An authenticated domain shows mailbox providers that the emails are genuine and not spam. To protect the users from receiving spam, Gmail checks whether the email sender domain is properly authenticated or not. If the email sender domain is not properly authenticated, then Gmail classifies it as spam and displays the warning messages.

Email authentication is about verifying that the domain used in the address is under the control of the sender. Through email authentication protocols, Internet service providers (ISPs) helps to protect your subscribers from phishing scams and spammers.

When an ISP is unable to authenticate a sender, the sender may face extra scrutiny that could lead to filtering. It means that if a company has an authentication problem then emails won’t make it into subscribers’ inboxes. Those emails will be identified as spam and will land into junk folders. So email authentication is an important tool and a must for all legitimate organizations today because it directly impacts email deliverability.

The following are email authentication methods. These authentication standards were designed to supplement the basic protocol used to send mail known as Simple Mail Transfer Protocol (SMTP). SMTP doesn’t have any authentication mechanisms.

• Sender Policy Framework (SPF)
  
  This authentication method verifies the envelope of the email, specifically the mail server that is sending the emails. The MAIL FROM identity means the email address that is responsible for sending the message. So when the organization sends an email, the recipient’s mail server will evaluate the sending IP addresses in the public Domain Name System (DNS) to be sure that it allows to send emails on behalf of the sender. Gmail uses SPF when checking authentication. 

• DomainKeys Identified Mail (DKIM)
  
  With DKIM, two corresponding “keys” are created. One is a public key that is stored in the DNS as text, and the other is a private key that is accessible just to the email server. So every time an email is sent,  a private key is included in the email message headers. When ISPs receive an email message in their servers, they can verify the public and private headers. This information is used to verify the sender and also checks that the email message was not changed in transit. Gmail is known to use DKIM when checking authentication. The DKIM authentication method, DomainKeys technology is combined with the Identified Internet Mail (IIM). DomainKeys verifies the domain of the mail sender by encrypting the mail header and replacing it with a hash value. The receiving end also encrypts the email and compares the hash values to be sure that they match. By using public-key cryptography, email senders add a domain name and signature to their emails and the signature is verified at the receiving end by using the DNS. 

• Domain Message Authentication Reporting & Conformance (DMARC)

DMARC email validation system is an email authentication, policy, and reporting protocol that is designed to identify spam as well as phishing mails and keep them out of inboxes. It builds on DKIM and SPF protocols, its adding linkage to the From domain, published policies that how recipients handle authentication failures, as well as reporting from receivers to senders. DMARC protects both email senders and recipients by helping them streamline the process and work together to avoid spammers and phishers. Gmail requires that email messages are DMARC compliant. DMARC helps to ensure that emails sent by spammers are using a sender’s domain and won’t affect the domain’s overall reputation. That’s why adding a DMARC record for a domain together with DKIM and SPF authentication will help to ensure your email deliverability.