19 June 2019 - Sharon Beilis

Email authentication is, like it or loathe it, a modern necessity. Cyber crime is a lucrative business, and everyone is a target.

However, the world of authentication protocols can be confusing. So, we’re going to break it down for you into (more or less!) simple terms:

 

What are the main email authentication protocols?

Where email is concerned, there are three main types of authentication protocols:

  • Sender Policy Framework (SPF). An SPF protocol is among the oldest authentication protocols out there, but it still works. Essentially, an SPF checks out the ‘from’ address of an email, ensuring that the sender is who they say they are. It works like this: the recipient email server asks the sender’s domain to verify that the sender is authentic by requesting a list of IP addresses which are authorized to send from that domain. If the server from which the email is sent does not appear on said list, the SPF will ‘fail’ the email
  • Domain Keys Identified Mail (DKIM). DKIM is a bit tighter than SPF. A DKIM protocol ensures that emails are tamper proof by providing the sender with a private cryptographic key. This key encodes the headers of messages. People opening the emails do so via a public key hosted on the Domain Name System. So, any recipient can see the contents of an email using DKIM, but it is impossible for anyone other than the authentic user to send emails purporting to be from that address, or to tamper with emails en route, without the private key.
  • Domain Message Authentication Reporting and Conformance (DMARC). DMARC builds on the authentication procedures established by SPF and DKIM. DMARC provides a feedback system, allowing senders and recipients to track and report authentication protocols completed and/or failed during the email’s journey. It’s a lot more useful than you’d think.

    Sometimes, authentication protocols get it wrong. In such cases, DMARC gives senders and recipients options. For example, you as the recipient may know that an email you were expecting from a friend is trustworthy, but it may have failed the SPF and/or DKIM protocols nonetheless. DMARC will show you the email but will warn you that the contents may be compromised. It’s then up to you whether you open it or not.

    Overall, DMARC makes the authentication system a lot more flexible on a human level, while still maintaining security. If SPF and DKIM are the digital equivalent of putting your message in an envelope and sealing it shut, DMARC is the delivery person who can make (and query with you) on-the-go decisions about how safe your mail is during transit and delivery.

SPF and DKIM are the absolute minimum your business needs in order to maintain trustworthy deliverability. We’d even go so far as to say that DMARC is a necessity these days if you truly want to protect your domain and subscribers.

It sounds complicated but, luckily for us, the vast majority of the authentication work is automated. All you have to do is make sure that you’re choosing the right domain with the right authentication protocols for you. If you're looking to learn more, check out Google's guide on implementing these protocols

 

Why are email authentication protocols important?

Well, there’s more to it than simple security. Authentication protocols increase deliverability by rendering your emails more trustworthy. A triple-authenticated domain is more likely to hit inboxes and less likely to be consigned to Spam or burned up by firewalls.

From a consumer point of view, authentication protocols are important because:

  • They reduce spam. Authentication protocols catch spam before it manages to clutter up your inbox.
  • They make it easier to avoid phishing. Phishing and other social engineering attacks often rely upon forged sender information. Authentication protocols make such forgeries a lot harder to push through, and a lot easier to spot if they do get through.

From a brand point of view, authentication protocols:

  • Raise trust in your brand. Email is often the main point of contact between consumer and brand. Demonstrating that your emails are authentic and safe not only improves overall deliverability, it also makes it clear that you are taking precautions to keep valuable data safe and are therefore inherently trustworthy.
  • Make your emails more reputable and secure. Quite honestly, there’s no real reason not to put the most secure and rigorous authentication protocols in place for your email operations. Cyber security is hugely important these days, and consumers won’t stick with your brand unless they can trust you. Authentication protocols are your first line of defense against email hackers, and one of the simplest yet most effective methods of demonstrating your commitment to keeping your customers’ data safe.

 

More deliverability insights

Looking for other ways to increase your deliverability? Check out the following blogs:

Gmail Spam Filters: Make Sure You're in The Know

Email Experts Answer: How to Land in The Inbox in 2019