Skip to main content
No Auth, No Entry

No Auth, No Entry

Ecosystem NewsEmail Security Insights

The phrase No Auth, No Entry is being used to communicate what will soon be required to get email delivered into Gmail.  The Auth part refers to email authentication, and the No Entry part means “we won’t deliver what you’re sending us if you’re not using email auth technology.”

Email authentication addresses a long-standing problem with email: it’s easy to fake where a piece of email says it comes from. The other side of this coin is that—without the presence of email auth—there isn’t a reliable way to determine if email really comes from where it purports to come from.

This problem forces email receivers—like Gmail—to guess if email is real. Although risks related to guessing can be reduced by using sophisticated technologies like anti-spam engines, crowd-sourced filtering, and IP address reputation systems, malicious email (such as phishing) still finds its way through and causes real damage. Even worse, this fundamental unreliability prevents the email user experience from moving beyond inboxes and spam folders.

By requiring email auth, Gmail is moving beyond guessing to build more robust filtering capabilities and better user experiences.

DMARC ties together existing email auth technology and brings consistency to how the technologies are deployed and checked. Email auth is implemented today by sending DMARC-compliant email.

No Auth, No Entry will make DMARC compliance a requirement for anyone that wants to deliver email into Gmail.  (The use of email authentication already tops all of the “sender guidelines” published by the major webmail providers.)  If you’re not already sending DMARC-compliant email, consider going through the one-time upgrade to realize the current benefits of deploying DMARC.