E-mail Authentication: Don't Wait

The industry alliance fighting e-mail and Internet fraud sets a June 30 deadline for senders, receivers to authenticate mail.

The movement’s been slow and steady, but we’re now seeing the rewards: 50 percent of legitimate e-mail is authenticated, using either SenderID (define)/SPF (define) or DomainKeys (define) Identified Mail (DKIM), according to a new study from the Authentication and Online Trust Authority (AOTA).

Have you taken the simple steps to have your e-mail and brand protected by using authentication? If not, why not? It’s simple to do, and there’s no downside if you follow all the steps correctly.

Authentication affords a win-win-win situation, benefiting all players in any e-mail exchange: senders, receivers, and recipients. Authentication’s delivery benefits have gotten the most attention, but uncertainty has generated a standoff. Many senders took a wait-and-see approach until the receivers pick a standard, while the receivers have been waiting until enough senders use authentication to make delivery decisions.

AOTA is trying to end this Catch-22 by urging senders to adopt a standard, preferably both. The call has gone out, and six months is the end game for senders and receivers to use some form of authentication.

Why Authenticate?

When you authenticate your e-mail messages, you help ISPs identify whether the message was sent by a legitimate company or an imposter, which in turn helps them determine whether to deliver the message to the recipient.

Some ISPs use trust icons for authenticated e-mail. Just by virtue of appearing in the inbox, these icons help assure your subscribers and customers they can trust you to be whom you claim to be and buy from you with confidence, whether you’re Wells Fargo, the Disney Co., Amazon, or Dell. These are just a few of the companies that took the leap to authentication.

But you don’t have to be a Fortune 500 company or a household name to see the benefits of protecting your brand with authentication. Not too long ago, I started getting legitimate-looking e-mail solicitations from a small regional start-up bank. Because I wasn’t a customer, I figured they were phony; but if I were one, I might have been taken in. Had the bank used authentication, the phony messages most likely wouldn’t have reached me in the first place.

Authentication helps protect your brand and increase customer trust in your e-mail’s legitimacy. But, don’t just authenticate your e-mail domains. Include your main brand domains as well. Phishing attacks often occur against the main brand site (the one most recognized by consumers). For the receivers to prevent this messaging from reaching recipients, you need to authenticate these domains as well.

The AOTA survey states that authentication has reached the tipping point after a five-month survey of e-mail sent by Fortune 500 companies and Internet retailers. The organization reported that authenticated e-mail was sent by 51 percent of Fortune 500 consumer brands, 52 percent of Fortune 500 financial-services brands, and 54 percent of Internet retailer’s top 300 brands. Are you part of this group?

AOTA: Authenticate by June 30

Based on its study, AOTA is urging all ISPs and brand owners who market via e-mail to adopt authentication within six months after the Jan. 31 report. You don’t need to wait that long.

Maybe you hesitated to implement authentication at your company because it sounded too complex, or because you or your IT people were waiting to see which standard would emerge. Today, neither argument holds up any longer. There’s simply too much information about the reasons and methods on how to authenticate to remain opposed or ignorant.

Sender ID/SPF is relatively simple to use and should take the average system administrator only about 15 minutes to configure. If your IT department is unsure how to implement, AOTA offers plenty of resources, listed below. While DKIM is a bit more complicated, it can still be accomplished with minimal effort and complements Sender ID/SPF. Both protocols can and should be used.

Of the two standards, Microsoft-backed SenderID has the longer track record and is a must for effective sending into MSN and Hotmail/Windows Live e-mail. DKIM has support from AOL and Yahoo, with Yahoo being one of the originators. AOTA endorses both standards. So, cover your bases and authenticate by using both.

The one downside with authentication is that if you do it incorrectly, you might end up telling the ISPs not to deliver your own e-mail (a problem I’ve addressed previously). While it’s a small risk, it’s still better to authenticate your messages than expose your brand to a phishing attack.

More Resources

AOTA, a relatively new cross-industry alliance dedicated to fighting e-mail and Internet fraud and building trust in online commerce, has assembled an impressive library of resources relating to authentication, including in-depth backgrounders on the major protocols and a detailed review of its survey on authentication adoption. Find it all on one page.

AOTA’s 2008 Summit will be June 4-6 in Seattle this year, with tracks for both IT/security people and marketers or brand managers. Learn more about the conference here.

Until next time, keep on deliverin’!

Want more e-mail marketing information? ClickZ E-Mail Reference is an archive of all our e-mail columns, organized by topic.

Subscribe to get your daily business insights

Whitepapers

US Mobile Streaming Behavior
Whitepaper | Mobile

US Mobile Streaming Behavior

5y

US Mobile Streaming Behavior

Streaming has become a staple of US media-viewing habits. Streaming video, however, still comes with a variety of pesky frustrations that viewers are ...

View resource
Winning the Data Game: Digital Analytics Tactics for Media Groups
Whitepaper | Analyzing Customer Data

Winning the Data Game: Digital Analytics Tactics for Media Groups

5y

Winning the Data Game: Digital Analytics Tactics f...

Data is the lifeblood of so many companies today. You need more of it, all of which at higher quality, and all the meanwhile being compliant with data...

View resource
Learning to win the talent war: how digital marketing can develop its people
Whitepaper | Digital Marketing

Learning to win the talent war: how digital marketing can develop its peopl...

2y

Learning to win the talent war: how digital market...

This report documents the findings of a Fireside chat held by ClickZ in the first quarter of 2022. It provides expert insight on how companies can ret...

View resource
Engagement To Empowerment - Winning in Today's Experience Economy
Report | Digital Transformation

Engagement To Empowerment - Winning in Today's Experience Economy

1m

Engagement To Empowerment - Winning in Today's Exp...

Customers decide fast, influenced by only 2.5 touchpoints – globally! Make sure your brand shines in those critical moments. Read More...

View resource