Word of the Week: Security

The past week had some announcements in the email security realm and how email providers are helping to secure the channel for everyone involved.  Here are some of the more noteworthy articles and blogs to share on the topic.

Authentication has always been a cornerstone in helping secure email by validating the identity of the sender.  To further help validating a sender’s identity for email users, Gmail has started displaying a “sent on behalf of” for all unauthenticated messages sent by a third party, such as an Email Service Provider (ESP) or in some forward-to-a-friend notifications where the From: domain is spoofed, and where the DKIM signing domain is different from the From: domain.  This is to help email subscribers identify possible spoofed or phishing messaging more easily.  Senders can stop this “via” link by publishing an SPF record or signing with DKIM.  Here is the Google support page on the matter.  Additionally, Laura Atkins from Word to the Wise has a great write up on the recent changes as well.

In addition to the “sent on behalf of” notifications, Gmail explains that they will also add a warning of “this message may not have been sent by…” where authentication fails for a Gmail.com domain.  Spoofing the From: domain is pretty common for social networking site invites and forward-to-a-friend emails.  At Return Path, we recommend to not spoof the From: domain and instead use your own, and to authenticate with SPF and DKIM.  Senders can include a sender: header as well to pass this check for spoofed From: domains, but then will also have the “sent on behalf of” message displayed in their emails, so again it’s better to use your own.

InformationWeek compares Microsoft’s Office 365 and Google Apps for enterprise email in the cloud and what that means for email security.

92 days later after their massive email breech, Epsilon has created an email security solution by only allowing whitelisted IPs to access their systems.

John Dvorak thinks that email would be more secure, and we’d have better email standards if the USPS jumped in on the email provider bandwagon back in the day.  I’ll let you ponder that and come to your own conclusion.

Terry Zink discusses the reason for all security issues, like phishing emails, are due to the very people in the organization.  While I agree with his sentiment that user education is important, humans can be easily fooled so additional measures are needed for security, as education alone isn’t enough.  Technology like spam filtering and Domain Assurance are more important because of this.

How does your organization help secure the email channel for both enterprise users and subscribers?

minute read

Popular stories



BriteVerify email verification ensures that an email address actually exists in real-time


The #1 global data quality tool used by thousands of Salesforce admins


Insights and deliverability guidance from the only all-in-one email marketing solution

GridBuddy Cloud

Transform how you interact with your data through the versatility of grids.

Return Path

World-class deliverability applications to optimize email marketing programs

Trust Assessments

A revolutionary new solution for assessing Salesforce data quality


Validity for Email

Increase inbox placement and maximize subscriber reach with clean and actionable data

Validity for Data Management

Simplify data management with solutions that improve data quality and increase CRM adoption

Validity for Sales Productivity

Give your sales team back hours per day with tools designed to increase productivity and mitigate pipeline risks in real-time