These days many of us are connected to the internet and in fact do our banking online, do commerce transactions online and occasionally get emails from companies such as eBay, PayPal, Amazon, Expedia, Ticketmaster, and sometimes our bank.
Upon receiving these emails however do we really know if in fact they are being sent from the company that the email appears to be coming from?
Email was originally created with the idea that it would make communication fast and easy. However as more and more of us started to use the internet, criminals saw this growth as an opportunity to make money by sending emails that are misrepresent themselves and appear as if they are from large institutions such as our banks and other commerce sites but are actually not at all. These are commonly known as email phishing scams.
They way criminals do this is by forging emails headers as well as the HTML template to make it look like the email is coming from the genuine company itself.
An example of how realistic looking some of these spoofed emails are, have a look at the following web page http://www.millersmiles.co.uk/identitytheft/spoof-email-and-spoof-web-page-library.htm
This is the reason why email authentication is so important. It is done with the sole purpose of letting ISP’s know your emails are legitimate and are not being spoofed by criminals. To authentication an email marketing program is in effect having the owner of a domain address supply a list of mail sources (usually IP addresses) which are “genuine”. The reason this is done is so that if an email message seems to be arriving from a specific website domain, although it is in fact being sent from a different domain and or IP address, most ISPs will either reject these email messages or send the message to the junk mail folder.
Not all ISPs employ the same tools to validate email messages that arrive on their servers which is why in my opinion an organization should implement every possible email authentication standard in order to get the best email deliverability rates. If your organization is using third party email service providers such as MailChimp, Campaign Monitor, AWeber, StreamSend or any other reputable organization then they will either implement email authentication for you on their backend or they will assist you in implementing it within your account.
At the present time, the following email authentication methods exist.
Sender Policy Framework (SPF) – SPF authenticates the envelope HELO and MAIL FROM identities by evaluating the sending mail server’s IP address to the list of certified sending IP addresses published by the sender domain’s owner in a “v=spf1″ DNS record. The website to get more information on SPF authentication is http://www.openspf.org/Related_Solutions
Sender ID – The Sender ID structure was designed by Microsoft as well as other industry partners to deal with the complexity of validating an email sender’s identity. The website to get more information on Sender ID is http://www.microsoft.com/mscorp/safety/technologies/senderid/default.mspx
DomainKeys and DomainKey Identified Mail (DKIM) – Using these authentication techniques a website would produce two corresponding “keys” – one that is public and one that is private.
The public key is very similar to SPF and Sender ID records in view of the fact that they are accessible and are viewable by anyone. The private key, on the other hand, is just made accessible to the website’s email servers.
Every time an email campaign is sent, the private key is included within the email message headers. The reason this is done is because the internet service providers can verify the public and private headers upon receiving the email message into their servers. They do this to confirm that the email message is from who it states to be, as well as confirming that the email message has not been changed or distorted while it was in transit from the sending email server to the recipient’s email server through cryptographic authentication.
The website to get more information on The DomainKey is http://domainkeys.sourceforge.net/
The website to get more information on The DomainKeys Identified Mail (DKIM) is http://www.dkim.org/
Every email marketing program should have implemented email authentication as part of their email marketing best practices. If they have not yet, they should as soon as possible because implementing email authentication will without question lead to higher inbox deliverability rates which will increase engagement with email subscribers resulting in higher revenue.
legitimate
