Authentication and Accreditation: State of the Industry

Ever since SPF (define) was announced, “authentication” and “accreditation” have been big buzzwords in the email marketing industry. Though not silver bullets to eliminate spam, these concepts hint at how the email ecosystem is evolving to become more abuse-resistant. Today, we’ll detail some recent events that underscore the progress and level of adoption occurring with authentication and accreditation services.

DomainKeys Merges and Expands

Yahoo and Cisco Systems announced the merger of their two respective cryptography-based authentication systems, DomainKeys and Internet Identified Mail, into one standard: DomainKeys Identified Mail.

Encryption-based methods can authenticate an entire message, not just the sender line. Performance is the tradeoff. Sender adoption has been slow, as increased processing power must be allotted to each message being encrypted and signed with the appropriate key.

To spur DomainKeys adoption, Yahoo began inserting a visible notification for the recipient. When a DomainKeys-encrypted message is sent to a Yahoo user, an informative note appears under the sender address saying the message is authenticated.

Sender ID’s Negative Appeal

The easiest authentication protocol to implement has been around for some time, and adoption is growing. Taking a cue from Yahoo, Microsoft announced it will add a negative user interface message to the Hotmail and MSN email dashboards. This negative message will appear when a message is not authenticated with Sender ID.

This should light a fire under those who haven’t yet adopted Sender ID. Though the Internet Engineering Task Force (IETF) hasn’t declared Sender ID an official Internet standard, the change pretty much guarantees Sender ID adoption among all legitimate email marketers.

ESPC: Authenticate Now!

The Email Service Provider Coalition (ESPC), a group of companies that handle email transmission for over 250,000 email sending corporations and businesses around the world, is calling for increased authentication adoption. ESPC requires all members to authenticate outgoing client email. It also wants receiving ISPs to take harsher measures against those who don’t authenticate, or who fail authentication checks due to a badly configured record or spoofing attempts.

MSN Recognizes Habeas

Habeas, an email accreditation company, announced its accreditation program, and the Habeas SafeList is now recognized by Microsoft. Using Habeas almost as an outsourced whitelist, Microsoft will be able to better target its spam filters to email not signed with the Habeas certification mark.

For the last 18 months, Microsoft has deployed Bonded Sender‘s whitelist in a similar capacity. It will use Habeas’ SafeList in addition to Bonded Sender for both Hotmail and MSN. It’s likely email marketers must only adopt one of these accreditation services for improved Hotmail and MSN delivery.

Recognition of email accreditation programs by a large consumer ISP can drive other ISPs to do the same, snowballing adoption. It isn’t hard to imagine Yahoo or AOL outsourcing its whitelisting program to a provider with a more structured, standardized process.

Conclusion

E-mail is changing, as these developments demonstrate. ISPs and email senders alike are clamoring for an authenticated email system that relies on a certification standard. Spammers will find it more difficult to operate in such a system and be driven deeper underground, while legitimate email will remain on top.

If delivery rates are important to your company, take a look at the various accreditation companies such as Habeas and Bonded Sender. If you don’t yet authenticate your email, either cryptographically or with Sender ID, now’s a good time to start. Wait too long, and you’ll leave money on the table and play catch-up with your competitors.

Till next month, keep on deliverin’.

Want more email marketing information? ClickZ E-Mail Reference is an archive of all our email columns, organized by topic.