Authentication is absolutely essential for professional email transmission. If you want to go further than SPF and DKIM and use DMARC, then alignment is obligatory. But even without DMARC, alignment is a correct and important step to implementing an authenticated email.

DMARC stands for: Domain-based Message Authentication, Reporting and Conformance: domain-based message authentication, reporting and conformance of messages. The background to DMARC.org is to increase security in e-mail communication and to ensure greater protection of e-mail recipients against phishing mails, as well as facilitating domain reputation. The goal is to filter out or intercept certain forms of criminal e-mails (phishing) early on so that they do not reach the users. Phishing is the forging of e-mail messages to Internet users, in which, for example, a link contained in the e-mail does not lead back to the reputable provider but rather to the attackers in concealed form, who thus intend to obtain sensitive private data. Phishing can also be done through attachments or requests in an e-mail. Frequently, the sender’s address is disguised to simulate a valid sender to the recipient of an e-mail. This is verified, among others, by DMARC in order to detect any “forgeries”.

DKIM is a widely used method for the authentication of emails. But when DKIM is not used correctly, it is not effective and can offer a false sense of security. For this reason, here we have summarized the common Best Practices for DKIM.

In the first place, what is phishing? Phishing is an invented word cobbled out of the two words “password” and “fishing”. Criminals use fake emails to try to obtain personal data – in particular login data – from their victims by luring them to fake websites and tricking them into entering their data. In the meantime, a multitude of bogus companies exist. For some time now, not only banks, but also online shops, social media, online games, and many more companies are being counterfeited.

Bounce management or bounce handling refers to the processing of returns, also known as non-delivery notification or non-delivery report (NDN or NDR), in email transmission. The aim is to remove unreachable addresses from the mailing lists. A distinction is generally made between soft bounces and hard bounces. Since bounce management falls within the scope of list hygiene, it is the task of the brand to process bounces. However, a professional ESP largely relieves the brand of this work with automatic tools. Read the full document here.

Commissioning a mail server is initially not terribly complicated, but at the latest when it comes to keeping an eye on your reputation, or if you want to implement authentication measures like SPF (Sender Policy Framework), DKIM (DomainKeys Identified Mail) or DMARC (Domain-based Message Authentication, Reporting and Conformance), it becomes considerably more complex and there’s no way around using appropriate analytical and other tools. Fortunately, there are several free possibilities available in the Internet. The websites are all in English. Read the full document here.

Validating an email address is a really hard task. Some tried huge regular expressions to solve this, but they are unreadable and do not cover every case. This leads to the conclusion that, as a sender, you should not only use a valid address in your From header, but also one that is simple and practical, because some exotic, but still valid, addresses might not be processed correctly by MTAs and other involved systems like spam filters. Read the full document here

What is a spamtrap and what is it good for? Who operates spamtraps & how to avoid spamtraps?

In order to increase the quality of the sendings, brands often choose to work with anemail service provider (ESP) instead of sending the emails on their own. The ESP thenasks the brand to set up SPF, DKIM and other standards. But why is this needed? Let'shave a brief overview on how a typical multi-stage spam filter works today.

It’s often recommended, but how does an double-opt-in email actually work in practice? And why is it recommended in the first place? Senders of commercial emails must be able to show (and prove) that they have consent to use an email address and that the consent was given by the actual owner of said address. Numerous legal decisions have shown the following: