All You Need to Know About E-mail Authentication
Like all commercial marketers, catalogers need to make sure that messages are deliverable and that consumers have confidence your messages actually are from your organization. Using a postal analogy, e-mail authentication can assure the recipient that your return address, letterhead and personal signature are legitimate. Authentication helps prove that you’re who you claim to be and that you have the right to send e-mail from your IP address.
Very soon, however, e-mail authentication may be more than just best practices; it may be a necessary process in order to clear ISP gatekeepers. If you don’t authenticate your e-mail, it may not be delivered.
In October 2005, the DMA passed an ethics guideline requiring members to authenticate their outgoing e-mails. The guideline, which went into effect Feb. 1, 2006, states: “Marketers that use e-mail for communication and transaction purposes should adopt and use identification and authentication protocols.” It’s designed to protect brands against illegal use and reduce false positives, while decreasing deliverability.
How to Authenticate
E-mail authentication is easy to do and there are several interoperable and inexpensive ways to do it. There currently are two major types of interoperable e-mail authentication systems: IP-based solutions like Sender Policy Framework (SPF) and Sender ID Framework (SIDF), as well as cryptographic solutions such as DomainKeys Identified Mail (DKIM).
The goal of each is the same: to create a public record against which to validate e-mail messages so the legitimacy of senders can be verified. Both technologies work to verify that the sender is authorized to send mail from a particular IP address. Authentication makes it difficult to forge IP addresses or the cryptographic signatures utilized by e-mail authentication systems.
Sender Policy Framework (SPF) is an IP-based technology that verifies the sender IP address by cross-checking the domain in the e-mail address listed in the visible “mail from” line of an e-mail against the published record a sender has registered in the Domain Name System (DNS). When you publish an SPF record for your domain, you declare which IP addresses are authorized to send out e-mail on your Domain Name System behalf. SPF allows senders/marketers effectively to say, “I only send mail from these machines (IP addresses/servers). If any other machine claims that I’m sending mail from there, it is not telling the truth.”