What's Email Authentication? How does it apply to me?

Along with other technical standards we actively employ and adhere to in order to ensure industry leading deliverability, AWeber authenticates the email messages we send for our users.

AWeber authenticates all outgoing messages with:

  • DomainKeys Identified Mail (DKIM)
  • SPF
  • Sender ID

Although it's not the only factor involved with email deliverability, it is an important one, and understanding that we authenticate your email is essentially all you need to know about it if you are an AWeber user.

But why do we authenticate email? Read on for a better understanding of this important tool.

Understanding Email Authentication

ISPs continuously work to rid their networks of spam. This becomes increasingly difficult as spammers employ new techniques to avoid blocklisting and content filters.

One tactic that spammers often use is email forging (making a message appear to come from one domain/source, while actually sending it from another).

ISPs combat email forging with various forms of Email Authentication - essentially, having the owner of a domain provide a list of mail sources that are "legitimate" and that they take responsibility for. That way, if an email message purports to be from that domain, but isn't listed in that domain's legitimate mail sources, the ISP can refuse the message.

There's more than one authentication standard

Not all ISPs use the same technology to authenticate incoming messages, and so in order to get the best email deliverability possible you need to use each of the major authentication standards.

At present there are three major authentication standards:

  • Sender Policy Framework (SPF)
  • Sender ID
  • DomainKeys and DomainKey Identified Mail (DKIM)

Let's take a quick look at each one and what ISP/s may be using it.

We've tried to make these next sections as non-technical as possible, but to be honest it's pretty technical stuff.

Don't worry... the important thing is that the email newsletters and autoresponders you send through AWeber are authenticated.

This is just in case you're curious...

What is SPF?

According to the SPF website:

"SPF authenticates the envelope HELO and MAIL FROM identities by comparing the sending mail server's IP address to the list of authorized sending IP addresses published by the sender domain's owner in a "v=spf1" DNS record."

Basically what this means is: when a given website attempts to email you, your ISP can use SPF to check what IP address that email was sent from, and compare it to a listing of all the IPs that website uses to send email. If the IPs don't match, then the email isn't actually from that website, and your ISP can choose to not deliver it to you.

Who uses SPF?

Many providers such as AOL, Google, Earthlink, Outblaze, Yahoo, Road Runner, Hotmail, Bellsouth, Verizon, Charter, Shaw, Adelphia, and Juno also use SPF.

What is Sender ID?

Engineered by Microsoft, Sender ID is based off of SPF and addresses the same problem (email forging) by authenticating a different part of the email message.

Sender ID uses an algorithm to determine the Purported Responsible Address (PRA) for an email message, and then to validate that address against the website's Sender ID record.

Who uses Sender ID?

Since Microsoft played a pivotal role in the creation of Sender ID, it's not surprising to find Hotmail and Windows Live Mail as the largest users of this type of authentication.

What are DomainKeys?

DomainKeys and DKIM work slightly differently than SPF and Sender ID.

With this standard, a website generates two corresponding "keys" - one public and one private.

You can think of the public key part as similar to SPF and Sender ID records since they're available to be seen by anyone. The private one, however, is only made available to the website's email servers.

When an email message is sent, the private key is placed into the message's headers. That way, when your ISP receives the message, they can check the public and private headers to make sure that the message is from who it claims to be, and that it hasn't been altered while being transmitted.

Who uses DomainKeys?

Yahoo! is responsible for developing DomainKeys and is the largest email provider using it. Gmail, AOL and Earthlink are other big users of the DomainKeys authentication standard, and overall DomainKeys is arguably the fastest growing of the three major standards.

Have more questions? Submit a request