Email authentication

Email authentication helps validate who is sending emails. Email authentication methods can help protect your domain, your brand, your reputation, as well as help improve deliverability overall.

Email authentication helps to reduce the effectiveness of two types of malicious attacks:

  • Spoofing: A method of forging another entity's identity (for example the from address) onto an email so that users will open a message.
  • Phishing: A method of tricking recipients into giving out personal information, such as credit card numbers or account passwords. Often this involves spoofing the origins of the email and the attacker poses as a familiar and trusted contact, such as a bank, a credit card company, or a familiar merchant.

The key methods of email authentication used today are:

Oracle Eloqua supports all of these authentication protocols.

Sender Policy Framework (SPF)

SPF is an open standard for preventing sender address forgery. Senders publish a record in the Domain Name System (DNS). The SPF record consists of a list of IP addresses that are authorized to send email for that domain. ISPs can then verify a sender by cross checking the domain in the from address against the registered DNS record. By declaring authorized IP addresses, companies can help prevent email address forgery.

As part of the DNS setup when deploying Oracle Eloqua for your organization, your IT department created SPF records for your organization's sub-domains and Oracle Eloqua IP addresses.

See this knowledge base article for more information on how to implement SPF.

Domain Keys Identified Mail (DKIM)

DKIM is a cryptographic signature-based method to authenticate email senders. With DKIM, email senders generate public and private key pairs. The public key is published to DNS records, and the matching private keys are stored in a sender's outbound email servers.

When emails are sent, the private keys generate message-specific signatures that are added to additional embedded email headers. ISPs that authenticate using DKIM look up the public key in the public DNS record. ISPs can then verify that the signature in the email header was generated by the matching private key.

This method ensures that an authorized sender actually sent the message, and that the message headers and content were not altered during transit. Most major ISPs, such as AOL, Gmail, Hotmail, and Yahoo! use DKIM authentication.

To implement DKIM, your organization must purchase a Branding & Deliverability package and request DKIM signing. You can request DKIM signing on 3-20 domains, depending on the package you’ve purchased. These are the domains used in the from address for emails sent from Oracle Eloqua. To purchase a Branding & Deliverability package, contact your account representative. To request DKIM signing, please log in to My Oracle Support  and create a service request.

See this knowledge base article for more information on how to implement DKIM.

Domain-Based Message Authentication Reporting (DMARC)

DMARC standardizes how email receivers perform email authentication using the SPF and DKIM mechanisms. It allows a sender to indicate within its DNS record that its email is protected by SPF or DKIM. Senders can specify within the DNS record what the ISP should do if the authentication attempts using SPF or DKIM fail.

We recommend that you implement DMARC. To do so, you must work with your IT department and implement a sub-domain with the name _dmarc.

See this knowledge base article for more information on how to implement DMARC.

Transport Layer Security (TLS)

TLS refers to encryption of web traffic between Oracle’s server and the recipient’s server. TLS enhances the privacy between sender and recipient.

Normal email traffic is not encrypted. This leaves the risk that snoopers could easily intercept messages in transit. TLS ensures all communication is scrambled in such a way that messages cannot be snooped easily.

Oracle Eloqua implements best-effort TLS for all customers so that email traffic is encrypted whenever the remote server supports encryption.

Learn more

Email deliverability

dkim.org

dmarc.org