Legal
Email Authentication & Deliverability
How Movement Atlas ensures every email reaches your inbox safely and authentically
Email Authentication Standards
Movement Atlas implements the three pillars of email authentication to protect you from spoofing, phishing, and ensure our emails reliably reach your inbox. These standards are required by major email providers (Gmail, Outlook, Yahoo) and by SendGrid for production sending.
1. SPF (Sender Policy Framework)
SPF tells email providers which servers are authorised to send email on behalf of movementatlas.com. When you receive an email from us, your email provider checks our SPF record to verify it came from an authorised SendGrid server.
movementatlas.com TXT "v=spf1 include:sendgrid.net ~all"
Only SendGrid servers can send email as @movementatlas.com. All other sources are soft-failed.
2. DKIM (DomainKeys Identified Mail)
DKIM adds a cryptographic signature to every email we send. Your email provider verifies this signature against a public key published in our DNS records, confirming the email was not tampered with in transit and genuinely originated from Movement Atlas.
SendGrid generates CNAME records for DKIM signing:
s1._domainkey.movementatlas.com CNAME s1.domainkey.u######.wl###.sendgrid.net s2._domainkey.movementatlas.com CNAME s2.domainkey.u######.wl###.sendgrid.net
2048-bit RSA keys managed by SendGrid (Automated Security). Every outbound email is signed.
3. DMARC (Domain-based Message Authentication)
DMARC ties SPF and DKIM together by telling email providers what to do when authentication fails. Our DMARC policy instructs providers to quarantine unauthenticated emails and send us aggregate reports so we can monitor for abuse.
_dmarc.movementatlas.com TXT "v=DMARC1; p=quarantine; rua=mailto:[email protected]; pct=100; adkim=s; aspf=s"
- p=quarantine: Unauthenticated emails are sent to spam, not delivered to inbox
- pct=100: Policy applies to 100% of emails
- adkim=s; aspf=s: Strict alignment for both DKIM and SPF (exact domain match required)
- rua: Aggregate reports sent for monitoring and abuse detection
Bounce & Complaint Handling
We maintain a clean sending reputation through automated bounce and complaint management:
- Hard bounces (invalid addresses) are permanently suppressed - we never send to them again
- Soft bounces (temporary issues like full mailboxes) are logged and retried
- Spam complaints immediately suppress the reporting address from all future emails
- SNS signature verification ensures only genuine AWS notifications modify our suppression list
- Configuration Set tracking provides real-time delivery, bounce, and complaint metrics
Email Compliance Standards
Every email sent by Movement Atlas complies with international anti-spam and privacy regulations:
- CAN-SPAM Act (US): Physical mailing address, clear unsubscribe mechanism, no deceptive headers
- GDPR (EU): Consent-based email with granular preference management, right to withdraw at any time
- CASL (Canada): Express consent tracking with timestamp, IP address, and consent type recorded
- DPDP Act (India): Data protection compliant with explicit processing purposes
- List-Unsubscribe: RFC 2369 compliant one-click unsubscribe via both HTTPS and mailto headers
Sending Infrastructure
- SendGrid (Twilio): Enterprise-grade email delivery with 99.95% uptime SLA
- TLS encryption: All emails encrypted in transit using TLS 1.2+
- Retry with backoff: Transient failures automatically retried with exponential backoff
- Message logging: Every email send attempt logged with status for audit and troubleshooting
Questions about our email practices? Contact us or view our Anti-Spam Policy.