What’s the best way to authenticate email senders

Question

I&rsquo;m looking for a way to verify the sender of an email by the recipient that is easy use by non-technical users and is cross platform.Using something like GPG email signing is not something I can ask our accounting or marketing team to reliably and securely do on their own (especially when everyone is working remotely).

LinuxBender · Accepted Answer

If your accounting and marketing team are using a mail provider that DKIM signs their emails that would be the most standard and widely adopted method I know of. Each mail provider has different options for what to do with DKIM validation results but most will allow for quarantine, reject, put in a folder, or do nothing based on DKIM/SPF/DMARC results and based on the DMARC rules you create for your domains.
LearnDMARC [1] was posted here recently and can show you how this is validated.
[1] - https://www.learndmarc.com/

toast0 · Answer

What are you trying to solve by verifying the sender?
DMARC and friends can help verify the sender was authorized to use the address if setup in the right ways, but that doesn't mean that the address it was sent from is the person the recipient expected.
Especially in today's email clients that don't show the sender address a lot of the time.