Thursday, February 22, 2024, 10:38
We are in the final stage of testing our updated e-mail authentication mechanisms, which will be released before the end of February 2024. E-mail Authentication> is critical if you send mass e-mails. Your IT/Web/e-mail/DNS support person should know how to make the needed changes. Here's what you need to know in an nutshell.
E-mail Authentication is a set of protocols used to determine if an e-mail sent from your domain is legitimate. E-mail filtering tools use these protocols to help protect people from e-mail fraud. In the past it was enough to have any of these authentication mechanisms, now the big e-mail players will be requiring everyone to make use of all of these authentication mechanisms. Large e-mail sites like Google, Yahoo, Outlook, iCloud, etc. will soon be enforcing e-mail authentication, and requiring its presence in e-mail.
What to do immediately! If you have not already done so, create a DMARC record in your DNS. It's easy to create a simple DMARC record that will satisfy the big e-mail providers.
The simplest DMARC record looks like this: _dmarc.mydomain.com IN TXT "v=DMARC1\; p=none\;"
IP-Rev or Forward-confirmed reverse DNS is a self-validating DNS mechanism, which is standard on most mail-filtering appliances. Your mail server has a DNS record that translates its "Name" into an "Internet Address" (the 'A' record) and a DNS record that translates its "Internet Address" into its "Name". With IP-Rev all these DNS Records need to exist and they need to agree with each other.
SPF or Sender Policy Framework is a mechanisms that validates the internet-based origin of an e-mail. In essence it says "these" sources (i.e. mail-servers) are allowed to send e-mail for your domain. It also says what to do with e-mail that does not come from the listed sources.
DKIM or DomainKeys Identified Mail is a mechanism that certifies an e-mail is validated against a domain. It doesn't what the source of the e-mail is. It looks at the content to see if it validates against something one of your domain's servers has created. This is implemented using encryption keys and encryption signatures, that exist in the DNS space, on your e-mail Server and embedded in the e-mail headers of each message.
DMARC or Domain-based Message Authentication, Reporting, and Conformance is a mechanisms for tying everything together. It looks at the "From" address of an e-mail and says what to do if none of the authentication mechanisms pass.
Each of the Authentication Mechanisms has a component that exists in the DNS Space and a component that exists in your PerfectMail Server. You will have to co-ordinate between your technical support people to ensure the proper records and configurations are in place.
-- David Rutherford
Last modified: 2024-04-05, 13:03
© 1999-2013 PerfectMail
Comments
No comments yet.