Email Authentication Guide

Ever get an email that claims it's from your bank, or eBay, or PayPal? It actually looked pretty real, but it turned out to be a forgery? That's the problem with email: it was originally created to be an extremely easy way to communicate, but it also happens to be extremely easy to forge.

Authentication is a way to prove an email is not forged.

It's been around for years, but is now starting to grow in popularity as large ISPs and corporate email servers ("receivers") are using it to control inbound spam. This means large, legitimate email marketers need to make sure their email campaigns are authenticated, to prevent deliverability problems to those ISPs.

Types of Email Authentication

There is no one "favorite" or "best" authentication method. They all have their advantages and disadvantages. In short, some simply require a file on your server that can be cross-referenced by a receiver (SPF, SenderID). These methods are easy to implement, but some say not as secure. Other types of authentication (Domain Keys & DKIM) actually embed code in the email itself. These methods make it tougher to forge emails, but can also be tougher to implement for the sender, and the receiver. Because of the various pros and cons, different receivers choose to check for different types of authentication. Until there's some standard, senders may want to just employ all authentication types (MailChimp's authentication covers all bases).

Who's Checking For Which Authentication?

Here's a breakdown of what ISPs and receivers are using which types of authentication. If large portions of your list go to these ISPs, you should consider authenticating your email marketing campaigns...

Receiver	DKIM	Domain Keys	SenderID	SPF
AOL ^{[6], [7]}
Bell Canada ^[7]
Bellsouth ^{[2], [7]}
Charter ^[2]
Comcast ^{[2], [7]}
Cox.net ^[2]
Earthlink ^[3,4]
Gmail ^[1]
Hotmail ^[5]
Juno/NetZero ^[2]
MSN ^[5]
RoadRunner ^[2]
Rogers Cable ^[2]
Verizon ^[2]
Yahoo! Mail

Sources: [1] Google Gmail; [2] ESPC Email Authentication Report (PDF Download); [3] Earthlink to test authentication, [4] Earthlink Drops SPF in favor of DKIM, Domain Keys; [5] SenderID is a Microsoft standard; [6] ReturnPath: AOL Implements DKIM; [7] AOTA's Business and Industry Resource Directory (410KB PDF)

Note: We make no distinction between inbound vs. outbound authentication. If an ISP uses a certain authentication method for its outbound mail, email marketers should assume they're testing it for use on inbound email one day. For detailed breakdowns of inbound vs. outbound, see: AOTA's Business and Industry Resource Directory (410KB PDF)

Email Authentication Support in MailChimp

Email authentication can help your email marketing campaigns look more reputable, which helps your deliverability to the inbox. So at MailChimp, we support multiple authentication methods to cover all bases:

	DKIM	Domain Keys	SenderID	SPF
MailChimp Supports:

Authentication Should Be One-Click Simple

Email authentication is useless if it's too hard to implement. Many email service providers require server setup in order to authenticate your email campaigns. Accessing your server to modify DNS and TXT records and modifying your MTA is just not practical (especially for small businesses). So at MailChimp, we've made authentication a free, one-click process.

Authentication & Deliverability Resources:

Authentication Standards:

MailChimp's Authentication Resources:


Anti-Spam Policy & Terms of Use \| Privacy Policy \| About \| Contact \| Help \| Search \| Site Map Email Marketing Resources \| Free HTML Email Templates \| Partners \| Find an Expert \| Add-ons \| API \| Blog \| Demos \| Surveys \| Webinars \| Subscribe to our free Email Marketing Tips Newsletter New Features: A/B Split Testing Emails \| Google Analytics Integration \| Email Authentication \| Segmentation © 2001-2008 MailChimp. All Rights Reserved. \| Toll-Free: 1-866-284-2541