Email Authentication

Email authentication is the email’s electronic passport verifying the sender's identity; it includes 4 methods of authentication, and it would be perfect to use them all in your mailings:

Sender Policy Framework (SPF)

It allows emailing service to compare the senderʼs email and the server. If the sender domain is disabled to send on behalf of the specified domain, the message will be marked as spam immediately. If SPF records are configured well, attackers will be not allowed to do mailing on behalf of your domain. Actually, the mailing can be done but emails shall not be delivered and sending server will be blacklisted. This is what emailing service will do with your mailing if SPF records for your domain are added to DNS entries incorrectly.

Sender ID

An authentication method that slightly completes the SPF records and enables tracking of forwarded messages too (i.e. emails with multiple senders). If you have SPF already added to entries then Sender ID is optional although Microsoft recommends to use it. It is better to apply both methods to get out of harm’s way.

Domain Keys Identified Mail (DKIM)

It checks not only the sender server at the domain level but also the identity of sender account. For this purpose, a special digital signature verifying the sender is being added to the email. This signature is automatically checked on recipient's line and then compared to actual blacklists. This way, DKIM requires the signature added to each sent email while for both methods above it is enough just to configure DNS entries.

Domain-based Message Authentication (DMARC)

It combines SPF and DKIM and informs ISPs on what they should do with emails that failed the signature or authentication checks.

If you have no idea how your email authentication is configured right now, you can use the Mail-Tester service to check, it’s simple and free.