When did you last check your email authentication?



As a deliverability professional, I spend a lot of time thinking about authentication records as they’re really important for email deliverability. Configuring the proper records and maintaining them is just as important as remembering to change your car’s oil on a regular basis. 

All companies suffer from technical debt or competing priorities for limited time and resources but spending a little time on preventative maintenance can save you a world of hurt in the future. 

Are you hurting your email campaigns without knowing it?

In most cases, it doesn’t hurt to continue to publish outdated authentication records, such as Sender ID or DomainKeys. However, there are a couple of potential concerns when supporting older technologies that need to be considered. Let’s discuss those and provide some updated options.

For example with an older, and likely less secure, DomainKey record were to be compromised, someone could use it to impersonate your organization with a fully authenticated message. Some mailbox providers might initially look to authenticate the mail using these older Domain keys as legitimate.

Back in 2010 when DomainKeys was deemed to be obsolete, the standard key length (security token size) was 512 bits, while current technologies utilizing Domain Keys Identified Mail (DKIM) recommend keys at lengths that are a minimum of 1024 bits or even stronger at 2048 bits. Both of these are significantly stronger and harder to compromise, especially if you factor in regular DKIM rotation practices.

Sender ID was also an early Authentication standard that was running parallel to Sender Policy Framework (SPF). Both acted in a very similar manner checking that the messages, mail from or sender domains, were approved to send on behalf of a particular organization’s domain. SPF ended up gaining more traction within the Mailbox Provider’s (MBPs) authentication tools and Sender ID was eventually depreciated from use.

Oftentimes this scenario happens with a long-established vendor, or forgotten integrations running on older domains potentially for use with an ex-vendor. Keeping an inventory of your domains and a regular review to adjust settings makes forgetting (even accidentally) less likely. Paying attention to your domain history and keeping your authentication updated is as important as patching your computer and upgrading your antivirus protection on a regular schedule. 

How does Netcore manage this for me?

Great question, as part of your account onboarding you were provided a series of DNS records for both SPF and DKIM. These records are maintained by the Netcore team to meet current best practices for mail sent via our networks. However, if you’d like to talk to our team about a review of your additional domains or how we can help with the migration of mail to our platform please reach out to engage@netcorecloud.com

Join 20,000 Marketers who get our Blog Emails Every Week!

Kickstart YOUR growth journey with our expert tips on marketing automation, personalization, email, mobile marketing and more. Only 2 emails per week.

Matthew Vernhout

Matthew Vernhout

Matthew is a leading expert in email deliverability, privacy, compliance, and consulting practices. He is VP-Deliverability at Netcore for North America and also founder of the Canadian Email Summit. Matthew holds active leadership positions within the email community, including roles as a Director-at-large with CAUCE, the Chairperson of the ANA's EEC, and the Communications Chair of the AuthIndicators Working Group. A well-revered blogger behind EmailKarma, he is the co-author of the book 'A Complete Guide to e-Marketing under Canada's Anti-Spam Legislation.'

Join 20,000 Marketers who get our Blog Emails Every Week!