Question: How does authentication work, and do I need to become ‘authenticated’?

Published on .

Answer:  E-mail authentication has made news recently, first with Microsoft Corp.’s surprise implementation of Sender ID in June, followed by Yahoo!’s quiet rollout of DomainKeys in July.

Designed to catch forged e-mails before they get to recipients, authentication is a process by which ISPs verify that messages originate from the Internet domain from which they claim to have been sent.

E-mail authentication schemes, including Sender ID, DomainKeys and others, all work in a similar fashion: Participating senders place an entry in their DNS record that ISPs can use either to match mail-server addresses or to obtain public keys for decrypting private digital signatures.

In the alphabet soup of Internet terms, DNS is short for Domain Name System. It’s the Internet service that translates domain names (e.g., "") into Internet Protocol (IP) addresses. If you think of a DNS as giant Internet telephone book, where domain names are customers and IP addresses are their telephone numbers, then authentication seeks to match the caller to the telephone number. In fact, a previous iteration of Sender ID was even called Caller ID for E-mail.

To authenticate an e-mail via Sender ID, the ISP queries the claimed sender’s domain name, asking essentially, "Is the IP address that I received this message from allowed to send e-mail for you?" or, in the case of DomainKeys, "May I get the decryption key to check if this e-mail has been altered from its original version?"

For Sender ID, the query returns the IP addresses that are authorized to send e-mail on behalf of that domain. For DomainKeys, the query returns the public key for the domain, which must fit the encrypted digital signature in the e-mail. A successful validation proves the domain is not faked, nor have the headers or body of the e-mail been altered on its way from the sender.

With an estimated combined total of more than 260 million e-mail users, MSN Hotmail and Yahoo! Mail represent a significant percentage of e-mail consumers. If you send a lot of e-mail, or a significant portion through Hotmail or Yahoo!, it is probably worthwhile to ensure that your e-mail conforms to their authentication requirements. Not only will it help you to get through spam filters, it will prevent others from forging your e-mail address and sending fraudulent messages in your name. Your network administrators, IT department or e-mail service provider can undertake or guide you through this process.

Although the implementation of Sender ID and DomainKeys may cause some initial inconvenience, they ultimately are good for marketers because they help to address the problems of spoofing and phishing, and ultimately will lead to a reduction in the amount of legitimate e-mail that gets labeled as spam.

Elaine O’Gorman is VP-strategy at Silverpop (, a permission-based e-mail marketing solutions provider.

Most Popular
In this article: