Email Authentication Guide
Ever get an email that claims it’s from your bank, or eBay, or PayPal? One that actually looked pretty real, but it turned out to be a forgery? That’s the problem with email: it was originally created to be an extremely easy way to communicate, but it also happens to be extremely easy to forge.
Authentication is a way to prove an email is not forged.
Authentication has been around for years, but large ISPs and corporate email servers (“receivers”) are now using it to control inbound spam. That means large, legitimate email marketers need to make sure their email campaigns are authenticated, in order to prevent deliverability problems to those ISPs.
Types of Email Authentication
There are several different authentication methods available, each with its own advantages and disadvantages. Some methods (SPF, SenderID) simply require a file on your server that can be cross-referenced by a receiver. These are easy to implement, but have drawn scrutiny from some regarding the level of security they provide. Another type of authentication, DKIM, actually embeds code in the email itself. This makes it more difficult to forge emails, but can also be tougher for both the sender and receiver to implement. Because of the various pros and cons, different receivers choose to check for different types of authentication. Until there’s some standard, senders may want to just employ all authentication types. MailChimp’s authentication covers all the bases.
Who’s Checking For Which Authentication?
Here’s a breakdown of which ISPs and receivers are using which types of authentication. If large portions of your list go to these ISPs, you should consider authenticating your email-marketing campaigns.