Everything You Need to Know About Email Authentication

Still catching up? Need some review? This is the resource you've been looking for.

In honor of the launch of Domain Assurance, here's a quick-reference reading list of the most informative articles we've written about email authentication over the past few years.

Another View on Email Authentication (May 2007) used our own data to show why "we believe authentication is something that should be front and center on the mind of every marketing executive."

Trust in Email Begins with Authentication (April 2008) discusses the history of email authentication technologies, and introduces a MAAWG document which goes into further detail.

Searching for Truth in DKIM: Part 1 (March 2009) introduces DKIM, and the important concept of an "identifier." Part 2 explains ADSP, and part 3 explains how DKIM can be used in reputation calculations. Part 4 directly addresses the "truth" question, while part 5 explains what all of that means for you.

DKIM for Discussion Lists (June 2009, on CircleID) disproves the "pernicious meme" that DKIM doesn't work with MailMan-style discussion lists by explaining each step necessary to set things up correctly in a typical open source environment.

DKIM: Not Shiny, But Very Important (July 2009) describes the chicken/egg problem for authentication.

Domain Reputation: What It Means for Email Senders (July 2009) talks about how domain reputation will improve email.

Domain Reputation: Hope or Hype? (November 2009) further describes what domain reputation actually is, and what it will become.

The Final Word on DKIM and Deliverability (December 2009, on deliverability.com) reviews each DKIM signing flag and option, and explains that most of them have absolutely no effect on deliverability.

Who Will the Phishers Spoof Next? Could Be You (February 2010) includes the latest (at the time) statistics on phishing, and describes the best practices for preventing it.

Gone Phishin' (May 2010, in MediaPost Email Insider) discusses the effects of phishing on individuals and marketers.

Building a Policy Layer upon DKIM (October 2010) talks about the thinking behind ADSP, and how it lead to the creation of Domain Assurance.

Where Every Phisher Knows Your Name (January 2011) describes how targeted phishing has become, and how they do it.

Don't Make It Easy For The Phishers (January 2011) explains how using DKIM on your outbound mail can prevent inbound phishing attempts, and Authenticating the Most Important Messages suggests that even authenticating only some email can still be helpful.

Let's Make Security A Priority This Year (February 2010, in MediaPost Email Insider) suggests that the real threat to email isn't coming from mobile devices or social networking or any other new technology — instead, it's the lack of security in email, which many people and companies who rely heavily on email continue to ignore.

Return Path Research Shows Trusted Brands Are Wide Open to Phishing Attacks. Domain Assurance Can Change That. (February 2011) reveals that many of the best senders in the world aren't authenticating their email, which means any phishing attacks against their brands are more effective — and often entirely undetected by the brand owner.

Everything You Need to Know About Email Authentication (March 2011) is the article you're reading right now.

There's also a lot of information in our Phishing 2010 Resource Center, primarily focused on a series of attacks targeting the ESP industry last year.

As you can see, Return Path has been writing about authentication and phishing just about as long as we've had a blog. Some of our employees, myself included, have been involved in the development of these standards since the work began. If there's anything you're still scratching your head over, we can help -- just ask in the comments section below, or contact us for a more in-depth discussion.