Email authentication

Email authentication, or validation, is a collection of techniques aimed at providing verifiable information about the origin of email messages by validating the domain ownership of any message transfer agents (MTA) who participated in transferring and possibly modifying a message.

The original base of Internet email, Simple Mail Transfer Protocol (SMTP), has no such feature, so forged sender addresses in emails (a practice known as email spoofing) have been widely used in phishing, email spam, and various types of frauds. To combat this, many competing email authentication proposals have been developed. By 2018^[update] three had been widely adopted – SPF, DKIM and DMARC.^[1]^[2] The results of such validation can be used in automated email filtering, or can assist recipients when selecting an appropriate action.

This article does not cover user authentication of email submission and retrieval.

^ Hang Hu; Peng Peng; Gang Wang (2017). "Towards the Adoption of Anti-spoofing Protocols". arXiv:1711.06654 [cs.CR].
^ kerner, Sean Michael (2 January 2018). "DMARC Email Security Adoption Grows in U.S. Government". eWeek. Retrieved 24 November 2018.

[1] Hang Hu; Peng Peng; Gang Wang (2017). "Towards the Adoption of Anti-spoofing Protocols". arXiv:1711.06654 [cs.CR].

[2] rner, Sean Michael (2 January 2018). "DMARC Email Security Adoption Grows in U.S. Government". eWeek. Retrieved 24 November 2018.

[1]

[2]