SMTP Authentication – Missing leads from your website contact form?

, , / January 25, 2024 / Rich Holmes

Have you noticed a drop or complete lack of emails being received from your website contact form? Have you tested your contact form to ensure you are still picking up important leads? It is becoming more common that business leads are being missed as emails are either consistently ending up in junk or simply being filtered out by email providers, before it even hits your inbox.

This is actually a good thing!

OK, so not getting the emails isn’t a good thing but the filters in place to stop the emails arriving is a good thing, what you need to do is make sure you’re properly setup to demonstrate your authority to send these emails.

So what’s actually the problem? Well essentially you have a contact form on your website, someone hits to submit the message to you and the website, using the details you’ve provided, sends a notification to you that a message has been received. The email address that you use to send from must, however, be authenticated to show it has the authority to send messages. There are a few scenarios where messages might not be delivered:

To and From are the same - If your website is configured to send the email to the same email address as the from address then this can cause the email to simply not be sent.

From address doesn’t exist - You are using a fake email address, that has no actual mailbox. For example you just enter noreply@mycompany.org as the from address but that mailbox just doesn’t exist anywhere

From address exists but website isn’t authenticated - You are using a valid from address but you’ve not set up to authenticate the website to send using that address.

In this last scenario what essentially happens is the email is sent and email servers then check the email and say OK, we can see that mailbox exists but you’ve not been confirmed on the approved list and so we’re worried this could be a spam email and won’t deliver to an inbox.

Email Deliverability Solutions

There are several steps that could be taken to rectify this, ultimately combining all steps is the best possible approach but you may find some improvements in email deliverability by actioning one or more of these solutions:

SPF ( Sender Policy Framework ) record is a DNS record that you add to your domain to tell the world which IP addresses are authorised to send email. Simply adding your website IP address will give you a pass for this check and that may be enough, in some cases, for email to be delivered.

DKIM ( Domain Keys Identified Mails ) records need to be used in combination with SMTP authentication. Essentially you have a DKIM DNS record that is a cryptographic signature, used to verify the legitimacy of the emails sender. If you send via SMTP authentication then a key is sent with the email and then the recipient email server checks that key against the domains DKIM record and either passes or fails. If a malicious person tries to send from your domain, without a valid key, or matching key, then the check will fail and likely end up in spam. If your website doesn’t authenticate then you will automatically fail this test, as no key will be sent.

DMARC ( Domain-based Message Authentication Reporting and Conformance ) is, again, a DNS record and this tells systems what to do with the results of the 2 test above ( SPF and DKIM ). You can set this to none, quarantine or reject, so emails are either allowed to go through, held if the tests fail, or be rejected entirely.

Whenever you send an email from Outlook, Thunderbird, Apple Mail or your phone etc, you will always be authenticated and so having these tests in place means you can be confident and set all emails to reject if they don’t pass the tests. Any spoofing or masking, from your domain, will then be rejected and your reputation maintained.

Emails sent from websites, without authentication, would, however, be rejected in this case and quite rightly as there’s no evidence to say you are eligible to send emails, using that email address.

SMTP Authentication

This leads nicely to SMTP authentication. All this simply means is that you connect your website contact form with your mail server so, much in the same way you send emails from your preferred email client, on computer or phone, your website does the same thing and says, let me just check with your mail server and send it directly from there. That way the DKIM key will be sent, passing that test, the SPF record should already be set up and correct so you will pass the 2 tests and therefore have your email delivered with authority and trust - no more missing contact leads!

In conclusion, the combination of SPF, DKIM, DMARC and SMTP authentication improves your email security, the authority of your website to send emails and protects against a number of cyber threats that can damage your brand. The integration process is a one time setup and will remain valid for as long as your site and emails stay as they are.

We are seeing increasing numbers of people complaining about missing contact form emails and the simple reason is email servers are doing a better job at protecting us against spam and spoof emails. Instead of complaining about extra security we just need to embrace it’s power and make sure we’re one step ahead of our competitors! Please contact us if you’d like support in setting this up.

Scroll to Top