Email Security and Authentication

License and Registration, Please: The Importance of Authentication

minute read

Post Image

*Tap-tap-tap* “License and registration, please.”

Anyone who has been pulled over by a police officer has likely heard this dreaded phrase. Police officers ask drivers for these key pieces of information during traffic stops to make sure that:

  1. Your license matches the name that you gave the officer, and
  2. That your registration proves you are authorized to be driving your car.

​This is very similar to how mailbox providers look at authentication when companies send emails to their users. You can think of the mailbox provider as the police officer stopping your emails on the way through the gateway to ask for authentication. Similarly, your authentication is like your driver’s license, and your sending IP address and domain can be thought of as your car’s registration.

If you don’t have a driver’s license to show the police officer, they have no way of verifying your identity, or whether or not you are authorized to be driving the car. The same is true with authentication. 

As your emails pass through, mailbox providers look to see if you are authenticating your emails, and whether you are authorized to be mailing from the IP address and domain that your mail is coming from. Even if everything else about your mailstream looks great, without authenticating your mail, you can’t prove to the mailbox provider that you are authorized to be sending from your IP address and domain. This puts your mail at an increased risk of being delivered to the spam folder at major mailbox providers, or even worse, not being delivered at all. 

In a case study from last May, one of our Technical Account Managers was able to pinpoint an SPF failure as being at fault for a dramatic drop in inbox placement. You can read more about this here.   

To prove that you have a reputable brand, it is imperative that you authenticate your emails. This will help the mailbox provider take the identity guesswork out of the equation when they start making filtering decisions about your mail. Legitimate mail that isn’t authenticated can also be mistaken for a spoofing or phishing attempt, as spammers don’t often authenticate their messages. This will also help protect the ROI of your email program, because more email in the inbox means more engagement from your customers. 

Keep in mind, however, having a driver’s license doesn’t mean you are a good driver. Similarly, authenticating your email is not the only key to the inbox. You still need to implement other sending practices to ensure you’re maintaining a good reputation.  

Authentication methods are constantly being refined and improved. Older methods such as SenderID and DomainKeys have been replaced with more sophisticated measures such as SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail). The newest method of authentication is DMARC (Domain-based Message Authentication, Reporting, & Conformance), which even allows senders to tell mailbox providers how to handle unauthenticated mail.

For more information on authentication and how it can impact your deliverability, please refer to our new ebook, The Ultimate Guide to Email Deliverability.