What’s the difference between internal and external routing?
Still have a question, spotted an error, or have a better explanation or a source we should cite?
Internal routing handles mail that stays within your organization. Emails between employees, system notifications to internal addresses, alerts from your own servers. This traffic typically moves directly between your internal mail servers without touching the public internet.
External routing is everything going out to other organizations or people. Your customer emails, your newsletters, your transactional receipts. External mail has to travel across the internet to reach a different mail server, which means it needs to look up the recipient's mail server via DNS, negotiate an encrypted connection, and pass authentication checks that the receiving server can verify. That's where SPF, DKIM, and DMARC come in.
Most organizations run separate paths for the two. Internal routing goes through an internal mail server (like Microsoft Exchange or a self-hosted solution). External routing goes through an outbound gateway or directly through an ESP for marketing and transactional sends. The reason to separate them: internal mail is high-priority and needs to be reliable regardless of what's happening with your external reputation. If your external sending triggers a blocklist or deliverability issue, you don't want that affecting your employees' ability to communicate internally. Keeping the paths separate creates that insulation.
Authentication setup matters primarily for external mail. Your internal traffic doesn't need to pass an external server's SPF or DKIM checks, but your external sending absolutely does. If you're checking your authentication records, use our free SPF checker or DKIM checker to verify the external-facing records are correct.
Contributors
Who worked on this answer
Every name links to their profile. Every company links to their site. Real people, real accountability.