Email Authentication Guide
Ever get an email that claims it’s from your bank, or eBay, or PayPal? One that actually looked pretty real, but it turned out to be a forgery? That’s the problem with email: it was originally created to be an extremely easy way to communicate, but it also happens to be extremely easy to forge.
Authentication is a way to prove an email is not forged.
Authentication has been around for years, but large ISPs and corporate email servers (“receivers”) are now using it to control inbound spam. That means large, legitimate email marketers need to make sure their email campaigns are authenticated, in order to prevent deliverability problems to those ISPs.
Types of Email Authentication
There’s no one best authentication method. They all have their advantages and disadvantages. Some simply require a file on your server that can be cross-referenced by a receiver (SPF, SenderID). These methods are easy to implement, but some say not as secure. Other types of authentication (Domain Keys, DKIM) actually embed code in the email itself. These methods make it tougher to forge emails, but they can also be tougher for both the sender and receiver to implement. Because of the various pros and cons, different receivers choose to check for different types of authentication. Until there’s some standard, senders may want to just employ all authentication types (MailChimp’s authentication covers all the bases).
Who’s Checking For Which Authentication?
Here’s a breakdown of which ISPs and receivers are using which types of authentication. If large portions of your list go to these ISPs, you should consider authenticating your email-marketing campaigns.