Email Authentication

Email Authentication

What is email authentication?

Email Authentication is a security feature that verifies whether your domain is authorized to send emails. It helps reduce spoofing, phishing, and improves email deliverability. This setup involves DKIM and DMARC, which validate outgoing emails from your organization. 
Idea
Email Authentication helps ensure the deliverability of emails sent from Zoho People.  This also prevents emails from being marked as SPAM.

Understanding the email authentication page and the domains listed here

The Email Authentication page displays the list of domains that Zoho People may use as the "From address" when sending email notifications. These domains are automatically added by the system to support DKIM (DomainKeys Identified Mail) authentication, which enhances email deliverability and helps prevent spoofing.
Alert
Important Notes:
  1. Users do not have the ability to manually add or remove domains from the "Email Authentication" page.
  2. Domains listed are added by the system based on your account configuration. This includes domains currently used by active users in your Zoho People account, as well as verified domains associated with email addresses added under the "From Addresses" section. These addresses may have been manually added through CAPTCHA verification or are actively used to send email notifications from Zoho People.
  3. Public domains (e.g., gmail.com, outlook.com) are intentionally excluded, as DKIM cannot be configured for such domains.

Access email authentication settings

To access and configure Email Authentication:
  1. Navigate to: Settings > Manage Accounts > Organization Setup > Email Authentication
  2. You'll see a list of domains associated with your organization, along with their Authentication Status and DMARC setup status.


What domains will be listed here?

  1. Domains currently in-use by active users of your Zoho People accounts.
  2. Verified domains of email IDs added in the "From Addresses" page and manually added through CAPTCHA-verification. (i.e, Email IDs that are used to send email updates from Zoho People). 
  3. Public email domains will no be listed here (example: gmail.com, outlook.com)

DKIM Authentication

What is DKIM authentication, and why is it necessary?

DKIM (DomainKeys Identified Mail) is an email authentication method that helps verify the legitimacy of emails by using cryptographic signatures. It allows companies to take responsibility for their emails while enabling mailbox providers to verify the sender’s identity and ensure the message's integrity.

When an email is sent, DKIM adds a digital signature to the email header. This signature is created using a private encryption key. The recipient’s mail server then checks this signature using a public key published in the sender’s domain’s DNS records.

By verifying this signature, DKIM ensures that:
  1. The email actually comes from the claimed sender.
  2. The message has not been altered during transmission.
This helps prevent spammers from forging emails to impersonate legitimate senders and allows authorized third-party services to send emails on behalf of a company without being flagged as spam.
WarningALERT!
To ensure compliance with the latest security protocols, please note that all ‘from’ email addresses in your Zoho People account are using DKIM-authenticated domains. Only addresses that use DKIM authenticated domains can be used as ‘from’ addresses going forward.
Notes
NOTE
If DKIM Authentication is not performed, the default from address: noreply@zohopeople.com
 will be used as the default and only from address for all emails sent from Zoho People.

Steps to configure DKIM for a domain or from address 

  1. Navigate to Settings > Manage Accounts > Organization Setup > Email Authentication
  2. Click on the DKIM Details link for the domain that you would like to authenticate.


  3. You will see a series of steps within the product, which involves updating the DKIM data in DNS as a TXT record.


  4. Once the TXT is added successfully, allow some time for the changes to be reflected in the DNS servers.
  5. Ensure DKIM data has been updated properly. This may take a while.
  6. Click Validate Authentication to verify authentication.
Once "Validate Authentication" is clicked and authentication is verified the indicator will be change to Authenticated.


Understanding DMARC

DMARC (Domain-based Message Authentication, Reporting & Conformance)
DMARC works in conjunction with DKIM and SPF to enforce email validation policies. It tells receiving mail servers how to handle unauthenticated emails from your domain (e.g., reject or quarantine them).
Info
Domains without a DMARC policy will display DMARC not set.
It’s highly recommended to configure a DMARC record for all active domains to prevent spoofing and improve email security.
Warning
It’s essential that all listed domains are DKIM authenticated and have a DMARC policy set for optimal email delivery and security.