What if someone could send a message, forge your brand, send from your email account, and break your email infrastructure? And what if we tell you that spammermmer can do all of these things when you fail to properly secure your email program?
Spammers have proven time and time again that they are ready to take the path of least resistance, which means that account security on your mail server must be at an all-time high.
Simple Mail Transfer Protocol (SMTP) remains one of the easiest ways to migrate from an on-premises email server to an email service provider, and is generally one of the easier ways to send email. (Do you need an SMTP refresher? Go here.)
The SMTP authentication protects your e-mail program against unauthorized use and possible spam.
As a communication channel, e-mail is only as good as the security you and your service provider use to protect your e-mail program. This is where SMTP authentication comes in.
SMTP authentication not only enables you to use the built-in scalability and functions of your SMTP service provider, but also protects your e-mail program and your account from unauthorized use and possible spam.
We’ll talk about what SMTP authentication is, why it’s important, and how Twilio SendGrid took steps to keep the SMTP relay secure.
What is SMTP Authentication?
SMTP authentication is a method of securing your e-mails. It is used when a client logs on using an authentication mechanism supported by the Delivery Server.
By updating existing outbound email configurations, SMTP authentication is a seamless way for senders to redirect traffic to a secure third-party solution.
SMTP authentication for your Twilio SendGrid account
To authenticate for SMTP, you must first authenticate your domain. Authenticating with your Twilio SendGrid account credentials means that you are “proving who you are” to SendGrid’s outbound mail server.
This allows Twilio SendGrid to correlate and serve your send request with your account Sender Policy Framework (SPF) and Domain Key Identified Mail (DKIM) signatures configured for your sending domain.
SPF allows senders to provide a DNS entry (Domain Name System) which contains a list of authorized IP addresses for which e-mail is expected from a particular domain. DKIM is a cryptographic signature that is used to sign a specific email message to ensure that the message is from an authorized source in that domain.
SMTP account authentication
When sending a message to the Twilio SendGrid SMTP relay (smtp.sendgrid.net), authentication is in the form of your API key of the account.
Each account or sub-user on Twilio SendGrid has its own set of credentials that SendGrid uses to determine which environment a message should be sent from (e.g. marketing sub-user vs. transactional sub-user or production sub-user vs. dev sub-user) . This granular control allows for clear segmentation between email streams and environments for your program to ensure there is no cross-contamination in Send calls.
For a step-by-step guide on how to send an SMTP email using Twilio SendGrid, Go to our Docs article.
What happens without SMTP authentication?
Without authentication, it is possible for spammers and malicious actors to compromise your email program using tactics such as email spoofing. Email spoofing is a tactic used by malicious actors who try to send emails with a spoofed sender address that does not belong to them.
Without authentication, your account is vulnerable to spammers and malicious actors.
In addition, recipient servers may consider your email to be untrustworthy. This means that you (or worse, someone else) may be sending unauthenticated email messages through your account. If the message is delivered at all, this leads to high filter rates and spam delivery.
It also means your account could be exposed to phishing attacks while your sending domain is being spoofed. Fortunately, with the new security features in Twilio SendGrid, you can send email from an authenticated source and with proof of ownership of the domain you are sending from.
Using Single Sender Verification OR Domain Authentication Forces users to verify the ownership of their sending domain to reduce spoofing across the platform.
How does Twilio SendGrid take steps to secure SMTP?
In order to continue to use e-mail as a trustworthy communication channel, Twilio SendGrid uses the most secure transmission methods for your e-mail program. Here are a few ways Twilio SendGrid has secured its SMTP service.
Twilio SendGrid fully supports Secure SMTP (SMTPS), an SMTP method that uses Transport Layer Security (TLS) as the link layer. Twilio SendGrid accepts TLS connections on port numbers 25, 587, and 2525. You can also connect using Secure Sockets Layer (SSL) on port 465.
For more information on the differences between these ports, see our previous discussion.
From the fourth quarter of 2020, Twilio has enforced SendGrid Two-factor authentication for all accounts. This means that all SMTP requests that use basic authentication (Twilio SendGrid username and password) will be rejected.
Because of this change, all SMTP requests must use an API key for authentication. This is far more secure for your requests than a username and password, not only because of the length of the alphanumeric character string, but also because you can restrict API permissions and remove areas at any time.
IP access management
The Twilio SendGrid IP access management feature allows you to control access to your Twilio SendGrid account within your network. This feature ensures that only you and your team can access the account from known specified IP addresses. You can find more information about this feature in our documentation.
To learn more about the latest security updates from Twilio SendGrid or best practices for email, subscribe to our monthly email newsletter, The shovel.
Securing your SMTP server
Using a secure SMTP server ensures that your email infrastructure is protected from spam and spoofing attacks. Security, flexibility, and seamless integration are all factors to consider when choosing your next SMTP provider. When you’re ready to choose your SMTP service provider, have a look Twilio SendGrid SMTP service offerings or Sign up for free to try it out.
For more information on SMTP servers, see the following resources: