Email Authentication

What does email authentication mean?

Several factors in the emails you send that influence the effectiveness of your email marketing, and these are separate from what is actually written in the email.

Email authentication is the bridge between email providers and users. The bridge itself is built out of trust and respect and to keep this bridge from falling, you need to be confident enough to prove it. The more confidence a mailbox provider has that the emails you send are legitimate, the more likely that provider is to deliver the message to the prospect’s inbox.

Email providers use email authentication to protect users from spam, phishing scams, and other malicious emails. Therefore, by properly setting up your email authentication you are doing your best to maximize your email delivery.

Organizations establish technical standards to communicate these messages and define a common approach to defining the rules for email authentication that any organization can implement.

The most common authentication standards are:

• SPF allows senders to define which IP addresses are allowed to send mail for a particular domain.

• DKIM provides an encryption key and digital signature that verifies that an email message was not faked or altered.

• DMARC unifies the SPF and DKIM authentication mechanisms into a common framework and allows domain owners to declare how they would like an email from that domain to be handled if it fails an authorization test.

Therefore, understanding how to authenticate email is crucial importance for your organization.

How to prove email authenticity

Let's think of emails as if they were traditional letters. The envelope should contain the addressing labels to inform the postal service where the letter should be delivered. The envelope would also contain information about who is sending the letter and inside the letter, the sender would add his greeting to the recipient.

These two things, the delivery instructions on the envelope and the information inside the letter, do not have to match. Email is exactly the same!

Within an email message, there is information that informs the delivery systems who sent the email and where to deliver it. (This is usually not visible to end users as it is hidden in email headers.) There is also the payload of the actual email content. This is what mail clients show to their users. Just as with the letter, these two things do not have to match. This is by design, to support features like BCC (blind carbon copy).

To prove sender authenticity, you need to:

• Make sure that the address information in the email contents matches the addressing information in the delivery instructions.

• Check that the server sending the email to that particular email address is allowed to do so.

• Make sure that nothing has changed the contents of the email along the way.

• Ask the authorized sender for a particular domain what to do with an email that fails authenticity checks.

Now that we have explained the general basis of email authentication, let’s dig deeper into the main authentication standards.