Email authentication is a way to ensure that an email provider will be able to recognize the sender of an incoming message and fight spam and abuse. You can use authentication data to verify the source of any message that you receive. For example, if you receive a message from a big sender (like a financial institution, or a major email provider, like Google, Yahoo or Hotmail) that isn’t authenticated, this message is most likely forged and you should be careful about replying to it or opening any attachments.More on authentication methods
DKIM allows the sender to electronically sign legitimate emails in a way that can be verified by recipients using a public-key.
If you're receiving mail
Recipients can use authentication to verify the source of an incoming message and avoid phishing scams. For example, if you see messages claiming to be from google.com, but are not properly authenticated as coming from google.com, these are phishing messages. You should not enter or send any personal information. Remember, Google will never ask you to send personal information.
You can view the authentication information by opening a message and clicking on the 'show details' icon below the sender's name .
- If a message was correctly DKIM signed, a 'signed-by' header with the sending domain will appear.
- If a message was SPF authenticated, a 'mailed-by' header with the domain name will appear.
- If no authentication information exists, there will be no signed-by or mailed-by headers.
You can still view authentication information by looking at the authentication header in the message headers. Learn how to access your message headers.
Once you obtain the message headers, look for the ‘Authentication-Results’ header. If the message was successfully authenticated by SPF or DKIM, it will say ‘spf=pass’ and ‘dkim=pass’
Authentication-Results: mr.google.com; spf=pass (google.com: domain of firstname.lastname@example.org designates 10.90.20.10 as permitted sender) email@example.com; dkim=pass firstname.lastname@example.org
If you’re a sending domain
Authentication is highly recommended for every mail sender to ensure that your messages are correctly classified. For other recommendations see our Bulk Senders Guidelines.
Authentication by itself is not enough to guarantee your messages can be delivered, as spammers can also authenticate mail. Gmail combines user reports and other signals, with authentication information, when classifying messages.
Similarly, the fact that a message is unauthenticated isn’t enough to classify it as spam, because some senders don’t authenticate their mail or because authentication breaks in some cases (for example, when messages are sent to mailing lists).
Learn more about how you can create a policy to help control unauthenticated mail from your domain.
Vivian is a Gmail expert and the author of this help page. Leave her feedback about this help page.