Noticias en la Red: What You Need to Know About Authentication

Michelle: "Tara, can you explain to us in plain English what email authentication is?"

Tara: "In a nutshell, email authentication is a way to verify that an email message actually came from where it says it’s from.” There are at least two emerging schemes at this time that are gaining in popularity. They differ in specifics but, in general, they require senders to make it clear which email servers they are sending from."

Michelle: "Why do we need email authentication? Why is it important?"

Tara: "We need it because literally billions of people depend upon email for communication, so it is essential that email is viable and trusted. In fact, email volume in the United States alone is expected to reach more than 2.6 trillion messages in 2007. We need authentication to bring trust back to email by laying a framework for legitimate email senders to be identified. Email authentication is the first big step to preserving email as we know it today – an important communication tool."

Michelle: "That makes a lot of sense. Now in order to understand how authentication will bring trust back to email, maybe we should start with the benefits. First, what are the benefits email authentication offers to ISPs and corporate domains?"

Tara: "Email authentication will help ISPs and corporate domains determine - with a greater level of confidence – whether an email is genuine or fraudulent and, in turn, whether they should deliver the mail to their customer’s inbox or not."

Michelle: "What benefits can email marketers expect to receive?"

Tara: "As an email marketer, if you meet authentication requirements, your emails will be recognized as legitimate by receiving ISPs and corporate domains that are using authentication as a part of their email filters. Once you are verified as an authenticated sender, your email can be delivered to the recipient. The authentication process is designed to increase email deliverability, reliability as well as reduce false positives for email marketers. In turn I am hoping it will also increase open rates, as users begin to trust their email again. As a bonus, it can help preserve the reputation of companies who utilize email as a communications tool."

Michelle: "And what do recipients or consumers get out of email authentication?"

Tara: "Authentication is a way for email recipients to have a greater level of confidence in their email inbox. If your ISP or corporate domain uses authentication as a filter, you will know that the emails that are authenticated have been properly screened. Recipients will also be better protected from various scams, including spoofing and phishing."

Michelle: "All this makes sense so far. Now for the big question: how does email authentication work?"

Tara: "There are currently multiple types of email authentication but they all are based on a similar principle. They look at the domain the email was sent from -- for example constantcontact.com -- and attempt to verify that it came from an IP/server that is authorized to send mail on behalf of that domain."

Michelle: "I’ve heard about two types of authentication - Sender ID and DomainKeys. What is Sender ID? And what is DomainKeys?"

Tara:" Sender ID is the email authentication tool backed by Microsoft, while DomainKeys is Yahoo!’s tool. They are very similar but Domain keys takes things to another level by adding a cryptographic signature to ensure higher security. No matter which one is being used they all address the basic issue of sender identity."

Michelle: "As an email sender, what do I do to get authenticated?"

Tara: "The technical details should be taken care of by your email service provider or IT department. If you do not have an IT department or are not already familiar with DNS records, IP addresses and mail server administration, you should 1) use an email service provider who can take care of this for you or 2) contact your domain/hosting company for more detailed information. You will need to know all IP addresses that send email for your domain."

Michelle: "This is the part that sounds complicated to me. I know that most of our subscribers do not have an IT department and I’m pretty sure they are not all that familiar with DNS records, IP addresses or server administration. So I’m betting most readers will indeed go the email service provider route and speak with their domain/hosting companies."

"When will authentication be adopted by ISPs and corporate domains?"

Tara: "Microsoft (msn.com and hotmail.com) and Yahoo are expected to be the first to fully incorporate authentication as part of their formula for determining which emails are delivered to the inbox. The expectation is that the rest of the industry will follow suit and adopt either Sender ID or Domain Keys, or both."

Michelle: "That means that email senders and email service providers, like Constant Contact, need to be prepared to address both Sender ID and Domain Keys, right?"

Tara: "That’s right – to cover all the bases."

Michelle: "It should deter spammers if anonymity is replaced with identity. After all, most criminals aren’t afraid of doing something illegal, they’re only afraid of being caught. So can email authentication actually help us enforce Can Spam laws?"

Tara: "We hope so, yes. We always knew that the real solution to spam and other problems was a technological one. Industry experts have been very busy over the last few years collaborating to create a solution that would work for everyone; that would preserve email as a communications medium and restore consumers’ confidence. Email is one of the greatest inventions of the 21st century and it has changed the way that people communicate in their everyday lives. Email authentication is the first big step to preserving this important form of communication."

Michelle: "Thanks Tara, for explaining this significant advance in simple terms that we can all understand."

If you would like more information on email authentication, please visit the following websites:

Emailauthentication.org

The Email Service Provider Coalition (ESPC)

Microsoft Sender ID

Yahoo DomainKeys