What is Email Authentication
The three frameworks of Email Authentication
What is Email Authentication
One of the most important factors in protecting your email reputation is email authentication. In other words confirming the real identity of the email sender.
There are three distinct frameworks that email authentication involves.
These are:
- Sender Policy Framework
- Doman Keys
- Domain-Based Message Authentication Reporting & Conformance
Each framework has different purposes. However, when sending emails, it is suggested to include all three in your email sends.
Email Authentication Framework
Let’s go over each framework to better understand their purposes.
Sender Policy Framework (SPF)
Sender Policy Framework (SPF) tells mail exchangers, such as Google and Outlook, which hosts are allowed to send an email from a domain. Administrators generate SPF records in their public DNS.
Mail servers that receive emails from your domain, then use SPF to ensure that the email is actually coming from your domain.
SPF also protects your emails from being spoofed and getting sent to spam.
Domain Keys (DKIM)
Domain Keys (DKIM) allows a company to take responsibility for an email in a way that can be verified by email providers through Cryptographic Authentication.
This provides companies with two things:
- It guarantees the sender is who they say they are.
- It guarantees the content of the message
Cryptographic Authentication adds a digital signature to your message header. This message, when received, validates and authorizes your domain name. Your DKIM signature is created using a unique string of characters that is stored as a public key.
Domain-Based Message Authentication, Reporting and Conformance (DMARC)
Domain-Based Message Authentication, Reporting, and Conformance (DMARC) was created to prevent phishing attacks. DMRAC, built upon SPF & DKIM, standardizes the two.
There are three basic parts to DMARC.
- DMARC provides a way to confirm the from domain is authentic. It does so by using the DKIM & SPF authentication results.
- You are able to define how the from domain has to align. There are two options: strict or relaxed
- Strict: Domain match must be exact- if your from address is pugsareawesome@email.com but the actual sender was pugsareawesome@email.sender.com, then your email message would be considered unaligned
- Relaxed: Allows for subdomain matches. This means the addresses above would be aligned.
- You are able to define how the from domain has to align. There are two options: strict or relaxed
- DMARC lets you choose what to do with emails that receivers and spam filters receive that are not DMARC aligned. If aligned, through DMARC you can publish a policy for the inbox provider to always delete unaligned email or always put unaligned email in the spam folder.
- A reporting feature that allows you to find sources of legitimate, non-DMRAC aligned mail, so it can be fixed and be aligned. Reporting can also help you track down and prevent phishing attacks.