When did you last check your email authentication?
Written by
Mathew Vernhout
Mathew Vernhout

Subscribe for updates

When did you last check your email authentication?

Published : October 22, 2020

As a deliverability professional, I spend a lot of time thinking about authentication records as they’re really important for email deliverability. Configuring the proper records and maintaining them is just as important as remembering to change your car’s oil on a regular basis. 

All companies suffer from technical debt or competing priorities for limited time and resources but spending a little time on preventative maintenance can save you a world of hurt in the future. 

Are you hurting your email campaigns without knowing it?

In most cases, it doesn’t hurt to continue to publish outdated authentication records, such as Sender ID or DomainKeys. However, there are a couple of potential concerns when supporting older technologies that need to be considered. Let’s discuss those and provide some updated options.

For example with an older, and likely less secure, DomainKey record were to be compromised, someone could use it to impersonate your organization with a fully authenticated message. Some mailbox providers might initially look to authenticate the mail using these older Domain keys as legitimate.

Back in 2010 when DomainKeys was deemed to be obsolete, the standard key length (security token size) was 512 bits, while current technologies utilizing Domain Keys Identified Mail (DKIM) recommend keys at lengths that are a minimum of 1024 bits or even stronger at 2048 bits. Both of these are significantly stronger and harder to compromise, especially if you factor in regular DKIM rotation practices.

Sender ID was also an early Authentication standard that was running parallel to Sender Policy Framework (SPF). Both acted in a very similar manner checking that the messages, mail from or sender domains, were approved to send on behalf of a particular organization’s domain. SPF ended up gaining more traction within the Mailbox Provider’s (MBPs) authentication tools and Sender ID was eventually depreciated from use.

Oftentimes this scenario happens with a long-established vendor, or forgotten integrations running on older domains potentially for use with an ex-vendor. Keeping an inventory of your domains and a regular review to adjust settings makes forgetting (even accidentally) less likely. Paying attention to your domain history and keeping your authentication updated is as important as patching your computer and upgrading your antivirus protection on a regular schedule. 

How does Netcore manage this for me?

Great question, as part of your account onboarding you were provided a series of DNS records for both SPF and DKIM. These records are maintained by the Netcore team to meet current best practices for mail sent via our networks. However, if you’d like to talk to our team about a review of your additional domains or how we can help with the migration of mail to our platform please reach out to [email protected]

Unlock unmatched customer experiences,
get started now
Let us show you what's possible with Netcore.
Written By: Mathew Vernhout
Mathew Vernhout
VP, Deliverability, North America, Netcore Cloud. With two decades of experience in email marketing, he is an industry veteran leveraging the background in privacy and network operations to help customers improve their digital marketing programs.