E-mail authentication services have arrived, and they’re taking hold fast. Both the Federal Trade Commission (FTC) and the Anti-Spam Technical Alliance (ASTA) of companies such as Microsoft, Yahoo, EarthLink, and AOL have made their positions clear: The next major step in the coordinated war on spam must address the fraud-prone nature of current email technology.
The email-processing industry agrees authenticating email is a good thing. The ability to conclusively determine where an email originated has advantages to both senders and receivers. An ISP can detect whether an email was sent from an authorized source and, thus, potentially bypass a few layers of content filtering, saving processing power.
It also enables ISPs to better identify and process abusive traffic coming into their networks. E-mail senders can deter fraudulent use of their domains and begin working with accreditation services such as Bonded Sender and Habeas to help assure deliverability.
Sender ID combines SPF and Microsoft’s Caller ID standards. The system allows a domain owner to specify in its published DNS records the mail servers authorized to send email from that domain. During the email transaction process, the receiving server looks up the DNS information for the domain the mail purports to be from and makes sure the origin IP address is authorized. If attempted forgery is detected, the receiving server can tag the email as suspicious or reject it.
AOL has endorsed SPF and is asking current and prospective members of its whitelist to set up SPF records. AOL is targeting late summer to begin checking for SPF information. The merger of SPF and Caller ID means Microsoft’s MSN and Hotmail will soon get on board.
Yahoo’s DomainKeys helps ensure both sender and message content. The program is analogous to a notary public: A cryptographic key ensures the message was sent by the domain in the sender field and wasn’t altered or tampered with in transit. With DomainKeys, a sending server “signs” the message with a key string, attaching it to the email’s header information, and publishes a public key in its DNS information. The receiving mail server can compare the key pair to determine authenticity. Upcoming support for DomainKeys is expected for two of the most popular mail transfer agents, Sendmail and Qmail.
Authentication alone won’t solve the spam problem, but it’s an important step in identifying an email’s source, thus separating email from legitimate marketers who wish to be identified from spammers who work to evade both laws and filters. Making these distinctions will help make spamming more difficult for those who practice it and increase trust in email communication.
For email marketers, authentication is quickly becoming more requirement than best practice. Fortunately, both proposed standards are fairly straightforward to implement and are gaining in adoption.
Want more email marketing information? ClickZ E-Mail Reference is an archive of all our email columns, organized by topic.
Nominate your favorite product or campaign from July 7 through close of business July 14.
Email usage is on the rise, shifting to mobile to create an “always on” email culture. How does email marketing change? The ... read more
Email marketing can be overwhelming, especially if you are new. Lots of tweaking, designing and testing. These eight tools will help you ... read more
Now more than ever before, marketers have a wealth of technology at their fingertips helping them to run campaigns.