Have you ever gotten emails that you were expecting sent to your junk or spam folder? Have you ever sent emails as a business that didn’t arrive in people’s inbox? Spammers are sending inordinate amounts of emails forcing email providers to protect their users resulting in emails not ending up in the right location. Email authentication standards are the best way to help in that fight. Keep reading to find out what you can do to make delivering emails much more likely.
Email authentication is a way of proving to ISPs (internet service providers) that an email you sent is actually from you and not forged by someone else. Spammers are notoriously good at spoofing email accounts and making them look legitimate. Authenticated email makes it easier to block harmful uses of email, such as phishing and spam. One of the main reasons for authenticating your outbound mail is to differentiate yourself from spammers and other bad senders (such as spoofers) ensuring better deliverability of your communication. For more information on phishing scams, check out our previously published article.
Below, we’ll discuss the three most commonly used email authentication standards: DKIM, SPF, and DMARC. One quick note: for any of these to work, you’ll need access to your domain name’s DNS records. If WTE manages your domain name, we’ll be able to enter them for you. If not, you will need to determine who has control of this and ask them to enter the necessary information.
DKIM stands for Domain Keys Identified Mail. In short, DKIM defends against malicious modification of your email message by ensuring that the message that arrived in your recipient’s inbox was not faked or altered in transit. It works by setting up a key system. There is a public key and private key. Only when both are used will the system work.
This is the simplest method of protection. This 3-step process is relatively basic, but meets the needs of many businesses.
An SPF (Sender Policy Framework) record is an email authentication protocol that allows you to specify which IP addresses are authorized to send email on behalf of your domain. Think of IP addresses as the address of a server, or part of a server. This prevents someone pretending to be you from sending from a server that’s not on your authorized list.
SPF records are published in your Domain Name System (DNS). The DNS is where all of the records related to the domain name you use to send email (such as gmail.com, wte.net, greatcompany.org) live.
When you send email, mailbox providers perform an SPF Check. During the SPF Check, the mailbox provider verifies the SPF record by looking up the domain name listed in your DNS. Then one of two things will happen. If the sending IP address matches those in your DNS, then the message passes authentication. If it doesn’t match, then the email send does not authenticate. Depending on the ISP, the email may be blocked or go to junk or spam.
An SPF-protected domain tends is harder for malicious individuals to use, so is less attractive to attempt something nefarious with. Because of this, emails from these domains are less likely to be delivered to a spam folder and are usually allowed to be received.
DMARC (which stands for Domain-based Message Authentication, Reporting & Conformance) is the latest advancement in email authentication. It’s on pace to become the most widely deployed authentication technology. If your company needs the best deliverability, this may be the best solution for you.
DMARC unifies SPF and DKIM authentication into a common framework by ensuring that legitimate email is properly authenticated against both the SPF and DKIM standards. This means that if mail coming from your organization’s domain is found to be fraudulent, then the messages are blocked.
A message can either pass or fail DMARC. An email must pass SPF authentication and SPF alignment and/or pass DKIM Pass DKIM authentication and DKIM alignment. If both fail, then the message is blocked.
DMARC gives senders the ability to instruct mailbox providers on how to handle unauthenticated mail via a DMARC policy. Senders can choose from one of the three types of DMARC policies (p):
p=none: If you set your DMARC policy to p=none, then the mailbox provider won’t take any action if the emails fail DMARC.
p=quarantine: Setting your policy to p=quarantine means that emails that fail DMARC are treated suspiciously by mailbox providers. As a result, the email gets delivered to an area outside of the inbox, such as the spam or junk folder.
p=reject: This policy indicates you want mailbox providers to reject and block all emails that fail DMARC.
When it comes to choosing a DMARC policy, you should tailor your policy to your organization. For example, p=reject policy tends to be more suited for organizations that deal with sensitive information, such as financial institutions.
Whew! We know that was a lot to take in! But don’t worry, we aren’t expecting you to become an email deliverability expert overnight. That’s where we come in. WTE Solutions can help you with any of the solutions we’ve discussed. Also, with services like AgileMail Pro and our integration with SocketLabs and SendGrid, we give you the ability to send your important transactional and marketing emails from one platform, without having to build, manage, and update everything yourself. If you’d like more information about how we can help you with improved email deliverability, and the pricing for our services, please email us at sales@wte.net.