after implementation by running the same checks.

  5. Monitor your deliverability to see the improvement, especially to domains that were problematic before.

A B2B newsletter recently completed this authentication audit despite having "good" deliverability. They discovered their DKIM wasn't implemented correctly and fixed it, resulting in a 9% increase in open rates from their most valuable enterprise prospects.

Even if your deliverability seems fine, these hidden authentication gaps could be silently limiting your results.

Take five minutes today to run this audit, and you might unlock subscribers you never knew you were missing.

Which authentication record will you check first? Remember, having all three properly implemented is the gold standard for email deliverability.

Lifecycle quick hits

  1. Pause re-engagement flows for anyone who opened an email in the last 30 days. Focus on truly inactive subscribers.

  2. Remove email addresses that have bounced repeatedly over 90 days. Your sender reputation will improve.

  3. Embed a one-click emoji feedback (“👍” or “👎”) at the end of educational emails to gather micro-surveys.

  4. Klaviyo anomaly detection alerts: AI-powered monitors now flag any sudden drops in campaign performance or deliverability in real time so you can fix issues before they impact revenue. Read more

  5. Braze workspace copying: You can now duplicate canvases one Braze workspace to the other. Faster testing without having to recreate the canvas from scratch. Read more

  6. HubSpot Breeze AI agents: Four built-in AI helpers (Knowledge Base, Customer, Content and Prospecting agents) draft email copy, automate responses and suggest segmentation to help you move faster every day. Read more

Hope I was able to add 2 cents of value today.

Forward it to your colleagues to share the good karma.

Here’s your unique referral link: https://www.lifecyclemechanics.com/subscribe?ref=PLACEHOLDER

Did we add any value today?

Login or Subscribe to participate in polls.