How Sender Authentication Affects Your Outbound Emails

SPF. Sender ID. DomainKey. No, these aren't fancy locksmith tools or types of sunscreen. These are all ways to verify the identity of an e-mail sender.

Aimed more at controlling online fraud than alleviating spam, e-mail authentication enables more reliable message filtering. Using some form of e-mail authentication can help also prevent spoofing, phishing, and hoax messages -- e-mail messages that claim to be sent by well-known organizations and attempt to steal your account information and passwords by asking you to reply with personal information like your credit card number, social security number, or account password.

So if you receive an e-mail that purports to be from Citibank or eBay, sender authentication can detect whether the sender is legitimate or an impostor engaged in brand spoofing and phishing.

You're probably scratching your head and wondering how will this affect you and your nonprofit? Authentication is rapidly becoming a critical factor for determining whether your e-mail messages, newsletters, and other transmissions will be delivered or snared in a spam filter. Those transmissions will increasingly get marked as spam -- unless you implement some kind of authentication.

The most common types of e-mail authentication are: Sender ID, SPF, and DomainKeys. This new wave of e-mail authentication means that all mail servers from which your organization sends mail (including the servers of your vendors as well as your own internal mail servers) will need to comply with those authentication protocols if you want your mail to reach large segments of your audience.

Knowing how these authentication frameworks function is important, whether you're sending the newsletters from your own servers (in which case you should adhere to the guidelines) or using a third-party mailing list manager (in which case you should make sure they adhere to the guidelines.)

First, a Word about DNS

The authentication standards noted above are all dependent on information in the Domain Name System (DNS), the infrastructure that translates IP addresses to domain names. DNS records have been expanded so that domain owners can identify the specific mail servers authorized to send e-mail for their domain.

When someone receives mail purporting to be from your organization's domain, sender authentication systems will be able to check your DNS record to see if the sending mail server is authorized to mail in your name. Failing an authentication test is an indication that a message may not have a trustworthy sender, and should be subjected to spam filters.

Unlocking the Power of SPF

Regardless of the type of authentication being used, a surefire way to keep your messages from landing in a spam folder is make sure your servers and the servers of any e-mail service provider you're using has published its SPF, or Sender Policy Framework, records.

More and more ISPs and spam-control systems will be checking your organization's domain name records for compliance with the most widely adopted e-mail authentication, system: SPF, or Sender Policy Framework. AOL, for example, requires that e-mail senders use SPF if they want to be whitelisted, which ensures delivery to AOL subscriber inboxes.

Any ISP or spam-control system using Sender ID will be checking your organization's domain name records for SPF data. To make sure your DNS records are updated to comply with SPF, you'll need to get in touch with the technical contact on your DNS records for every domain you own that sends e-mail. (You can find the contact easily by searching the "whois" record for your domain name[s] at Network Solutions' WHOIS search.)

Then, instruct the technical contact person at your ISP to publish an SPF record for your organization. An easy-to-use SPF wizard is available at Sender ID. Anyone concerned about the deliverability of their e-mail messages should enhance their DNS records with SPF data as soon as possible.

What about Sender ID and Domain Keys?

To protect MSN and Hotmail users from phishing and spam, Microsoft uses Sender ID to validate the origin of an e-mail message. By verifying the IP address of the sender against the owner of the sending domain, Microsoft can identify unauthenticated messages and divert them to junk e-mail folders. Making sure that your SPF record is up-to-date will assure that Sender ID will validate your messages, and that they will get through to Hotmail and MSN users.

DomainKeys is a different kind of authentication using a cryptographic signature to verify both the domain of each e-mail sender and the integrity of the messages sent (i.e., that they were not altered during transit). Yahoo! employs the DomainKeys approach, which alerts recipients whenever the identity of e-mail senders cannot be verified. Read more about it on Yahoo's DomainKeys page.

By complying with these various authentication standards, you can reduce your e-mail's delivery barriers and demonstrate to your audience that you are a reputable and trustworthy e-mail publisher.