About

By default, the SMTP protocol does not have any authentication mechanism when the email is received.

There may be an authentication when you try to send but not when you receive.

Authentication mechanism

To prevent spoofing and spam, 2 authentication mechanisms have been created:

• SPF that check if the sender sends from a known host for the domain
• DKIM that signs the message that can be controlled with a public certificate.

Fix messages that aren't authenticated

If you get a message that your emails are not authenticated, you should:

• at least implement DKIM (preferred)
• and SPF.

Unauthenticated messages and spam classification

Because spammers can also authenticate emails, authentication by itself isn't enough to guarantee that your messages can be delivered, but Unauthenticated messages are very likely to be rejected or classified as spam.

How to monitor

You can monitor the authentication:

• by receiving DMARC reports if you set an email in your dmarc record
• by checking the Email Provider tools Gmail Postmaster tool.