Email Authentication in Zuddl: SPF, DKIM & DMARC

Last updated: March 18, 2026

Email authentication helps receiving mail servers verify that an email is legitimately sent from the domain it claims to be from. Proper authentication improves deliverability and reduces the chances of emails being marked as spam or rejected.

Zuddl leverages industry-standard email authentication mechanisms SPF, DKIM, and DMARC through SendGrid’s sending infrastructure and its Automated Security features.

1. What Are SPF, DKIM & DMARC?

  • SPF (Sender Policy Framework)

    SPF protects against unauthorized senders by specifying which servers are allowed to send email on behalf of a domain.
    An SPF policy is published as a DNS TXT record beginning with v=spf1.

    Example:

v=spf1 include:<ip or domain> ~all

When an email is received, the recipient server checks the SPF record for the domain in the MAIL FROM address and verifies whether the sending IP is authorized.

  • DKIM (DomainKeys Identified Mail)

    DKIM uses public-key cryptography to sign outgoing email.
    A valid DKIM signature allows the recipient server to verify that:

    • The email was not altered in transit

    • The signed domain is legitimate

DKIM DNS records are also published as TXT records starting with v=DKIM1.

  • DMARC (Domain-based Message Authentication, Reporting & Conformance)

    DMARC ties SPF and DKIM alignment to policy checks, helping domains specify how email receivers should handle messages that fail authentication.

    A DMARC record is published as a DNS TXT record under _dmarc.<domain>.

    Example:

    v=DMARC1; p=quarantine; pct=100

    Learn more about DMARC in SendGrid’s documentation:

    https://www.twilio.com/docs/sendgrid/ui/sending-email/dmarc

2. How Zuddl Implements Email Authentication

Zuddl uses SendGrid as the email delivery provider for all system emails (e.g. confirmations, reminders, notifications). Rather than managing static IP lists or custom mail servers, Zuddl relies on SendGrid’s infrastructure and authentication tooling.

SendGrid’s Automated Security

Zuddl is configured to use SendGrid’s Automated Security settings. With this enabled:

  • DKIM signatures are applied automatically to outgoing emails.

  • An additional security signature may be added by SendGrid.

  • You do not need to manually publish additional DKIM keys for every individual sending domain used by the system.

The benefit of automated security is simplified email authentication management, especially for products that send at scale.

3. How to Validate Authentication

From Email Headers

You can validate authentication in any delivered email by reviewing the message headers:

Look for entries like:

spf=pass
dkim=pass
dmarc=pass

These indicate successful authentication.

Using DNS Tools

To check SPF or DKIM records, use DNS queries such as:

dig txt <sending-domain>

Example:

dig txt em111.event.zuddl.com

If a TXT record exists and includes v=spf1, the SPF policy is published and can be validated.