Email Authentication 101

As an avid email user (and definitely not some kind of dummy), you always hear that following best practices is essential. The reliable delivery of your messages depends on it. One of the best practices is to ensure that you’re correctly representing yourself to your recipients. How does one go about that, exactly? By configuring email authentication using SPF, DKIM, and DMARC settings… duh. No problem, right? Not so much. The three pillars of email authentication, or SPF, DKIM, and DMARC, can be hard to understand. And there are already enough acronyms flying around anyway!Today we’re going to look into these email authentication components and why they’re so important.

What is email authentication?

First, what do we mean by authentication? The definition of authentication is “the process or action of proving or showing something to be true, genuine, or valid.” When we talk about email authentication, we’re talking about ensuring your mail is from you, not an attacker or spammer. Authentication provides proof that an email message is genuine and that it’s coming from who it claims to be from.So why does email authentication matter? Because the world is being flooded with spam and phishing messages these days. According to ZDNet, in an article dated a year ago, 3 billion phishing emails are sent daily! It’s never been more vital that you authenticate your emails. Email authentication acts as your digital ID card and helps providers and spam filtering systems recognize your legitimate email. Meaning you get your work done, and everyone stays safe.

Understanding How SPF and DKIM Authenticate You

The two primary authentication protocols that help validate that an email message comes from who it claims to come from are SPF and DKIM, or Sender Policy Framework and Domain Keys Identified Mail. Think of SPF as your mailman. He picks up your messages and delivers them to your recipient. You know he’s allowed to do that, and your recipient does, too. Even if it’s another mail courier that day (Constant Contact, as an example) instead of your normal carrier, the SPF record helps recipients know it’s OK for them to be delivering your mail.But how does your recipient know who they letter they received is from? The mailman isn’t concerned with the author; he’s just doing his job, not keeping track of what letters are written by whom.In this scenario, DKIM becomes your unique signature on the letter you’re mailing, verifying that you’re the one who sent it. Your recipient can view your signature and compare it against your previous signatures, and be confident that your message isn’t a trick. DKIM acts as a digital signature on your email.

What is DMARC?

Layered on top of SPF and DKIM is DMARC, which stands for Domain-based Message Authentication, Reporting & Conformance. Fun, right? It uses SPF and DKIM to provide instructions for receiving email servers with what to do if SPF or DKIM looks a little fishy. Or phishy. Yes, I said it, and I’m not ashamed. Additionally, your DMARC policy can inform those recipients that it’s best to quarantine or even reject messages that don’t match your SPF or DKIM standards.The big deal, however, is with reporting. Built into the DMARC policy is a reporting address. When a recipient server sees something out of the ordinary, it sends a report to that email address so you can view what’s happening with your domain. These reports allow the domain owner to see which senders are using their domain to send mail.It helps domain admins understand spoofing and phishing attacks by viewing what systems and servers are sending mail that may or may not comply with your SPF and DKIM policies. From there, DMARC allows the domain owner to specify how recipient servers should treat unauthenticated messages. 

How to Start Securing Your Emails with Authentication

The first step to configuring SPF, DKIM, and DMARC is to reach out to see if you are already using email authentication. All our Managed Services customers already have the settings they need, but reviewing the policies is always a good idea. If your business isn’t, we have the necessary skills and documentation to help you set up the correct authentication for your platform. Of course, enabling email authentication isn’t only an email best practice to help deliver your email reliably. It is a critical tool in helping to protect your brand’s reputation by limiting the chances that an unauthorized sender can successfully use your domain without your consent or knowledge.Stay safe out there!

Jeff Hughes

Jeff Hughes

Having a reliable and enthusiastic partner in the IT services and solutions sector is imperative for achieving sustained business growth through effective technological strategies. Jeff Hughes, the CEO of Hermetic Networks, is wholeheartedly committed to assisting clients in optimizing their technology resources to maintain a competitive edge within their respective industries. Within Hermetic Networks, Jeff collaborates closely with a team of dedicated professionals who are deeply committed to delivering exceptional IT security services and solutions. Leveraging his extensive expertise and practical experience, Jeff ensures that clients receive unparalleled support and guidance for their IT security initiatives. When you choose Hermetic Networks as your partner, you can have confidence in our ability to enhance your business systems, helping you stay at the forefront of today's highly competitive business landscape.