Every time a mail server receives an email, it verifies the authenticity of the sender. If any of the checks fail, it acts according to the policies set by the sender in the DMARC record. This may result in the email being flagged or bounced.
This process can vary slightly in approach, but generally it goes like this:
- The sender implements the necessary protocols to authenticate emails sent from their domain. These are configured on the mail server and in the DNS zone file for the sending domain.
- When an email is sent, the receiving mail server looks for certain identifiers in the email and in DNS records to verify the identity of the sender and ensure that the email is safe to deliver.
- The recipient mail server checks the records. If the email authentication is verified, the email is delivered to the recipient’s mailbox. Otherwise, it follows the policy rules set by the sender, which may result in the email being sent to spam or bounced.
Email Authentication Types
SPF protocol
SPF (Sender Policy Framework) works choose how you add cad and bim data to your scene by allowing domain owners to publish designated lists of authorized mail servers that are allowed to forward email on their behalf. This SPF record is added to the domain’s DNS configuration.
When a server receives an incoming email, it checks the sender’s IP address against the domain’s SPF record.
If the server’s IP is listed as authoritative, the a stable internal environment message is confirmed to be from a valid source. If it is unauthoritative, authentication fails, indicating potential forgery.
DKIM (DomainKeys Identified Mail)
DKIM (DomainKeys Identified Mail) provides email authentication through digital signatures based on cryptographic key pairs. The private key signs the email content as it is sent. This encoded signature contains the hash details of the message and the sender’s identity is included in the message.
The public key is published in the DNS records text services of the sending domain. After the receiving server receives a DKIM signed message, it uses the public key to decode and verify the signature, confirming that the integrity of the email matches the signature and that it has not been tampered with in transit if the signatures align.
BIMI protocol
Like DMARC, this type of email authentication is optional and adds an extra layer of authentication for your business. Using BIMI instantly makes your emails more trustworthy and professional. This helps increase subscriber engagement as well as reducing the possibility of fraudulent activity by setting a standard for emails sent from your domain.
