Things don’t always go well on the Internet. Spam, phishing, an- in-the-middle attacks, spoofing, the list of bad guys on the net and their sophisticated methods is long. And in almost all cases, this is a means that we all use daily, email …
For understandable reasons, cybercriminals do not use their own identity as the sender. Rather, they like to use renowned companies and brands, often banks, payment services, online stores or delivery companies. In principle any brand can be affected.
There are so many pitfalls that it becomes so suspicious that many Internet service providers (ISPs) check an email very carefully before it is forwarded to its customers, the recipients of the email. Particularly small ISPs even go so far as to reject all incoming email and return a bounce code, hoping that serious senders will make a second attempt to deliver greylisting). Other ISPs require authentication measures by email senders or certification of whitelisted senders (e.g. with the
Certified Senders Alliance CSA) to deliver emails.
This is a problem for brands, because they have a great interest in having their email also reach the recipient. Trust is the best gateway for ISPs. If ISPs classify an email sender as trustworthy, it is very likely that the email will also be delivered to the inbox. This trust, which Tobias Herkula, Manager Anti Spam Research Team at Cyren, calls “IT trust”, is earned first. And that’s where domain alignment comes in.
Domain alignment means that the domains used in Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) must at least partially match the source address of the email. SPF and DKIM are common specifications for email authentication and the source address is the email address that is displayed to the recipient of the email as the sender address. Simply put, in a conventional paper letter, the address of the sender on the envelope, the sender on the letter, and the signature under the letter would match. In fact, that goes without saying, or would you trust a letter with different addresses on the envelope and the letter?
However, it’s not quite that simple with emails, as many marketers rely on external service providers, email providers, for their deliveries. And at the latest then the source address in the email header and the physical address no longer match and the alignment of the domain is no longer given.
In such a case, Sebastian Kluth, technical director of the Certified Senders Alliance (CSA), advises the domain holder to use a subdomain for sending via a messaging service provider, for which it is then easier to set up and align. If this domain alignment is given, it gives him a certain degree of confidence with ISPs.
Domain alignment is also a mandatory prerequisite for implementing Domain-based Message Authentication, Reporting and Conformance (DMARC), another authentication procedure supported by many large ISPs such as AOL, Microsoft or Google. The DMARC is based on the common specifications SPF and DKIM and makes the mails clearly identifiable for the ISPs. In addition, the sender (the brand) can determine how the ISP should deal with emails that appear to originate only from it.
For email marketers, a good reputation and therefore reliability are extremely important, as they have a direct influence on the deliverability of emails. Thanks to the implementation of the DMARC protocol and the alignment of the associated fields, brands can ensure that their identity is not abused and that their reputation is not seriously damaged. Email marketers should therefore discuss the DMARC issue with their email service provider. For more information on DMARC and domain alignment you can also visit the Certified Senders Alliance website at https://certified-senders.org/library/