An Introduction to Email Authentication Protocols

Email authentication protocols

Email authentication protocols are important but if you have no prior experience of them, they can be a little confusing when you are first starting out on your email marketing journey. There are  many different ones to consider, but we will be start off by looking at the most important:

  • DKIM
  • SPF

Each one differs from the other, but they have one main overall goal and that is to protect users from spam and phishing emails entering their inbox. Both SPF and DKIM work independently of each other, however they can be used to complement each other and provide a greater degree of protection.

DMARC works in conjunction with both SPF and DKIM and ideally you should have both protocols setup alongside DMARC. This is because DMARC provides a final instance of both protocols before adding an additional layer of protection for extra security.

What is DKIM?

Domain Keys Identified Mail (DKIM) is an email authentication protocol that enables a sender to apply a digital signature to outgoing emails to ensure that they can be verified by the recipients’ email provider through their DNS. This helps to guarantee a certain level of authenticity and helps to prevent issues with others trying to commit fraud or devious activities.

How does DKIM Work?

The process begins as soon as the send button is pressed by the user.

A DKIM-signature is created by the sender’s Mail Transfer Agent (MTA) based upon the content of the email, this signature is then inserted, and the email is sent. Upon being received by the recipient’s email provider, the MTA utilises DNS to verify this signature against the sender’s public key.

What is Sender Policy Framework?

When sending an email, it contains two address, the one that is seen as part of the ‘envelope’ and the other one displayed in the header. Sadly, both can be faked relatively easily by spammers, which is why Sender Policy Framework is important.

SPF is an email automation protocol and its only purpose is to spammers from using domains for fraudulent activities. It enables the owner of a website domain to specify IP addresses and severs that are allowed to send emails from that domain, if a spammer tries to trick or spoof the domain, it simply won’t work as the owner has specified that they will only ever send emails from these domains or IP addresses.

How does SPF Work?

The domain owner starts by creating an SPF record to inform mailbox providers the origins, including IP addresses and server, the IP addresses and servers, used to contact the recipient. If an email is sent from any other IP address or server, then the recipient’s email address will likely label as it as spam, and it will not enter the user’s inbox.

When an email provider receives an email, the SPF must be validated before the message is able to appear in the recipient’s inbox. In order to do this the provider must check the domain’s DNS that is included in the from field. During the procedures, if the DNS returns an IP addresses or server that corresponds with one on of the pre-approved origins listed by the owner of the domain, the SPF is authenticated and the email is then much more likely to reach its intended destination.

What is DMARC?

Domain-based Message Authentication, Reporting and Conformance is a combination of both SPF and DKIM; it verifies emails that are being delivered against both of SPF and DKIM policies and then sends its findings in a report to the sender’s domain.

Domain owners also publish a DMARC policy in the DNS, this is in then used as a reference point by email providers and is followed when authenticating emails. This policy contains details on how emails are authenticated and what the receiving email server should do if any email does not comply with the policy.

How does DMARC Work?

DMARC is a form of email checking that ascertains whether emails are coming from a genuine registered domain, this helps to determine whether the email has been sent with the intention of committing fraudulent purposes.

If you have ever received an email in your inbox from a sender asking for personal or sensitive personal data, then there will have most certainly have been a failure in the implementation of DMARC checks as its purpose is to identify and prevent these types of emails landing in your inbox.

In the first phase of the process, DMARC performs an SPF check on the header and envelope forms of the domain names to ensure that everything is in order. Following this is then analyses the DKIM signature by comparing the domain the header form field with the domain listed in the signature.

If an email is to pass DMARC, it absolutely must pass both DKIM and SPF checks, it is also imperative that at least one of DKIM and SPF must be in alignment with each other.

The rdcom platform is an all in one multichannel platform that is suitable for busiensses of all sizes. The platform has powerful anti-spam and email checking features that ensure your emails are conforming to best practice and that your emails will land in your recipients inbox. Claim your free trial of our platform and start sending emails and SMS to your clients today!