Authentication 101: The Fundamentals

Posted by Sarah Matthews on

What is authentication?

Email authentication is the process by which a sender is validated through published records, such as SPF and DKIM, that they are who they purport to be. After hitting send on an email, the originating server sends the message with identifying information to the recipient’s mail server. This server queries DNS with that information and uses the records provided to validate authenticity. The recipient server may choose to block any messages that fail authentication checks.

Why is authentication important?

Authentication provides a foundation upon which senders can build a trustworthy email program. By authenticating messages, senders are taking ownership of their content and sending practices. It also helps to prevent forged emails from being delivered. As JD Falk points out in his blog, forging a sending domain is all too easy, so spammers will use this tactic to trick unsuspecting subscribers into opening messages they weren’t expecting to receive. This can erode trust in the subscriber community and damage brands’ reputations.

Authentication Glossary

Authentication terminology can be confusing with lots of acronyms and unfamiliar terms pointing back to each other. Below is a glossary of some of the most important elements of email authentication.

DNS: The Domain Name Service, or DNS, is a protocol that takes the alphabetic domains human users enter and translates them into numeric IP addresses that computers can recognize. Similar to the way a phone book maps names to phone numbers, DNS maps domains to IPs. See a more detailed explanation here.

TXT Record: TXT is a type of record for storing text information in DNS. It is used verify domain ownership and to implement email security measures such as SPF, DKIM, and DMARC.

MX Record: MX stands for Mail Exchange. This record maps a domain to a list of mail exchange servers. By using value settings like 10, 20, 30, etc. to assign priority, senders determine which servers are used and in what order, which allows mail to be rerouted if a server goes offline. These settings can be adjusted in DNS.

A Record: Sometimes referred to as an Address Record, this maps a hostname to an IP address. When entering a domain, DNS is queried and returns an IP address, allowing the user to access that domain.

PTR Record: Also known as reverse DNS (rDNS), the “pointer” record is the complement of the A record, mapping an IP address to a hostname. When entering an IP address, the PTR records finds and resolves to the associated domain.

SPF Record: SPF, which stands for Sender Policy Framework, describes a list of IP addresses that are allowed to send emails from a specific domain. Mailbox providers check the return-path domain when verifying SPF.

DKIM: DKIM stands for Domain Keys Identified Mail and is the next stage of Domain Keys. DKIM uses a pair of cryptographic keys, one private key that all outgoing messages are signed with and one public key that is published in  DNS. Senders can configure DKIM settings to ensure any mail sent using their domain is actually coming from them and can adjust filters to treat all other messages suspiciously.

DMARC: DMARC, or Domain-based Message Authentication, Reporting & Conformance, standardizes how mailbox providers authenticate and deliver mail by utilizing existing SPF and DKIM records. Senders can indicate if their emails are protected by SPF and/or DKIM, and tell receivers to junk or reject a message if neither of those authentication methods passes. See dmarc.org for more information.

Clear as mud? Post your questions in the comments! You can also download our e-book The Ultimate Email Deliverability Glossary for more common email terms and definitions.


Popular this Month

 Featured Image

10 Tips on How to Identify a Phishing or Spoofing Email

Phishing attacks are more rampant than ever before, rising by more than 162...

Read More

 Featured Image

Build Your DMARC Record in 15 Minutes

Implementing DMARC (Domain-based Message Authentication Reporting and...

Read More

 Featured Image

How to Explain DMARC in Plain English

DMARC (Domain-based Message Authentication, Reporting & Conformance) is...

Read More

Author Image

About Sarah Matthews

Author Archive

CTA Image

Stay up to date

Enter your name and email address below to subscribe to our mailing list.

Your browser is out of date.
For a better Return Path experience, click a link below to get the latest version.