What is Email Authentication?
A topic that is oft discussed in my day-to-day deliverability work is that of Email Authentication; more specifically SPF, Sender ID and DKIM. One of the first puzzle pieces I review when analyzing sent campaigns and client accounts is proper use of these Email Authentication protocols, and it is surprising how many senders do not have them properly configured.
What is the purpose of Email Authentication?
How can a receiver be certain that an email is actually coming from your organization? This is the problem that Email Authentication aims to solve – it helps receivers verify that the sender of a message actually controls the domain the message appears to be from. Use of Sender Authentication helps protect the end recipient and their system from fraudulent email, helping separate legitimate mail from phishing scams and other forms of spam.
What if we don’t authenticate our email?
If an ISP or spam filter cannot authenticate your message, it may trip some spam flags and be subject to greater scrutiny in the filtering process. Without properly configured authentication, you face increased potential for deliverability issues. There are many variables involved in email delivery, so it only makes sense to stack the deck in your favor and implement those that are within your control.
What Email Authentication methods should we employ?
SPF (Sender Policy Framework)
SPF verifies the sender of a message based on the “envelope” or “bounce” address of a message, which, in the case of mail sent from an Informz account, will be informz.net or informz.ca. The receiving mail server will verify that the IP address from which the message is received has been approved to send on behalf of the domain. Due to the fact that the envelope/bounce address on message sent through our system use one of our domains, all mail sent through your Informz account should pass SPF validation. This does not mean that you shouldn’t have an SPF record for your domain! If you send mail from your own system as well, a valid SPF record should exist for all of your sending domains. Many ISPs and spam filters perform SPF validation as part of their filtering process. Visit the SPF website for more information (some technical) on implementing SPF.
Sender ID functions similarly to SPF, with one key difference; Sender ID analyzes a message based on the PRA (Purported Responsible Address), which is the “From” address that you include in your Informz messages. Because Sender ID verifies that your Informz IP is allowed to send on behalf of your domain, it is critical that you have included the “Main IP(s)” of your Informz account in your domains record, and the “Test IP” should also be included. A properly configured SPF record can also satisfy Sender ID validation, simplifying the setup process. Sender ID was developed by Microsoft, and their products (outlook.com, Exchange, etc.) verify inbound mail with Sender ID, as do many other domains and filters. I often refer senders to the Microsoft Sender ID Wizard to create or verify the Sender ID record for your domain.
Note that Informz IP addresses should be included in the “Outbound Mail Server Addresses” section in order to configure your record for proper sending through Informz. If using one record to satisfy both SPF and Sender ID authentication methods, be sure to select “Both” under the “Scope” section at the end of step 3.
DKIM (DomainKeys Identified Mail)
DKIM works off of a public and private key system. The public key is stored in your domain’s DNS, while the private key is included in the headers of messages you send. When your message is received by an ISP or other mail host, they are able to verify the sender if the public and private keys work together, and they are also able to verify that the message wasn’t altered in transit. Successful DKIM validation goes a long way toward building trust with receivers, and most ISPs (Yahoo, Gmail, AOL & others) utilize DKIM as part of their inbound mail analysis.
Implementation of DKIM is also important because it allows Informz to configure a Yahoo FeedBack Loop (FBL) for your sending IP address. This will provide us with a means for gathering complaint data from Yahoo domains for reporting and list maintenance purposes. Without DKIM, Yahoo won’t allow us to configure their FBL for your sending IP.
Due to the nature of DKIM, Informz must be involved in the configuration process, supplying the public key for you to place in DNS for your domain. Once this is in place, our mail servers will be modified to add the associated private key header to your outbound messages. When you are ready to configure DKIM for your domain, please contact us at Informz and we’ll provide the necessary details. Visit DKIM.org to learn more about DKIM implementation.
How can I check my SPF record?
Emailstuff.org provides a nice tool for checking published records. When using the SPF tool to confirm inclusion of your Informz IP addresses, simply input your sending domain, click “Check”, then compare the IP addresses found under the ADMIN>SYSTEM SETTINGS page of your Informz account with those in the results. If you see your Informz IPs, you are all set!
How can Informz help?
If you have questions on any of the above Email Authentication methods, feel free to contact Informz for guidance. We can’t do all of the setup for you, but we are here to answer any questions you may have!