Who is an email really from? If an email client shows firstname.lastname@example.org as the sender most people would accept that at face value, but anti-spam filters and email clients are doing much more than just looking at the “from” address of an email. A single email can be relayed through several systems and computers on its journey from sender to recipient. After passing through multiple hands, who really sent the message? Increasingly, anti-spam filters and email service providers (ESPs) care about tracking this trail of servers to make sure that emails only passed through trusted hands.
What’s an email sender’s identity?
When looking at where an email is from, we tend to think of the question on a human level: we think of the person pressing send. Computing devices on the other hand, think of where a message is from in a different way. When a computer sees an email, it doesn’t see the person associated with the email, it sees the message headers. Message headers are information transmitted with the email that detail the electronic path the message took to get to your inbox. Message headers are typically hidden by default on most email clients. If you’re curious about what message headers look like, Google has some instructions for viewing message headers in various email clients. As an email marketer, you don’t really need in-depth knowledge of how to read and analyze message headers, but it’s helpful to know that they exist.
In the message headers are a few pieces of vital information that a computer evaluates in the search for the true sender identity. The header contains details about where the message claims to be from, or the visible “from” address that’s displayed by email clients. There’s also another address known as the “return-path” address, which is where any automated system responses should be sent, including bounce responses. Finally there’s the actual IP address of the computer that sent the message. Modern email systems use Email Authentication technologies such as Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) to test one or more of these possible identities. In a typical email marketing scenario, the visible “from” address will belong to the company you’re marketing for, the “return-path” address will belong to the email marketing platform you’re using, and the IP address will also belong to the email marketing platform, or one email with two plausible sender identities.
Align all the things
This dual sender identity scenario is exactly why Gmail started to show a “via” message to let their users know that they were unable to determine a single sender identity for an email. In order to permit companies to continue using email marketing platforms in a trusted manner, SPF and DKIM checks are used by ESPs to determine if a marketing platform is authorized to send messages on behalf of the company in the “from” address. As you’re probably beginning to realize, the email industry is standardizing around the visible “from” address as the preferred sender identity for an email, so that’s the one that email services and anti-spam filters will increasingly look to validate as the sender identity.
Thanks to SPF and DKIM, email service providers now have a reliable way to verify the various sender identities of an email. The next step is to ensure that the sender identities for an email are aligned. Alignment refers to making sure that all the sender identities match and are authenticated by the company in the “from” address. In an ideal email, the visible “from” address, the “return-path” address, and the IP address of the computer sending the email would all be on the same domain and authenticated using SPF and DKIM. In fact, this is what Domain-based Message Authentication, Reporting, and Conformance (DMARC) was developed to accomplish. DMARC gives the owner of a domain the ability to enforce alignment of email identities for any email claiming to be from their domain. DMARC also allows domain owners to instruct receiving mail servers to reject any messages that did not get sent through trusted hands.
Major ESPs are already starting to use DMARC to protect their domains, with Yahoo and AOL leading the charge by outright blocking the use of their domains in “from” addresses unless the message comes from trusted sources, which are limited to their own infrastructure. As an email marketer, you probably shouldn’t be using a free mail address as the “from” address of your messages, but if you’ve been doing that, now is definitely the time to stop.
The future is bright
While to some the industry trend towards trusted and aligned identities may seem scary, email as a whole will be better for it. Many of the leading email marketing and automation platforms, including Pardot, already support SPF/DKIM/DMARC, so take advantage of those offerings if available. The sooner email marketers embrace SPF, DKIM, and DMARC, the easier it will become to weed out spam and protect the brands that so much effort goes into marketing. Life will only get harder for spammers, but legitimate emails will enjoy a smoother road to the inbox.