Is Your Email Authentic?
Earlier this spring, participants in the 2010 RSA Conference gave this warning: the only way to reduce phishing and spoofing is through email authentication. Further, the only way to rid the world of phishing and spoofing is for widespread adoption of email authentication across industries. Everywhere you turn, experts agree it is a must-do for email marketers today. Still not sure about it? Email authentication also improves your deliverability!
So what is email authentication?
Email authentication allows organizations to confirm email messages as originating from an authorized source. It can be achieved several different ways. These protocols can be deployed singularly or in combination, they are SPF (Sender Policy Framework), Sender ID, and DKIM (DomainKeys Identified Mail). SPF and Sender ID are considered easier to implement, however each protocol has its own benefits and disadvantages that should be evaluated before determining what’s best for your organization.
So where should you start to find out more about it?
BITS created this email authentication guide last year that provides a thorough examination of DKIM and SPF. The guide itself targets the financial sector, however the information is applicable to all industries. And although sometimes very technical, BITS does an effective job of highlighting the tradeoffs of each protocol and includes helpful links and resources.
If DKIM isn’t a protocol you’re company would implement, check out Return Path’s Best Practice Guide on email authentication. They cover SPF and Sender ID and include important links to help you get started. The tone of this guide is more practical and less technical.
And if you are already authenticating your emails, well done! If not, you’re not alone. Although the number of authenticators is growing (51% now versus 20% 18 months ago), there are still half of us who need to evaluate and deploy this key tactic.
As you get started, remember authentication is one layer of security — a very important layer — but it is not a complete solution. Other security measures such as encryption and anti-spam technology are also essential.