August 22, 2017
Authentication is essential to email deliverability
By Ryan O'Keefe
Authentication? Are you seriously going to write about the benefits of making sure you have proper authentication before sending an email? Why yes I am — and I’ll give you reasons why doing this will not only help your deliverability (getting into those inboxes) but it will also help with building a better reputation with your supporters.
What Is Email Authentication?
Authentication lets you verify who you are as a sender so that the mailbox providers you are sending to can approve your message as trustworthy and not spam. Common methods of email authentication include SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail). A newer authentication tool that’s available to senders is DMARC (Domain-based Message Authentication, Reporting & Conformance), which provides a standard way for senders to establish policies for mailbox providers to use when email from them doesn’t pass SPF and DKIM.
Another way of thinking about it is to imagine you are heading out to a special VIP party that’s invitation only. Once you reach your destination, the doorman asks to see your tickets or ID before they let you in. If you know the person throwing the party, sometimes it’s as simple as a handshake to greet each other, but other times it’s a more formal ID check. Verifying you have a DMARC policy in place might be akin to telling the doorman what to do when someone doesn’t have ID — like turn them away or let them in and give them a warning for next time.
If DKIM and SPF are your door locks, DMARC is your alarm system.
Where did DMARC come from and what is it specifically? Let’s travel back in time to 2012 when “Gangnam Style” was atop the pop charts and Disney bought Lucasfilm for some strange reason, oh yeah — Star Wars. There was a group collaborating on a standard for combating fraudulent email at Internet-scale which they developed based on their experiences with SPF and DKIM.
The result of their efforts is DMARC. This new standard allows a sender to indicate that their messages are protected by SPF and/or DKIM, and then tells the receiving mailbox provider what to do if either one or both of those authentication methods fails authentication — such as deliver anyway, quarantine, or outright reject the message. It also provides instructions around what percentage of mail to apply the policy to and where to send reports about policy violations.
DMARC removes guesswork from the mailbox provider’s handling of these failed messages, limiting or eliminating the user’s exposure to potentially fraudulent & harmful messages. DMARC also provides a way for the mailbox provider to report back to the sender about messages that pass and/or fail DMARC evaluation. DMARC is especially helpful for organizations who send email through multiple email service providers and need to know which authenticate properly.
Email Authentication Best Practices
What can you do to ensure that your email authentication setup is configured for optimum deliverability? You can configure SPF and DKIM. The big thing is to take the extra time and properly set this up so that you can walk into that VIP party feeling like you belong and everyone knows who you are.