Email Sending Authentication Best Practices

How to Authenticate Email

1. Use consistent sender addresses

Be consistent with the "From" addresses and friendly "From" name(s) you use. It can be tempting to have subscribers open a message out of curiosity, but trust in a message starts with a recipient easily recognizing the sender as a brand they trust. Constantly changing "From" names and "From" addresses makes your recipients more susceptible to phishing.

Similarly, avoid using cousin domains or domains that are slight variations of your standard brand's domain, as this also erodes trust in your messages and trains recipients to be more susceptible to phishing attacks. For example, if your domain is example.com, you'll want to avoid using a similar domain like examplemail.com.

2. Authenticate your IP addresses with SPF

SPF stands for Sender Policy Framework and compares the email sender’s actual IP address to a list of IP addresses authorized to send mail from that domain. The SPF record is added to a sender's domain name system (DNS) and contains a list of authorized IP addresses.

3. Configure DKIM signatures for your messages

DomainKeys Identified Mail (DKIM) is an authentication standard that cryptographically signs the messages you send so that receiving servers are confident there was no altering of the message in transit.

4. Protect your domain with DMARC authentication

Domain-based Message Authentication, Reporting & Conformance (DMARC) is a protocol that uses SPF and DKIM to further prevent phishers from spoofing messages.

A DMARC record is published alongside your DNS records and requires both SPF and DKIM to pass. It also requires the from address domain and the domain used in the message's authentication to match. The DMARC record allows the owner of the domain to both instruct receiving servers what to do with messages that appear to be spoofed (such as block them outright or put them in the spam folder) as well as receive forensic reports regarding failed messages and potential spoofing of the domain.

Print Article

Related Articles (1)

This article gives information about Domain-based Message Authentication, Reporting & Conformance (DMARC), a widely recognized email protocol that helps people and businesses protect their email addresses and domains from being misused by third parties.

Related Services / Offerings (5)

Outlook is the Microsoft 365 application utilized for mail and calendaring at the University of Nebraska System.
In order for email messages from third-party email systems like newsletter and other bulk mail applications to pass DMARC requirements, they must pass SPF and DKIM checks.
Microsoft Outlook is the official Email tool for the University of Nebraska System
Desktop and cloud storage and applications