The Future of Email
Key takeaways
- Anyone can put anything in the “From” field of an email.
- AI assistants are increasingly reading, summarizing, and actioning email on users’ behalf.
- Email authentication is made up of three interlocking standards: SPF, DKIM, and DMARC.
Anyone can put anything in the “From” field of an email. For most of email’s history, that was manageable. A careful reader could catch the tells, such as a slightly off domain name, implausible urgency, or phrasing that doesn’t quite work. However, as AI usage becomes increasingly widespread, the way we engage with email is changing.
AI assistants are increasingly reading, summarizing, and actioning email on users’ behalf. AI filters are making consequential decisions about what reaches inboxes at all. In that world, “Did the message arrive?” matters a lot less than “Can we actually verify where it came from?” The answer to that question depends on a set of standards most email users have never had reason to think about, but that are quietly becoming the foundation everything else is built on.
Email authentication is made up of three interlocking standards: SPF, DKIM, and DMARC. SPF verifies that the server sending a message was authorized to do so on behalf of that domain. DKIM attaches a cryptographic signature to each message so the receiving server can confirm it hasn’t been altered in transit. DMARC ties those two together and tells receiving servers what to do when a message fails those checks: reject it, quarantine it, or let it through.