Radicati Group released the report《Email Statistics Report, 2022-2026》 in November 2022.Report Display,there are over 4.2 billion email users worldwide,and this figure isexpected to grow to over 4.7 billion by year-end 2026.Revenues for all segments of the Email Market combined are expected to total over $63.6 billion in 2022, and will grow to over $105.5 billion by year-end 2026,an average annual growth rate of 14%.The total worldwide email traffic,including both Business and Consumer emails,isestimated to be over 333 billion emails/day by year-end 2022, growing to over 392billion emails/day by the end of 2026.

It can be seen that the user's habit of using email is still continuing; for marketers, Email marketing can still bring a super high return on investment ratio.

Because of that,Numerous spammers exploit flaws in email infrastructure to send spam,such as viruses,Trojan horses,or impersonate brands to deceive consumers.Such emails will not only consume the reputation of the brand, but also damage the property of users, posing a threat to information security.So,email authentication appeared.

Most email servers will use various protocols to verify the messages pushed,Emails that do not pass verification will be rejected or placed in the spam folder.Therefore,the marketing personnel of enterprises need to configure the authentication protocol for the sending domain before sending emails.

The three most important email protocol certifications: SPF, DKIM, DMARC; ARC is still in the experimental stage.

SPF-Sender Policy Framework

SPF is a technology that authenticates the identity of an email sender by IP address. An SPF record is a DNS TXT record of a domain. This TXT record configures the range of sending IPs allowed by this domain.If a message is sent from an IP address other than the above-approved, it is likely that the message is forged.

During SPF authentication, the recipient will first query the SPF record of the sending domain, and then check whether the sender's IP address is contained in the SPF record.

Let's look at it another way:SPF allows the owner of an Internet domain to specify which computers are authorized to send mail with envelope-from addresses in that domain, using Domain Name System (DNS) records. Receivers verifying the SPF information in TXT records may reject messages from unauthorized sources before receiving the body of the message. 

Configuring SPF can reduce the risk of the brand being impersonated to a certain extent,It is also helpful to increase the credibility.

DKIM(DomainKeys Identified Mail)

DKIM is a verification technology to prevent email fraud. It detects whether the sender, subject, content, attachments, etc. have been tampered with through message encryption and authentication.A DKIM record is a DNS TXT record of a domain, and this TXT record is configured with the domain's public key information.

Generally, the sender will insert the DKIM-Signature and electronic signature information into the header field of the email.During the DKIM verification, the recipient will first query the DKIM record of the sending domain to obtain the public key, and use the public key to verify the validity of the DKIM signature of the email.In this way, it can be confirmed whether the email has been maliciously tampered with during the process of sending the email, and the integrity of the email content can be ensured.

DKIM is a method of labeling a message, and it does not itself filter or identify spam. However, widespread use of DKIM can prevent spammers from forging the source address of their messages, a technique they commonly employ today. If spammers are forced to show a correct source domain, other filtering techniques can work more effectively. In particular, the source domain can feed into a reputation system to better identify spam. Conversely, DKIM can make it easier to identify mail that is known not to be spam and need not be filtered. 

DKIM further supplements the authentication of SPF.

DMARC(Domain Message Authentication Reporting and Conformance)

DMARC is a set of email authentication mechanism based on SPF and DKIM. It has established an email feedback mechanism between the sender and receiver, so that the sender and receiver can jointly improve and supervise the management of domains.

DMARC requires domains to set up SPF records and DKIM records in DNS records, and clearly state the handling policy for verification failed emails. The recipient will first query the DMARC record of the sending domain, then perform SPF verification and DKIM verification on the mail, process the mail that fails the verification according to the DMARC record, and feedback the processing result to the sender.

DMARC is an upgrade to SPF and DKIM, and the improvement is that the sender can receive feedback from the recipient on its verification results. Through the setting of parameters such as rua and ruf , the sender can receive the statistics and failure details of domain authentication.

The emergence of DMARC coordinates the cooperation among various technologies, simplifies the judgment process, and allows the recipient to deal with "real spam" more efficiently and confidently.

ARC(Authenticated Received Chain)

In 2020, M3AAWG released the best practice about email authentication "M3AAWG Email Authentication Recommended Best Practices", which mentioned ARC.ARC was released in RFC 8617 in July 2019 and is still in the experimental stage.

ARC mainly solves the problem that the DMARC verification of the subsequent recipients fails due to the modification of certain fields (such as From) during the relaying process of the mail.The way to do this is to add the ARC-Authentication-Results header when forwarding between trusted relays during mail forwarding,If the subsequent DMARC verification of the recipient fails, the verification information of the ARC chain can be used to deem the mail DMARC verification to be passed.

During this period, there will also be information such as ARC-Message-Signature and ARC-Seal to ensure the trust relationship between the relaying and forwarding nodes.Therefore, ARC is generally realized by ISP and ESP. Currently, both Microsoft and Google support ARC, and as enough ISPs support ARC, there will be fewer failed emails caused by relay forwarding, and the recipient will not receive many inexplicable DMARC failure reports.

It is very important to configure the sending domain, which can not only reduce the risk of fraudulent use of the domain, but also improve the delivery rate of emails and the probability of entering the inbox to a certain extent.

When working with Engagelab,The enterprise fills in the sending domain, and the system will give the DNS configuration record values of SPF, DKIM and DMARC.You only need to copy and paste it to the DNS domain management service provider, and then you can complete the configuration of the authentication protocol for the sending domain, which is very convenient.