DEV Community


Posted on

Email authenticity

Email Authenticity

What’s email authenticity?

How many times did you receive emails from banks and services you use, that have spelling mistakes or request for your password. Yep that's phishing right there.

You realise there is something fishy about the email. Chances are someone has used a vulnerable SMTP server (a server that sends emails) to spoof your bank’s identity.

That doesn't stop here. Legitimate emails can also be victims of unfair treatment, but why?

How many times did your email end up in a spam folder for no apparent reason? You were possibly simply emailing your customers/followers to wish them a Happy New Year, what could possibly have gone wrong?

You might have done your homework but there might be an aspect that you did not consider: Email authenticity.

Trusting emails

Email authenticity is used to prove that an email arrived into your customer’s inbox originates from a known and identifiable domain. If you email your customers a lot, that would be your domain.

For a heavy email sender this is a great and powerful tool as it enables and ensures that no one will try to spoof your business’s identity. In other words that it is your domain (@ sending that email and not someone else, forging it illegitimately.

For a receiver it’s also great because as an email is received, if the authenticity check fails, you can assume that the email is illegitimate and therefore untrustworthy.

In other words, email authenticity it is similar to providing every domain with a very secure type of social security number or a passport. You can bet that email servers will be “robotically” running those checks on each email received.

How can I authenticate my email?

There are various methods to authenticate your newsletters and email in general. However there are 4 popular methods to authenticate your emails and combining more methods together ensures a higher level of protection that you should definitely know.

More protection against people forging emails on your behalf, more protection against being flagged as a dodgy sender and therefore being flagged as a spammer.

The 4 most popular methods are:

  • SPF
  • SenderID
  • DKIM
  • DomainKeys

Methods such as SPF and Sender ID require you to modify some DNS parameters. Doing that equals basically to creating a white-list of servers that can send your emails. Whether they’re your own company’s servers or external ones.
On the other hand, methods like DKIM and DomainKeys modify and include special authentication codes in the headers of your emails, as they are sent out.

Most public email inbox providers like Google Mail, Hotmail, Yahoo, AOL and even Comcast check for SPF and DKIM as authentication methods for their incoming email. Therefore if your customers/audience are using those services to check their emails I suggest you take email authenticity even more seriously.

On top of writing interesting and compelling messages, trying to address your customer on a first name basis (personalisation), analysing how (open times, geo-localisation) your customer read your emails and tailor emails to their interests (segmentation) and maintain a general sending strategy (more and more people open emails on mobile devices), email authentication is really important. Especially nowadays as spammers and scammers are becoming more of an cumbersome burden.

Therefore, the advantage of using SPF and DKIM to prove authenticity of your emails is that it will effectively lessen the risk of your messages being flagged as suspicious by email services receiving your emails. This means effectively that your emails will be less likely to end up in spam folders as they would do without authentication.

Top comments (0)