*** Welcome to piglix ***

E-mail authentication


Email authentication, or validation, is a collection of techniques aimed at equipping messages of the email transport system with verifiable information about their origin. It is a coarse-grained authentication, usually at Administrative Management Domain (ADMD) level or Message transfer agent level, and implies no sort of authorization. That is, the purpose of email authentication is to validate the identities of the ADMDs or MTAs who participated in transferring and possibly modifying a message. The results of such validation can then be used in email filtering, and can assist recipients when selecting an appropriate action or reply to an incoming message.

This article does not cover user authentication, although it is ubiquitous in networking, including email submission and retrieval.

In the early 1980s, when (SMTP) was designed, it provided for no real verification of sender. Email authentication is a necessary first step towards identifying the origin of messages, and thereby making policies and laws more enforceable. However, it does not establish whether an ADMD has a good reputation or whether it should be trusted.

This coarse-grain, domain-level authentication relies on ADMDs being able to control their users' behavior, blocking those who engage in spam, phishing, and even more serious crimes. ADMDs identify their users individually —that is, use fine-grain authentication— in order for their mail submission agents to block effectively. An ADMD can still grant a relative level of anonymity to its users, so long as they comply with its policy.

Other fine-grain authentication schemes, such as S/MIME and PGP, are used to implement end-to-end encryption or authentication across ADMDs. Users are expected to work out their own policies and methods by themselves, which is so difficult that usage of those schemes is sparse.


...
Wikipedia

...