When email was invented using the UNIX-based, Simple Mail Transfer Protocol or SMTP there was no way to authenticate the send, so it became easy for sender details to be forged, or “spoofed.” Spammers and phishers take advantage of this by posing as banks, auction sites, energy companies, etc. to steal money or spread malicious software, employ phishing or other deception when sending email. In addition to harming the recipients of these scam emails, the companies and brands that have been impersonated are also harmed.
As Carly Brantz, SendGrid explains, “Email authentication allows ISPs to properly identify the sender of the email so it can make smarter decisions about the delivery of your mail. Authentication has become a best practice for email senders since spammers have gotten really smart about disguising malicious email under the veil of a trusted brand.”
Gmail, Outlook.com, Yahoo and other email services use email authentication to help determine if something is spam, or is worth blocking completely to protect their users. As such, any unauthenticated email, no matter how legitimate the content, runs the risk of ending up in someone’s spam folder. So your company email runs the risk of ending up in the spam or junk folder if your domain email is not authenticated. Many services like Gmail even include a warning message that the contents of the email or its attachment(s) may be suspicious or actually contain virus or malware. Gmail has instructions on authenticating a message if you need to.
You would hope that the email service you’re using would come with authentication, but unfortunately, that is not always the case. You have to take steps to have your domain email authenticated and this is especially true if your company uses transactional email (email marketing or the act of sending a commercial message, typically to a group of people).
Most major companies authenticate their email using SPF, DMARC and DKIM. There are other authentication options but these three are the most popular and widely used. Connectech’s G Suite clients have the ability to set up these three services for all domain email following detailed instructions from Google. Connectech provides these services to our clients so that their email is authenticated for sending/receiving and safe from spoofing attempts. Connectech recommends Virtru for G Suite to authenticate email. Contact us for assistance.