Email authentication encompasses a variety of techniques and measures that are designed to help recipients distinguish between an that truthfully claims to be from a particular sender and an email that is forged or otherwise falsified. Proper use of provides an increased level of security for both sender and recipient.

AUTHENTICATION AND ISPS The goal of email authentication is to improve confidence in the authenticity of email messages in order to improve overall confidence in email as a trustworthy communications channel. Several ISPs have made it clear that in order to gain reliable delivery to the inbox, instead of delivery to bulk or "spam" folder, authentication is required. The measures of authentication required will vary from ISP to ISP and is determined by the individual ISP’s policy.

AUTHENTICATION AND SPAM/SPOOFING/ Authentication can reduce the impact of spam, spoofing, and phishing attacks. This helps protect the integrity of the domain owner's brand.

• Spoofing - method of forging another entity's identity (e.g., the "From" address) onto an email in order to get users to open a message • Phishing - method of tricking recipients into giving out personal information, such as credit card numbers or account passwords, often by spoofing the origins of the email (e.g., a user's bank, credit card company, or familiar merchant)

Several senders who have been subject to chronic spoofing and phishing issues have declared that recipients may safely discard any email claiming to be from their domains if valid authentication is not present in the message.

KEY MEASURES

The key measures of email authentication used today are Sender Policy Framework (SPF), Domain Keys Identified Mail (DKIM), Domain-based Message Authentication Reporting and Conformance (DMARC), and Security (TLS).

Disclaimer: This document is for informational purposes. It is not a commitment to deliver any material, code, or functionality, and should not be relied upo in making purchasing decisions. The development, release, timing, and pricing of any features or functionality described in this document may change and remains at the sole discretion of Oracle Corporation.

1 BRIEF / Authentication Deliverability Intelligence

Sender Policy Framework (SPF) SPF is an IP-based process that enables the verification of a sender's IP address by cross-checking the domain in the email address listed in the visible "Mail From" line of an email against the published record a sender has registered in the System (DNS). An SPF record consists of a list of computer servers or IP addresses that senders indicate are "authorized" to send email for that domain. By publishing an SPF record for a domain, that domain is declaring which IP addresses are authorized to send out email claiming to be from that domain.

DomainKeys Identified Mail (DKIM) DomainKeys Identified Mail is a cryptographic signature-based type of email authentication. DKIM requires email senders' computers to generate "public/private key pairs" and then publish the public keys into their (DNS) records. The matching private keys are stored in a sender's outbound email servers, and when those servers send out email, the private keys generate message-specific "signatures" that are added into additional, embedded email headers. ISPs that authenticate using DKIM look up the public key in DNS and then can verify that the signature was generated by the matching private key. This ensures that an authorized sender actually sent the message, and that the message headers and content were not altered in any way during their trip from the original sender to the recipient.

Domain-based Message Authentication, Reporting and Conformance (DMARC) DMARC Standardizes how email receivers perform email authentication using both of the well-known SPF and DKIM mechanisms. It allows a sender to indicate within its DNS record that its email is protected by SPF and/or DKIM. If neither of those authentication methods pass, the sender can specify the actions a receiver should take (i.e. quarantine or reject the message). DMARC helps senders experience consistent authentication results for their messages at AOL, Gmail, Hotmail, Yahoo! and any other email receiver implementing DMARC.

Transport Layer Security (TLS) TLS refers to encryption of web traffic between Oracle’s and the recipient’s server. TLS enhances the privacy between sender and recipient. Normal email traffic is not encrypted. Messages can be intercepted in transit by snoopers easily. But by using TLS, all communication is scrambled in such a way that messages cannot be snooped easily. For Eloqua customers, TLS is set up to be enabled for all domains that are being sent to. So all customers using Eloqua are already receiving the benefit of TLS.

ADDITIONAL RESOURCES SPF: http://www.openspf.org/ Google Transparency Report: ://www.google.com/transparencyreport/saferemail/ DKIM: http://dkim.org DMARC: http://dmarc.org

Copyright © 2019, Oracle and/or its affiliates. All rights reserved.

2 BRIEF / Authentication Deliverability Intelligence