How does email authentication work? The most common schemes today -- SPF, SenderID, and DomainKeys -- use the Domain Name System (DNS) to publish ?records.? Each record, which is available to the entire Internet community, details the specific machines that are authorized to send mail for a specific email domain.

Before a message arrives in a user?s email inbox, the receiving email server can attempt to verify that the mail is coming from an authorized source by checking email authentication records. Suppose a spammer forges your domain in his spam message. Unless he has hacked your network (a different, and bigger, problem) he is transmitting messages from IP addresses different from yours. When he sends his forged message, a receiver who checks for email authentication records will query for your domain?s records in DNS to determine your authorized mail sending hosts. Since your records won?t include the spammer?s IPs, the receiver can now take greater precautions in handling the message: rejecting it outright, subjecting it to spam-filtering technologies, or directing it straight to a junk folder.

Ge the full story at Return Path Solutions