Answer: E-mail authentication stymies forgery of e-mail messages and allows senders to build a positive reputation with receivers based on mailing behavior.
Now that you are ready to set up authentication records, you must first decide what protocol makes sense for you: SPF, SenderID or DomainKeys. You can find detailed information about each protocol—and the steps to set the records up—by using these free resources:
Once you have decided on a course of action and set your records up, it is imperative to test your authentication records to ensure they are working properly. SPF, SenderID and DomainKeys all provide options to publish your records in “test mode,” which allows you to test without risking delivery failures for mistakes in your record. Testing will ensure that the mail servers you’ve authorized are being verified by receivers and will determine if you’ve missed identifying any mail servers in your inventory.
Some testing options:
- Return Path’s SPF-SenderID testing tool: senderid.returnpath.net
- Port25’s Email Relay: email@example.com
- Gmail: Send to a Gmail account, log in, view message and view the header. Look for the “Received-SPF:” line for the result of its SPF check on your e-mail.
- DNSSTUFF: www.dnsstuff.com/pages/spf.htm
- OpenSPF: www.openspf.org/why.html
- Yahoo!: Send e-mail to a Yahoo! account to check DomainKeys signatures. Yahoo! will also indicate to the recipient when the signature is valid.
- DomainKeys at Sourceforge: http://domainkeys.sourceforge.net (step by step instructions, a few testing e-mail addresses, etc.)
One more piece of advice: Once the records are published and tested, appoint a staff person to make sure they remain current. You must stay vigilant about managing your records if you want them to work for you.
Tom Bartel is chief privacy officer at Return Path (www.returnpath.net ), a provider of e-mail marketing services.