5. Authenticate Your Emails
Daniels ii found that only one-third of email marketers have authentication already in place. In 2010, authentication will play an even bigger role in email deliverability with top-tier ISPs as they combat the increase in spam and phishing emails. Authentication validates the origin of messages. It tells ISPs that an email sent from your bank is legitimate and not from a spammer disguised as your bank phishing for your password and account number. If ISPs cannot verify the sender the emails are delivered with the tag “cannot verify sender” or they are blocked completely.
There are a number of free authentication methods available – Domain Keys Identified Mail iv (DKIM), Sender Policy Framework v (SPF), and Sender ID Framework vi (SIDF). The DMA offers the Email Authentication Help Center and Authentication Checklist to help guide you through the process.
Major ISPs are augmenting their IP-based reputation systems with domain-based reputation systems that rely on DKIM. Even Hotmail, which uses its proprietary SIDF system as its primary solution is implementing DKIM as secondary method.
DKIM is a cryptographic authentication solution that requires senders to store public keys in their DNS records while providing matching private keys in their outbound email servers. When an email passes through the outbound service, the private key generates a signature that is embedded in the header of the message. ISPs then verify that the private key created the signature and match it to the public key in the DNS records to validate the message and ensure that the message was not altered in anyway.
SPF is an open standard and a configuration tool that requires domain name owners to publish which IP addresses are allowed to send emails from a particular domain by checking that domain’s DNS record for an SPF record. When an email server receives a message, it crosschecks the sender’s IP address against the domain name in the From address in the message envelope. If it is authorized, the message is assumed legitimate and it is delivered to the recipients. If not, the email is assumed fraudulent and it is either tagged or blocked.
SIDF is similar to SPF in that it crosschecks the sender of the message against the published SPF records. However, whereas SPF checks against the envelope From address, SIDF validates the sender’s IPs against the Purported Responsible Address (PRA), which is also known as the email’s visible From address. If the sender is authorized, the email is delivered and, if not, the email is tagged or blocked.
Figure 5 – Source: Forrester Researchii
Due to the lack of standards across ISPs it is recommended that you implement all three authentication systems. They’re free, and it doesn’t take long to become authenticated; however, it is helpful if you work with your IT department or ESP on the technical requirements involved. If you set up authentication correctly you can protect your identity from spammers and phishers and, thereby, protect your subscribers from fraudulent emails.