Email Authentication Guide

Ever get an email that claims it’s from your bank, or eBay, or PayPal? One that actually looked pretty real, but it turned out to be a forgery? That’s the problem with email: it was originally created to be an extremely easy way to communicate, but it also happens to be extremely easy to forge.

Authentication is a way to prove an email is not forged.

Authentication has been around for years, but large ISPs and corporate email servers (“receivers”) are now using it to control inbound spam. That means large, legitimate email marketers need to make sure their email campaigns are authenticated, in order to prevent deliverability problems to those ISPs.

Types of Email Authentication

There’s no one best authentication method. They all have their advantages and disadvantages. Some simply require a file on your server that can be cross-referenced by a receiver (SPF, SenderID). These methods are easy to implement, but some say not as secure. Other types of authentication (Domain Keys, DKIM) actually embed code in the email itself. These methods make it tougher to forge emails, but they can also be tougher for both the sender and receiver to implement. Because of the various pros and cons, different receivers choose to check for different types of authentication. Until there’s some standard, senders may want to just employ all authentication types (MailChimp’s authentication covers all the bases).

Who’s Checking For Which Authentication?

Here’s a breakdown of which ISPs and receivers are using which types of authentication. If large portions of your list go to these ISPs, you should consider authenticating your email-marketing campaigns.

Receiver DKIM Domain Keys SenderID SPF
AOL [4], [5]
Bell Canada [5]
AT&T/Bellsouth [2], [5]
Charter [2]
Comcast [2], [5]
Cox.net [2]
Earthlink [3]
Gmail [1], [8]
United Online/Juno/NetZero [2]
Hotmail/MSN/Live.com [7]
RoadRunner [2]
Rogers Cable [2]
Verizon [2]
Yahoo! Mail [6]

Sources: [1] Google Gmail; [2] ESPC Email Authentication Report (PDF Download); [3] Earthlink Drops SPF in favor of DKIM, Domain Keys; [4] ReturnPath: AOL Implements DKIM; [5] AOTA's Business and Industry Resource Directory (410KB PDF); [6] Yahoo! Mail Help Article; [7] Hotmail moves to SPF authentication; [8] Understand SPF records;

Note: We make no distinction between inbound vs. outbound authentication. If an ISP uses a certain authentication method for its outbound mail, email marketers should assume they're testing it for use on inbound email one day. For detailed breakdowns of inbound vs. outbound, see: AOTA's Business and Industry Resource Directory (410KB PDF).

Email Authentication Support in MailChimp

Email authentication can help your email marketing campaigns look more reputable, which helps your deliverability to the inbox. So at MailChimp, we support multiple authentication methods to cover all bases:

DKIM Domain Keys SenderID SPF
MailChimp Supports:

Authentication Should Be One–Click Simple

Email authentication is useless if it's too hard to implement. Many email service providers require server setup in order to authenticate your email campaigns. Accessing your server to modify DNS and TXT records and modifying your MTA is just not practical (especially for small businesses). So at MailChimp, we've made authentication a free, one-click process.

Online Trust Alliance logo