HomeBlogEmail Authentication Glossary: Complete A-Z Reference
Guidesglossaryreferencedefinitionsemail authenticationterminology

Email Authentication Glossary: Complete A-Z Reference

Comprehensive glossary of email authentication terms. Learn the definitions of DMARC, SPF, DKIM, BIMI, and 100+ other email security terms.

MailSentinel Team

Author

November 30, 20248 min read

Email Authentication Glossary: Complete A-Z Reference

A comprehensive glossary of email authentication and email security terminology. Bookmark this page for quick reference.

A

Aggregate Report (RUA)

Daily XML reports sent by email receivers containing summarized DMARC authentication results. These reports show pass/fail rates, sending sources, and authentication details.

Alignment

In DMARC, alignment refers to whether the domain in the From: header matches the domain authenticated by SPF or DKIM. Can be "strict" (exact match) or "relaxed" (organizational domain match).

Anti-Spoofing

Technologies and practices designed to prevent email spoofing, including SPF, DKIM, and DMARC.

Authentication

The process of verifying the identity of an email sender. Email authentication uses SPF, DKIM, and DMARC protocols.

Authenticated Received Chain (ARC)

A protocol that preserves authentication results across email forwarding. Helps maintain DMARC alignment when emails pass through mailing lists or forwarders.

B

BIMI (Brand Indicators for Message Identification)

A standard that allows brands to display their logo in email clients for authenticated messages. Requires DMARC at enforcement.

Blacklist (Blocklist)

A list of IP addresses or domains known to send spam or malicious email. Being on a blacklist can severely impact deliverability.

Body Hash (bh=)

In DKIM, a hash of the email body used to verify the message hasn't been altered in transit.

Bounce

An email that couldn't be delivered and is returned to the sender. Can be "hard" (permanent) or "soft" (temporary) bounces.

Bulk Sender

A sender who sends large volumes of email. Google/Yahoo define bulk senders as those sending 5,000+ emails/day to their users.

C

Canonicalization

In DKIM, the process of standardizing email content before signing to account for minor modifications during transit. Can be "simple" or "relaxed."

Certificate Authority (CA)

An organization that issues digital certificates, including those used for BIMI VMCs and TLS.

CNAME Record

A DNS record that creates an alias from one domain name to another. Often used for DKIM configuration.

Complaint Rate

The percentage of emails marked as spam by recipients. Google/Yahoo require complaint rates below 0.3%.

D

DKIM (DomainKeys Identified Mail)

An email authentication method using cryptographic signatures to verify the sender and ensure the message hasn't been altered.

DKIM Selector

An identifier in DKIM that allows multiple keys for the same domain. The selector is part of the DNS lookup for the public key.

DMARC (Domain-based Message Authentication, Reporting & Conformance)

An email authentication protocol that builds on SPF and DKIM. DMARC specifies how receivers should handle authentication failures and provides reporting.

DMARC Policy

The action specified in a DMARC record for handling failed authentication: none (monitor), quarantine (spam folder), or reject (block).

DNS (Domain Name System)

The system that translates domain names to IP addresses. Email authentication records (SPF, DKIM, DMARC) are stored in DNS.

DNS Lookup

A query to the DNS system. SPF has a limit of 10 DNS lookups.

Domain Reputation

A score assigned to a domain based on its email sending history, spam complaints, and authentication practices.

E

Email Gateway

A server that processes email before delivery, often performing security checks, filtering, and routing.

Email Service Provider (ESP)

A company that provides email delivery services, such as SendGrid, Mailchimp, or Amazon SES.

Envelope From (Return-Path)

The email address used for delivery status notifications, which may differ from the visible From: header.

Envelope Sender

See Envelope From.

F

Fail (SPF/DKIM/DMARC)

An authentication result indicating the email did not pass the authentication check.

Feedback Loop (FBL)

A service provided by ISPs that notifies senders when recipients mark their emails as spam.

Forensic Report (RUF)

Detailed reports sent by email receivers containing information about individual emails that failed DMARC authentication.

From Header

The visible "From:" field in an email that recipients see. DMARC alignment checks this against authenticated domains.

G

Gateway

See Email Gateway.

Gmail Postmaster Tools

Google's free tool for monitoring email delivery to Gmail, including spam rates and domain reputation.

H

Hard Fail (-all)

In SPF, a result indicating the sender is not authorized and the email should be rejected.

Metadata in an email containing routing information, timestamps, and authentication results.

HELO/EHLO

Commands used by mail servers to identify themselves during the SMTP handshake.

HTML Email

Email formatted with HTML markup, allowing rich formatting, images, and links.

I

Identifier Alignment

See Alignment.

Include Mechanism

In SPF, a directive that references another domain's SPF record, allowing you to authorize third-party senders.

Inbox Placement Rate

The percentage of emails that arrive in the recipient's inbox (not spam folder).

IP Address

A numerical address identifying a device on a network. Email authentication often involves authorizing specific IP addresses.

IP Reputation

A score assigned to an IP address based on its email sending history.

J

JSON (JavaScript Object Notation)

A data format used for TLS-RPT reports and some DMARC report formats.

K

Key Pair

In DKIM, the private key (used for signing) and public key (published in DNS for verification).

Key Rotation

The practice of periodically replacing DKIM keys to maintain security.

L

List-Unsubscribe

An email header that enables one-click unsubscribe functionality. Required by Google/Yahoo for bulk senders.

Lookup

See DNS Lookup.

M

Mail Server

A server that sends, receives, or relays email messages.

Mail Transfer Agent (MTA)

Software responsible for transferring email between mail servers.

Mailbox Provider

A company that provides email services to end users (Gmail, Outlook, Yahoo, etc.).

MTA-STS (Mail Transfer Agent Strict Transport Security)

A protocol that enforces TLS encryption for email delivery.

MX Record

A DNS record specifying the mail servers responsible for receiving email for a domain.

N

Neutral (SPF)

An SPF result indicating no statement about authorization (neither pass nor fail).

None Policy

A DMARC policy (p=none) that monitors authentication without affecting delivery.

O

One-Click Unsubscribe

A mechanism allowing recipients to unsubscribe with a single click, without visiting a webpage. Required by Google/Yahoo.

Organizational Domain

The registerable domain (e.g., example.com) used for relaxed DMARC alignment. Subdomains share their organizational domain.

P

Pass (SPF/DKIM/DMARC)

An authentication result indicating successful verification.

PCT (Percentage)

In DMARC, a tag specifying what percentage of failing emails should have the policy applied.

Permerror

A permanent error in SPF evaluation, typically due to syntax errors.

Phishing

Fraudulent emails designed to steal sensitive information by impersonating legitimate senders.

Policy

See DMARC Policy.

Postmaster

An email address (postmaster@domain.com) for receiving email delivery issues. Also refers to administrators of email systems.

Private Key

In DKIM, the secret key used to sign outgoing emails. Must be kept secure.

PTR Record

A DNS record used for reverse DNS lookups, mapping IP addresses to domain names.

Public Key

In DKIM, the key published in DNS that receivers use to verify signatures.

Q

Quarantine

A DMARC policy (p=quarantine) directing receivers to treat failed emails as suspicious (typically to spam folder).

R

Reject

A DMARC policy (p=reject) directing receivers to reject emails that fail authentication.

Relaxed Alignment

DMARC alignment mode where the organizational domains must match (e.g., mail.example.com aligns with example.com).

Report (DMARC)

See Aggregate Report or Forensic Report.

Reputation

See Domain Reputation or IP Reputation.

Return-Path

See Envelope From.

Reverse DNS

A DNS lookup that maps an IP address to a domain name.

RFC (Request for Comments)

Technical standards documents. Email authentication protocols are defined in RFCs.

RUA (Reporting URI for Aggregate)

The email address specified in DMARC for receiving aggregate reports.

RUF (Reporting URI for Forensic)

The email address specified in DMARC for receiving forensic reports.

S

Selector

See DKIM Selector.

Sender Policy Framework

See SPF.

Signature

In DKIM, the cryptographic signature added to email headers to prove authenticity.

SMTP (Simple Mail Transfer Protocol)

The protocol used for sending email between mail servers.

Soft Fail (~all)

In SPF, a result indicating the sender is probably not authorized, but the email shouldn't necessarily be rejected.

Spam

Unwanted bulk email.

Spam Trap

An email address used to identify spammers. Sending to spam traps damages sender reputation.

SPF (Sender Policy Framework)

An email authentication method using DNS records to specify which IP addresses are authorized to send email for a domain.

Spoofing

Sending email with a forged From: address to impersonate another sender.

Strict Alignment

DMARC alignment mode where domains must match exactly (subdomains don't align with the root domain).

Subdomain

A domain that's part of a larger domain (e.g., mail.example.com is a subdomain of example.com).

T

Temperror

A temporary error in SPF evaluation that may resolve on retry.

TLS (Transport Layer Security)

Encryption protocol used to secure email transmission between mail servers.

TLS-RPT (TLS Reporting)

A standard for receiving reports about TLS delivery failures.

TTL (Time To Live)

The duration a DNS record can be cached before needing to be refreshed.

TXT Record

A DNS record type used for SPF, DKIM public keys, and DMARC records.

U

Unsubscribe

The process of removing oneself from an email list. See also List-Unsubscribe.

V

Validation

The process of verifying email authentication (SPF, DKIM, DMARC).

VMC (Verified Mark Certificate)

A digital certificate required for BIMI in Gmail and Apple Mail, proving trademark ownership.

W

Warm-up

The process of gradually increasing email volume from a new IP or domain to build reputation.

Webhook

An HTTP callback that sends real-time notifications when events occur (e.g., authentication failures).

X

XML (Extensible Markup Language)

The format used for DMARC aggregate reports.

Additional Resources

Start Monitoring Your Authentication →

Back to all articles

Related Articles

Guides

Cold Email Authentication Quick Reference: SPF, DKIM, DMARC for Sales Teams

Quick reference guide for cold email authentication. Fast lookup for SPF, DKIM, and DMARC setup for Instantly, Smartlead, Email Bison, and other tools.

3 min read
Guides

Complete Email Authentication Checklist: Your Step-by-Step Guide

Download our free comprehensive email authentication checklist. Ensure your domain is properly configured with SPF, DKIM, and DMARC for maximum deliverability.

7 min read
Guides

DMARC FAQ: Frequently Asked Questions About Email Authentication

Answers to the most common questions about DMARC, SPF, DKIM, and email authentication. Get clear explanations for beginners and experts.

7 min read

Protect your domain with MailSentinel

Monitor DMARC, SPF, and DKIM in real-time. Get instant alerts when issues arise and improve your email deliverability.