How we ensure email authenticity, branding, and user-friendliness.
Phase 1: Sending a Compliant Email
1. Custom Domain
Email is sent from talent.your-domain.com via Amazon SES for brand recognition.
→
2. User Features
A one-click unsubscribe header is added to comply with best practices.
→
3. DKIM Signature
A unique cryptographic signature is applied using a secret **Private Key**.
Phase 2: Verification Process
4. DNS Lookup
The recipient's server finds your public DKIM key via a DNS lookup.
e.g., `_domainkey...`
→
5. Validation
The public key is used to validate the signature, ensuring the email is authentic and unaltered.
Phase 3: Secure Delivery
Outcome A: Verification Passes
The email is delivered to the recipient's inbox with a high level of trust.
✓ Delivered to Inbox
Outcome B: Verification Fails
The email is treated as suspicious. This happens if:
- A spammer tries to **impersonate your domain** (they lack the Private Key).
- The email content was **altered** after it was sent.
✗ Marked as Spam / Rejected
