AOL To ESPs: Comply with SPF, Or Else

  |  June 9, 2004   |  Comments

America Online plans to have SPF e-mail authentication in place by the end of summer and bulk mailers not in compliance will lose their whitelisting status.

America Online plans to have SPF email authentication in place by the end of summer and email service providers (ESPs) not in compliance will lose their whitelisting status.

SPF, or Sender Policy Framework, authenticates the identity of the sender of an email. Since most spam has faked addresses, SPF could be a powerful weapon in fighting spam, spoofing [define] and phishing [define].

ESPs are scrambling to comply with the AOL edict.

"Many ESPs have already complied," said Dave Lewis, co-chair of the E-Mail Service Provider Coalition (ESPC) vendor relations committee and VP of deliverability management for Digital Impact. Lewis said his firm is in the process of complying, as is another major ESP, Bigfoot Interactive, a spokesman confirmed. Other firms, such as EmailLabs and Socketware, are already in compliance.

Compliance is not a demanding process. The entity in question need only publish information such as its IP address or addresses in a specified format within the Domain Name System (DNS). [define]

"If individual companies, corporations, organizations and so forth want to remain on AOL's whitelist they will want to establish an SPF record for their domain since AOL will soon begin to query IP addresses that are on our whitelist from a domain SPF record," said Nicholas Graham, AOL spokesman.

Graham said the giant ISP will begin using SPF to maintain its whitelist in the short-term future, with August being within a potential timeframe. Carl Hutzler, director of anti-spam operations for AOL mail operations, put it more simply: "End of summer if I can get developers to do their magic."

SPF works by comparing the identifying information of an incoming email with the information on file with the DNS to see if they match. This authenticates the identity of the sender by checking information in the email "envelope."

However, because SPF doesn't authenticate any of the headers actually seen by the end user -- the "from" address, for example -- some are pushing for other protocols. Microsoft, for example, is in the process of integrating SPF with its own Caller ID for E-Mail authentication protocol to enable checking of the fields seen by the end user. Meanwhile, Yahoo has its own authentication proposal, DomainKeys, which uses encryption of digital signatures.

While SPF will not eliminate spam, it "will make a big difference in a positive way," according to John Mathew, VP of operations for Bigfoot Interactive.

Or, as Digital Impact's Lewis put it, "We're not able to score the touchdown on the first play. But these two forms of authentication [SPF and DomainKeys] will get us a goodly way up the field."

ClickZ Live Chicago Join the Industry's Leading eCommerce & Direct Marketing Experts in Chicago
ClickZ Live Chicago (Nov 3-6) will deliver over 50 sessions across 4 days and 10 individual tracks, including Data-Driven Marketing, Social, Mobile, Display, Search and Email. Check out the full agenda and register by Friday, August 29 to take advantage of Super Saver Rates!


Janis Mara

COMMENTSCommenting policy

comments powered by Disqus

ClickZ Today is our #1 newsletter.
Get a daily dose of digital marketing.



Featured White Papers

BigDoor: The Marketers Guide to Customer Loyalty

The Marketer's Guide to Customer Loyalty
Customer loyalty is imperative to success, but fostering and maintaining loyalty takes a lot of work. This guide is here to help marketers build, execute, and maintain a successful loyalty initiative.

Marin Software: The Multiplier Effect of Integrating Search & Social Advertising

The Multiplier Effect of Integrating Search & Social Advertising
Latest research reveals 68% higher revenue per conversion for marketers who integrate their search & social advertising. In addition to the research results, this whitepaper also outlines 5 strategies and 15 tactics you can use to better integrate your search and social campaigns.


    • Systems Analyst/Support
      Systems Analyst/Support (Agora Inc. ) - BaltimoreIRIS (Increased Revenue Intuitive Software ) is proprietary software that helps marketers...
    • Client Services Support Specialist
      Client Services Support Specialist (Agora Inc. ) - Delray Beach OVERVIEW:  This position requires a highly motivated and resourceful individual...
    • Creative Marketing Associate
      Creative Marketing Associate (NewMarket Health ) - BaltimoreAre you looking for a foot in the door with the best marketing company in the business...