Silverpop - The Tech Behind Domain-based Authentication
It appears you are using an older version of your browser. This site was developed to be progressive and future-compatible. Please take a minute to upgrade your browser for an optimal experience.
Skip to content
  • Subscribe:

The Tech Behind Domain-based Authentication

Bill Nussey, Silverpop
by: Bill Nussey (@bnussey)
17 August 2009

A colleague read my recent post and asked me how marketers could prevent spammers from spoofing their domains. In other words, it's pretty hard to fake an IP address, but isn't it easy to fake a "from" field and domain? (For example, Outlook Express easily allows me to put "" in the from field.)

The solution lies in some recent technology advancements that come with easy-to-remember names like DKIM and Sender ID. These solutions provide a way for receiving email servers to validate that an incoming message is REALLY from the domain it claims to be. They are pretty foolproof and ensure that only the REAL can validate messages that purport to be from that domain. As long as the receiving email server goes through the trouble to check, it can always be sure that the sender is legitimate.

For those of you curious how this would work, read on. (For everyone else, thanks for checking in <grin>.)…

The authentication techniques work on top of one of the fundamental building blocks of the Internet—the domain name system (better known as DNS). You see, when Internet-connected computers talk to each other, they only do so using IP addresses—things like URLs are a convenience for we human beings. While it's invisible to users, every time you enter a Web URL or send an email to, say,, your browser quickly goes out and checks a DNS server to get the underlying IP address. DNS information is tightly controlled and is generally only updatable by the company that owns the domain. Email authentication solutions add an additional piece of information on the DNS record that can only be updated by the domain owner. When an email domain is being validated, the receiving email server simply checks out the DNS records for that domain and confirms that the authentication "key" matches the one in the email. That's it.


Sign up Now!

Subscribe to IBM Marketing Cloud's Digital Marketer Newsletter!

Popular Categories

Top 5 Posts


To give you the best experience, this website uses cookies.

Continuing to use this website means that you consent to our using cookies. You can change your cookie settings in your browser at any time.
Find out more here or by clicking the Cookie Policy link at the bottom of this page.