Trust in Email Begins with Authentication

Unfortunately, forging From: or other commonly seen email headers is trivially easy. It’s one of the most frustrating oversights in the creation of internet email technology — though of course that’s only obvious in hindsight; it was just fine for the pre-internet networks of the late 1970s and early-mid 1980s.

Since then, things have changed — and the most interesting recent technological advancements in email have been in the realm of sender authentication, which encompasses ways to verify that the apparent sender of a message actually is the entity which sent it. Before you can answer the question “can I trust this message?,” you first have to ask “who sent it?” — but before authentication, there was often no way to know for sure.

The first authentication technology to catch the interest of the industry was Meng Wong‘s SPF, which also formed the basis for Microsoft’s SenderID. In parallel, Yahoo! developed DomainKeys, which has now evolved into DomainKeys Identified Mail, or DKIM. All of these are free to use, though some have licensing requirements or patents which may prevent derivative works.

Having what looks like four entirely different technologies may seem confusing, and marketing tactics from some of the organizations involved certainly haven’t helped. Luckily, our friends at the Messaging Anti-Abuse Working Group have published a new white paper, Trust in Email Begins with Authentication, which should help to clarify things. It provides a much-needed substantive overview of the authentication methods and practices currently in use, without inappropriate bias or attempts at coercion.

We hope that this effort will raise the level of debate within the email industry, and lead to faster adoption of authentication technologies. Sender authentication will not, obviously, solve spam — it has very little to do with spam, in fact — but curtailing the bad guys’ ability to send messages that look like they’re from your bank or other trusted institution will certainly help.

This article originally appeared on CAUCE.org in a slightly different form. Some CAUCE Board members — including the author of this article — contributed to the MAAWG document, and are regular attendees of MAAWG events.

minute read

Popular stories

Products

BriteVerify

BriteVerify email verification ensures that an email address actually exists in real-time

DemandTools

The #1 global data quality tool used by thousands of Salesforce admins

Everest

Insights and deliverability guidance from the only all-in-one email marketing solution

GridBuddy Cloud

Transform how you interact with your data through the versatility of grids.

Return Path

World-class deliverability applications to optimize email marketing programs

Trust Assessments

A revolutionary new solution for assessing Salesforce data quality

Solutions

Validity for Email

Increase inbox placement and maximize subscriber reach with clean and actionable data

Validity for Data Management

Simplify data management with solutions that improve data quality and increase CRM adoption

Validity for Sales Productivity

Give your sales team back hours per day with tools designed to increase productivity and mitigate pipeline risks in real-time