In simple words, authentications are ways to show to the MBPs (MailBox Providers) that Splio has authorization to send messages, using your "credentials". In practice, authentication exists to associate a domain name to a message, validate the author or origin of a message, validate the content of a message, and create reputation. It can also help preventing phishing.
The most used entries when it comes to email athentication are:
- SPF (Sender Policy Framework) record: it is a TXT record that publishes the list of servers allowed to officially use a domain name in the “HELO” (or “EHLO”) and “MAIL FROM” (not the Visible “From:” header field) steps of the SMTP transaction. Simplifying: it is a list of authorized email servers, for a given domain.
- DKIM (DomainKeys Identified Mail) record: this TXT record publishes a series of “public keys” that can be used by anyone to control a cryptographic signature that we will include in your message headers. If the signature cannot be successfully verified, it could mean the headers or the content of the message have been tempered with.
- DMARC (Domain-based Message Authentication, Reporting and Conformance) record: this TXT record is built on the widely deployed SPF and DKIM protocols (Visible From: domain + SPF + DKIM), adding a reporting function that allows senders and receivers to improve and monitor protection of the domain from fraudulent email.
Each MBP has its own rules, some providers check all items, others just a few. For this reason, it is strongly recommended to keep all entries implemented to mitigate any possible issue.