Email authentication is the process of verifying an email message is legitimately sent from the claimed sender and has not been altered or tampered with during transmission. This is crucial for preventing email spoofing, phishing attacks, and other forms of email fraud. Email authentication is set up at the domain level so if you need help, contact your website maintenance person.
There are several mechanisms and standards used for email authentication, including:
- Sender Policy Framework (SPF): SPF allows domain owners to specify which mail servers are authorized to send emails on behalf of their domain. When an email is received, the recipient’s mail server can check the SPF record of the sender’s domain to verify its authenticity.
- Use a Trusted Email Service Provider (ESP): Utilize reputable email service providers like FastMail, Zoho, Outlook, et cetera, which have established relationships with ISPs (Internet Service Providers) to help ensure delivery.
- DomainKeys Identified Mail (DKIM): DKIM adds a digital signature to email messages by using cryptographic techniques. The sender’s outgoing mail server signs the message with a private key, and the recipient’s incoming mail server verifies the signature using a public key published in the sender’s DNS records.
- Domain-based Message Authentication, Reporting, and Conformance (DMARC): DMARC builds upon SPF and DKIM to provide a policy framework for email authentication. It allows domain owners to specify what action should be taken when an email fails SPF or DKIM checks, such as rejecting, quarantining, or monitoring the message.
- Domain-based Authentication for Messaging and Conformance (DMARC): DMARC builds upon SPF and DKIM to provide a policy framework for email authentication. It allows domain owners to specify what action should be taken when an email fails SPF or DKIM checks, such as rejecting, quarantining, or monitoring the message.
- Include Email Services You Use: Add records for all the services that send email for your domain like MailerLite, MailChimp, Constant Contact, et cetera. Also include all third-party services like HubSpot, Honeybook, Teachable.
- Bounce Address Tag Validation (BATV): BATV is a method to prevent backscatter, a situation where a bounced email (e.g., due to an invalid recipient address) becomes an unwitting source of spam. It involves encoding a timestamp or unique identifier into the envelope sender address, which allows the sender to verify bounce messages.
Implementing these authentication mechanisms helps to improve email deliverability, protect against phishing and spam, and enhance the overall security of email communication.