How does Email Authentication Work?

When you send an email, it's easy to spoof your identity and make it look like you wrote something else entirely. This can be used maliciously—for example, to get people to click on links or open attachments they wouldn't otherwise open—or simply as a joke or an attempt at humor. 

Email authentication helps prevent these kinds of things from happening by ensuring that the email you received came directly from its purported sender.

The email authentication process is as follows: 
 

• It all starts with the implementation of one or more email authentication protocols. These are essentially a set of instructions that can help verify the authenticity of email messages and senders. 
   
• These instructive policies need to be published by the email sender on his Domain Name System (DNS).
   
• When an email leaves the sender’s MTA and is received by the receiver’s MTA, a lookup is performed on the sender’s DNS to locate these published instructions.
   
• When located, the receiving MTA follows these instructions to validate the sender and contents of the email. 

• After validation, the receiver rejects, quarantines, or accepts the email as per the published instructions and status of authentication (fail/pass). 

Authentication Fail denotes that the sender is malicious, and the message isn’t originating from a trusted source or the one that it claims to be. 

Authentication Pass denotes that the sender is authorized to send the message from the respective email domain.