A colleague read my recent post and asked me how marketers could prevent spammers from spoofing their domains. In other words, it's pretty hard to fake an IP address, but isn't it easy to fake a "from" field and domain? (For example, Outlook Express easily allows me to put "bnussey@whitehouse.gov" in the from field.)

The solution lies in some recent technology advancements that come with easy-to-remember names like DKIM and Sender ID. These solutions provide a way for receiving email servers to validate that an incoming message is REALLY from the domain it claims to be. They are pretty foolproof and ensure that only the REAL whitehouse.gov can validate messages that purport to be from that domain. As long as the receiving email server goes through the trouble to check, it can always be sure that the sender is legitimate.

For those of you curious how this would work, read on. (For everyone else, thanks for checking in <grin>.)…

The authentication techniques work on top of one of the fundamental building blocks of the Internet—the domain name system (better known as DNS). You see, when Internet-connected computers talk to each other, they only do so using IP addresses—things like URLs are a convenience for we human beings. While it's invisible to users, every time you enter a Web URL or send an email to, say, whitehouse.gov, your browser quickly goes out and checks a DNS server to get the underlying IP address. DNS information is tightly controlled and is generally only updatable by the company that owns the domain. Email authentication solutions add an additional piece of information on the DNS record that can only be updated by the domain owner. When an email domain is being validated, the receiving email server simply checks out the DNS records for that domain and confirms that the authentication "key" matches the one in the email. That's it.