The idea of email authentication or verification is not completely new. For the reason that the way email was originally created, it is difficult to verify if an email is really coming from the person who alleges to be sending it. Actually, email authentication method solves the problem by verifying that the sending server is reliable.
All ISPs constantly work to clear their networks from spam. This becomes even more difficult as spammers always use new techniques to stay away from blacklisting and spam filters. One method that spammers generally use is email forging, i.e. making a message like it has come from a specific domain/source, whereas actually sending it from another.
Internet service providers detect email forging with different kinds of e-mail authentication – basically, having the domain owner to provide a list of email sources that are authentic and that they take liability for. In this way, if an email claims to be from that domain, but is not present in that domain's credible mail sources, the internet service provider can reject the message.
Without going into too much technical detail, there are some email authentication principles you should follow:
1. SPF (Sender Policy Framework)/Sender ID
SPF and Sender ID are quite easy to apply. This authentication method depends on individual records linked to your domain that tells e-mail system that it is ok to receive e-mail from other system or domain on your behalf. It is a simple DNS record in which you state which server's IP addresses are permissible to send mail with your domain in from name. It does not give a huge boost to your email deliverability, but it can rarely be the difference between seeing the in-box versus the spam folder.
2. DKIM (Domain Keys Identified Mail)
Domain Keys are a pair of encryption keys that are produced for validation. DKIM or domain keys identified mail inserts a private encrypted key in to each of your email to authenticate that it has really originated from someone you have allowed to send e-mail. There is discretion with DKIM: "The sheer existence of a legitimate signature does not entail that the mail is adequate, such as for deliverance. Adequacy needs an evaluation phase. Therefore, the result of signature authentication must be fed into a test mechanism that is component of the validation filter."
3. ADSP (Author Domain Signing Practices)
ADSP or author domain signing practices allows you to stipulate a policy for messages signed by the author's domain. An email id has to go through DKIM validation first, then ADSP can imply a punishing behavior if the message is not signed by the author's domain.
It is designed for domains greatly abused by phishing and similar deception. They may want to abstain from mail facilities such as email lists and non delivery reports (NDR), which can happen to stay unidentified, in replacement for a cut in abuse.
4. DMARC (Domain-based Message Authentication, Reporting & Conformance)
It allows you to identify a policy for valid messages. It reflects both DKIM and SPF as a joint email authentication technique. The "R" in DMARC, which is called reporting, provides feedback to the author domain. Thus, provides for informed policy framework.
5. VBR (Vouch by Reference)
VBR or vouch by reference gives assurance to a previously validated identity. This method needs some globally accepted authorities that confirm the reputation of domains.
An email sender can apply for a location at a vouching authority. The reference, if acknowledged, is published on the DNS branch administered by that clout. A vouched sender must add a vouch by reference header field to the messages it delivers. It should also insert a domain keys identified mail signature, or use some other validation method, such as sender policy framework. A recipient, after confirming the sender's identity, can validate the vouch declared in VBR-Info.
Applications should not use this method as a means of email authentication. However, it is often carried out and its results, if any, written in the "Received" (heading field besides the TCP information needed by the simple mail transfer protocol specification).
The IP reverse, verified by looking up the internet protocol address of the name just found, is just a signal that the IP was set up correctly in the DNS. The reverse declaration of a range of IP addresses can be given to the ADMD (Administrative Management Domain) that makes use of them, or can be managed by the network provider. In the second case, no helpful identity related to the message can be found.
At last, there is no ideal solution for authenticating an email id and as noted above, there is also no true standard for it. Keeping up with these varying standards is not an easy job for the average e-mail marketer. Even though marketers do not want to apply email authentication methods themselves, they should at least make sure that somebody in the company is doing it for them.