Online Trust Alliance (OTA)

Anti-Malvertising l Data Breach Response l DNSSEC l Email Authentication l EV SSL Certificates l Glossary

Email Authentication

Adoption Reports Deployment Support Implementation Tools DMARC Additional Reading

Summary of Email Authentication Standards & Normative References (updated May 2, 2011)

Resource Glossary (updated May 2, 2011)

OTA SPF Look Up Tool
Provides the ability to check lists of up to 500 domains for analysis, for SPF, Sender ID and DMARC Policy records. Developed by Return Path for OTA. Updated March 1, 2012

SPF / Sender ID Record Wizard
Comprehensive tool to create SPF and Sender ID records and check DNS of sites for txt records. includes the ability to add IP addresses of third parties authorized to send mail on your behalf. Hosted by Microsoft

Summary of Email Authentication Standards & Normative References (updated Sept 15, 2010)

Email Authentication Academy Training (Members only - updated Sept 23, 2010)

DomainKeys Identified Mail (DKIM) - DKIM is a cryptographic signature-based email authentication standard for for validating a domain identity that is associated with a message. The base DKIM specification has been approved by IETF as a proposed standard; some answers to Frequently Asked Questions about DKIM is available at http://testing.dkim.org/info/dkim-faq.html. Historically, DKIM is a synthesis of earlier specifications from Yahoo! (DomainKeys) and Cisco (Identified Internet Mail).

Open SPF - Established in late 2004, the SPF Council continues its efforts to make SPF a widely accepted standard on the Internet

Sender ID Framework - Overview of the SenderID Framework (SIDF), including presentations, white papers and technical specifications. SIDF reflects the combined specifications of SPF and Microsoft's Caller ID for email proposal. (Hosted by Microsoft Corporation)

SPF Record Test Tool - Retrieves SPF records for the specified domain name and determines if the record is valid

Use of PTR / Reverse DNS look up
Several readers have inquired on the use of a PTR or reverse DNS lookup. OTA strongly encourages site owners to follow the warning as published in the IETF RFC and NOT use a PTR; The specification for SPF records (RFC 4408 see below) discourages use of "ptr" for performance and reliability reasons. This is especially important for large ISPs as a result of the very high volume of mail they receive each day. We recommend you remove the "ptr" mechanism from your SPF record and, if necessary, replace it with other SPF mechanisms that do not require a reverse DNS lookup, such as "a", "mx", "ip4" and "include." This will help ensure the validation is performed as accurately as possible.

DomainKeys Identified Mail (DKIM)

DKIM.ORG

DKIM Tools & Reflectors

Authentication Metrics - auth-test@authmetrics.com (OTA Member Company)
eCert - eCertTest@ecerttest1.com (OTA Member Company)
Return Path - checkmydkim@auth.returnpath.net (OTA Member Company)
Truedomain - authtest@fastmail.fm (OTA Member Company)
Alt-N: dkim-test@altn.com
Port25: check-auth@verifier.port25.com
Port25 DKIM Wizard
Sendmail: sa-test@sendmail.net

Listing of companies and resources is based on factual data and does not constitutes and endorsement by OTA or its members and affiliates. Data is provided for information purposes; it is current at time of publishing. To report updates, email staff@otalliance.org,.