The ins and outs of anti-spam technologies -- in layman’s terms.
I admit it. Not too long ago, I understood the concept behind SPF (define), Sender ID, and DomainKeys, as well as the importance of them. But the subtleties of each eluded me. That was before Rick Buck, director of e-media and privacy/ISP relations at e-Dialog, was kind enough to translate the tech-speak surrounding these terms into plain English even a marketer could understand.
SPF, Sender ID, and DomainKeys are relatively new technologies on the cutting edge of the fight against spam and false positives. False positives, basically legitimate email messages mistaken for spam, are one of the biggest issues facing email marketers.
The goal of all these technologies is to verify a message’s sender is who he says he is. Falsifying sender addresses is a common practice among spammers. The logic: if you make it harder for spammers to hide their identities, it’s easier to hold them accountable for the email they send. This may discourage their efforts.
Though these technologies aren’t silver bullets for stopping spam, they should help diminish false positives. They’re the first steps toward a technical solution to spam, combined with reputation, authentication, and accreditation technologies.
The three technologies are somewhat hierarchical. SPF provides the most basic level of authentication. Sender ID takes it a step further, while DomainKeys offers an additional verification level. SPF is already used, most notably by America Online, to filter spam.
SPF, once known as sender permitted form, works by looking at an incoming message’s sender address and the server sending it. If the server is authorized to send email on behalf of the domain name in the sender address, the message gets through. If not, it’s filtered as spam.
SPF relies on what’s called the "envelope address," the sender address appearing as the "return-path" in the email header. It only looks at the domain name (the portion of the address after the "@"), not the complete address. SPF doesn’t confirm the message came from a specific user at that domain name, only that it came from that domain name’s server.
To get through SPF filters, senders must publicly identify servers authorized to send email from their domain name in their DNS (define) record. It’s not a time-consuming, difficult, or costly endeavor. If you send email from your own server, your IT folks should be able to handle it. If you use an email service provider (ESP) to send your bulk email, they should handle this for you.
You can also use SPF to decrease the amount of spam you receive. It’s simple for your IT folks to implement this, and there are lots of online resources to help (a few are listed at the end of this column).
If you use SPF, you won’t be alone. All the major ESPs use it, as do most major ISPs. Additionally, hundreds of thousands of organizations that send email have already published SPF records.
There’s an additional benefit to publishing your SPF record. You know all those bounces you receive from spam email that appear to be from your domain but aren’t? An ISP filtering with SPF technology won’t send them to you. It "knows" the message didn’t originate from your server.
By enabling SPF technology on your sent and received email, you’re doing your part to take email back from spammers.
SPF isn’t perfect. Many legitimate email marketers have already published their SPF records. So have many spammers. Those spam messages are authorized via SPF just as legitimate messages are.
There’s some controversy around SPF. As a traveler, I worry about tying my domain name to a single server. I use my own ISP to send mail when I’m home, and I use a patchwork of networks provided by hotels, clients, and my home away from home, Starbucks, to send mail when I travel. There’s no way to submit SPF records for all these locations and servers, especially the ones I haven’t yet visited.
SPF also appears to be incompatible with forwarding email, among other things. Still, I support SPF. I’m confident kinks like these will eventually be worked out.
This is just the tip of the SPF iceberg. If you want to learn more about the benefits, drawbacks, and details on implementing SPF for sends or as a filter, there are many resources. Wikipedia offers a good basic background and more details on the downsides of SPF. AOL does a good job of laying out SPF’s benefits, especially as they pertain to its white list. Pobox.com has more information and a wizard to help you publish your SPF record.
Next: Sender ID, which many view as an improvement on SPF but not yet perfect. Future columns in this series will discuss DomainKeys and some of the other technologies that tie delivery to reputation, authentication, and accreditation.
Want more email marketing information? ClickZ E-Mail Reference is an archive of all our email columns, organized by topic.
Jeanne Jennings is a recognized expert in the email marketing industry and managing director of digital marketing for Digital Prism Advisors. She has more than 20 years of experience in the email and online marketing and product development world. Jeanne's direct-response approach to digital strategy, tactics, and creative direction helps organizations make their online marketing initiatives more effective and more profitable. Digital Prism Advisors helps established businesses unlock significant growth and revenue opportunities in the digital marketplace; our clients learn to develop and implement successful digital strategies, leveraging data and technology to better meet bottom line goals. Want to learn more? Check out Jeanne's blog and Digital Prism Advisors.
2015 Holiday Email Guide
The holidays are just around the corner. Download this whitepaper to find out how to create successful holiday email campaigns that drive engagement and revenue.
Three Ways to Make Your Big Data More Valuable
Big data holds a lot of promise for marketers, but are marketers ready to make the most of it to drive better business decisions and improve ROI? This study looks at the hidden challenges modern marketers face when trying to put big data to use.
December 2, 2015
1pm ET/ 10am PT
Wednesday, December 9, 2015
5pm HKT / 5am ET