(804) 545-3173 [email protected]

Email Authentication For Dummies

by | Email, Microsoft 365, Security

As an avid email user (and definitely not some kind of dummy), you always hear that following best practices is essential. The reliable delivery of your messages depends on it. One of the best practices is to ensure that you’re correctly representing yourself to your recipients. How does one go about that, exactly? By configuring email authentication using SPF, DKIM, and DMARC settings… duh.

No problem, right? Not so much. The three pillars of email authentication, or SPF, DKIM, and DMARC, can be hard to understand. And there are already enough acronyms flying around anyway!

Today we’re going to look into these email authentication components and why they’re so important.

What is email authentication?

First, what do we mean by authentication? The definition of authentication is “the process or action of proving or showing something to be true, genuine, or valid.” 

When we talk about email authentication, we’re talking about ensuring your mail is from you, not an attacker or spammer. Authentication provides proof that an email message is genuine and that it’s coming from who it claims to be from.

So why does email authentication matter? Because the world is being flooded with spam and phishing messages these days. According to ZDNet, in an article dated a year ago, 3 billion phishing emails are sent daily! 

It’s never been more vital that you authenticate your emails. Email authentication acts as your digital ID card and helps providers and spam filtering systems recognize your legitimate email. Meaning you get your work done, and everyone stays safe.

Understanding How SPF and DKIM Authenticate You

The two primary authentication protocols that help validate that an email message comes from who it claims to come from are SPF and DKIM, or Sender Policy Framework and Domain Keys Identified Mail

Think of SPF as your mailman. He picks up your messages and delivers them to your recipient. You know he’s allowed to do that, and your recipient does, too. Even if it’s another mail courier that day (Constant Contact, as an example) instead of your normal carrier, the SPF record helps recipients know it’s OK for them to be delivering your mail.

But how does your recipient know who they letter they received is from? The mailman isn’t concerned with the author; he’s just doing his job, not keeping track of what letters are written by whom.

In this scenario, DKIM becomes your unique signature on the letter you’re mailing, verifying that you’re the one who sent it. Your recipient can view your signature and compare it against your previous signatures, and be confident that your message isn’t a trick. DKIM acts as a digital signature on your email.

What is DMARC?

Layered on top of SPF and DKIM is DMARC, which stands for Domain-based Message Authentication, Reporting & Conformance. Fun, right?

It uses SPF and DKIM to provide instructions for receiving email servers with what to do if SPF or DKIM looks a little fishy. Or phishy. Yes, I said it, and I’m not ashamed. Additionally, your DMARC policy can inform those recipients that it’s best to quarantine or even reject messages that don’t match your SPF or DKIM standards.

The big deal, however, is with reporting. Built into the DMARC policy is a reporting address. When a recipient server sees something out of the ordinary, it sends a report to that email address so you can view what’s happening with your domain. These reports allow the domain owner to see which senders are using their domain to send mail.

It helps domain admins understand spoofing and phishing attacks by viewing what systems and servers are sending mail that may or may not comply with your SPF and DKIM policies. From there, DMARC allows the domain owner to specify how recipient servers should treat unauthenticated messages. 

How to Start Securing Your Emails with Authentication

The first step to configuring SPF, DKIM, and DMARC is to reach out to see if you are already using email authentication. All our Managed Services customers already have the settings they need, but reviewing the policies is always a good idea. 

If your business isn’t, we have the necessary skills and documentation to help you set up the correct authentication for your platform. 

Of course, enabling email authentication isn’t only an email best practice to help deliver your email reliably. It is a critical tool in helping to protect your brand’s reputation by limiting the chances that an unauthorized sender can successfully use your domain without your consent or knowledge.

Stay safe out there!