AuthenticateI hope you all had a wonderful holiday. Being the New Year, a lot of us are making New Year\’s resolutions. If you haven\’t come up with a resolution, I have a great suggestion:

Please authenticate your email using DomainKeys.

While Sender Policy Framework (SPF) and SenderID have become mainstream methods of authenticating email, DomainKeys still seems to be in obscurity. It is amazing to me that I receive emails from large Fortune 500 level companies, yet none of them are using DomainKeys — not even email coming from:

  • Airlines
  • Banks
  • Travel Agents
  • Worldwide shipping companies
  • Car Rental Companies
  • Home improvement stores

All these companies have multi-million dollar budgets to spend on advertising and technology – but haven\’t implemented this free and incredibly powerful authentication system. Here\’s why they should care:

DomainKeys help to identify and authenticate that an email message is coming from the correct original source. Spammers will often forge the \”from\” email address in order to fool or trick the reader into opening it, called \”spoofing.\” DomainKeys helps to prevent this by using public and private key cryptography to let users verify that a message is actually coming from the domain that is listed in the \”from\” email address.

A number of ISPs are currently checking/verifying DomainKey signatures:

British Telecom
Rogers Cable

A new authentication called DomainKey Identified Mail (DKIM) is now being implemented into mail infrastructures. While it is very similar to DomainKeys, it has many technical differences that allow more security and flexibility.

Currently no ISP\’s are verifying emails signed with DKIM, however it is anticipated that Yahoo and Gmail will be checking this in the near future. Check out our recent article on DKIM vs. DomainKeys here — Understanding Email Authentication

Here are some suggestions on how start moving forward with setting up all of your email authentication:

    1. Make sure your hosting facility supports authentication records. If they can support DNS text records, then you are good to go.
    2. Create and then TEST your records to make sure they are working. Remember that it takes time for changes in DNS to propagate across the Internet.
    3. Ensure that your syntax is correct. Common mistakes include extra quotes and spaces.
    4. Only publish records for IP addresses that you send email from.

As spam continues to plague email boxes, ISPs and mail systems will also continue to keep out the illegitimate email by any means possible. Using email authentication will help you ISPs to identify your mail as legitimate.


Authenticate [SPF]
Authenticate [SenderID]
Authenticate [DomainKeys]

Thanks and Happy New Year,

Jaren Angerbauer

Drink Responsibly, Drive Responsibly, Email Responsibly