Email authentication is an attempt to prove that the person in the from address is who they claim to be. It's not a guarantee of deliverability in any way, it just ensures you are really you. So if email authentication is not going to ensure your message is delivered, then why bother?

Let's look at it like a license plate on your car. You should have one on your car when you drive, it's a good practice. Now, it doesn't provide a 100% assurance that you should be allowed to drive, but it's a good start. If a cop sees you driving down the road without a license plate they will pull you over for sure. You may be authorized to drive, but they are going to look at you at lot more closely. So you should have a license plate no matter what, even if you are a law abiding driver.

If you were speeding, you wouldn't expect a license plate to get you out of a ticket, would you? It just proves that you were the one speeding, and not some one else.

Both of these scenarios translate over to sender authentication. You should be using authentication as it can help to show that you are attempting to be a law-abiding email marketer. But if you are sending out bad emails then you can't expect authentication to get your emails into the inbox. 

Now that you know why you should be using sender authentication, let's switch gears and learn about what this involves. Some of you may be worried that this is going to be overly complicated. But don't worry, we've made sender authentication a walk in the park ... the ball park.

Setting The Field

There are two major teams you can join up with, but just to complicate things, each one has another version as well. They both make use of storing information in the publicly available domain definition for your website, technically called a DNS entry - or just DNS.

Who are the players?

DomainKeys is the scheme that Yahoo! created some time back, it has evolved into DKIM or DomainKeys Identified Mail. DKIM and DomainKeys both work by signing your message with a private key, then leaving a corresponding public key in your DNS.

Anyone receiving one of these signed messages can check the resulting signature using that public key. There's a lot of technical details to how the whole public / private key scheme works. Suffice to say it is complicated, but it does work.

The other major player here is Sender Policy Framework or SPF. It's cohort is SenderId, which was developed by Microsoft based off of SPF. As opposed to checking a signature, these two make use of DNS to specify IPs (server addresses) that can be used to send email for your domain.

Whenever some one receives an email that was supposedly sent by you, they can look up the originating IP and see if it is listed in your DNS. If it is listed in your DNS, then it checks out.

Unfortunately both of these schemes have their shortcomings. However, they are both a great start, and large ISPs are starting to get serious about them. By implementing them for your email marketing campaigns, you are helping to ensure that you won't be blocked unnecessarily. So to clarify, these won't ensure that your message gets delivered, but it will help to ensure that your message isn't booted outright.

Who's at Bat?

So who's making use of these for authentication? It's different for every ISP, but all of the major ISPs make use of one or both of these. Yahoo! supports DKIM and Domain Keys. MSN and their related sites use SenderId with several other large providers - Verizon, Roadrunner, charter, etc. - using SenderId and/or SPF. There are also a large number of providers that support at least one version of both systems, including Gmail, Earthlink, BellSouth, and others.

Is this a home run?

Not really, with such a mish-mash of support at ISPs you may be wondering what to do. Luckily for you this isn't a Red Sox vs. Yankees situation, you don't have to pick sides - you can implement both without any pain. And that's where it stands right now, if you are sending email you need to be using both authentication schemes.

That's why at Bronto we support all of these authentication methods. We want to ensure that you have the highest deliverability possible to all the ISPs out there.

Looking for more info? Check these pages out:

DKIM

DomainKeys

SPF

Sender Id

Adam Covati
Product Manager at Bronto