E-Mail Authentication: Restoring Trust in E-Mail
How to jump on the e-mail authentication train and help restore trust in e-mail.
How to jump on the e-mail authentication train and help restore trust in e-mail.
Is it possible to restore both consumer and marketer confidence in email and free the killer app from delivery afflictions?
That was the topic last week at the Email Authentication Implementation Summit in New York City. It seems we’re making progress, albeit slowly.
Last December, I highlighted a few items that were causing frustration, among them multiple identity standards, the lack of marketers’ perspectives, and the perhaps too-public debate. At the summit people still discussed how to break these standards (they did check IDs at the door), but the marketers’ perspective was well represented. Nearly two thirds of the attendees were marketers. Not just vendors, but real companies discussing the real issues of how authentication and reputation will affect their business operations.
The real achievement has been the further consolidation of identity standards. Yahoo’s Domain Keys and Cisco’s Identified Internet Mail (IIM) recently merged to become Domain Keys Identified Mail (DKIM).
This is progress. What isn’t so impressive is the relatively low number of companies that publish identity records, such as SPF (define) and Sender ID.
Microsoft puts the amount of inbound email with SPF records at Hotmail at about 25 percent. A recent Jupiter Research report I authored finds the number of marketers publishing identity records to be under 20 percent. If you haven’t started publishing identity records, here’s how to jump on the email authentication train.
Publish an Identity Record Now
Start with SPF or Sender ID. Sender ID is backwards compatible to SPF version 1.0, making it a good place to start. As some ISPs check for Domain Keys records on inbound mail, you could also publish a DKIM record. Depending on your appetite for deploying things in tandem, making DKIM a second priority is OK for now. Realize, though, DKIM isn’t going away and will likely be the standard everyone eventually gravitates toward.
Creating an SPF record is relatively painless, but the need to understand where all your email originates and crafting SPF policies for all that email can take much longer. Bank of America has published 12 SPF records for its different domains. The implementation process took six months, partly because of its deliberately methodical approach and partly because of the organization’s distributed nature.
Your organization should have one identity policy that applies to all email, marketing and non-marketing messages alike. Inventory your email sending systems, from press releases to transactional email. Be sure to publish SPF records for domains that don’t send mail. Part of this identity exercise should be to secure your identity for all of your domains, regardless of the email volume they originate.
Reputation Is Key to Authentication
Though the road map for the identity portion of email authentication is relatively clear, the same cannot be said for reputation services. E-mail authentication without reputation is an unworkable solution. True, many blacklist-oriented reputation services exist today. But accreditation is better to mitigate and manage reputation risks.
A few providers, including Return Path’s Bonded Sender; Habeas; and the emerging Goodmail Systems, provide reasonable solutions to assist in certifying and managing your email delivery disposition based on your reputation. The challenge is these solutions have yet to be fully utilized on the receiver side. You may need relationships with multiple vendors.
There are delivery benefits for many marketers who participate in accreditation services. In most cases, these services bypass the ISPs’ spam filtering mechanisms (excepting user blacklists).
There’s still a lot of spam out there (a mere 20 percent of the 4 billion messages Hotmail receives each day are legitimate). Yet we’ve turned the corner on reclaiming our inboxes. We can help accelerate this process by publishing identity records. Once we’ve identified the senders, we can document their reputations. Only then can we truly restore trust in the medium.
Let me know how it works out for you.
Want more email marketing information? ClickZ E-Mail Reference is an archive of all our email columns, organized by topic.