E-Mail Authentication Sees Large-Scale Adoption

E-mail authentication is expected to see wider adoption this year as senders and ISPs implement standards like Sender ID (define) and DKIM (define). Marketers benefit by having forged and deceptive messages filtered by the ISP or carrier.

At the third annual Authentication and Online Trust Summit this week, Microsoft released findings from a two-year-long study observing the effectiveness of Sender ID on deliverability. An average 3.8 billion deceptive e-mails are identified daily within Windows Live Hotmail messages alone.

“The landscape has changed dramatically, spam is now the carrier or attack of choice for online criminals,” said Craig Spiezle, director of online safety technologies at Microsoft.

Fraudulent and spoofed e-mail accounts for between 40 and 98 percent of e-mail sent to Windows Live Hotmail users, depending on the brand. False positives are prevented among marketers using Sender ID; up to 85 percent fewer messages end up in the spam folder, according to the study.

Sender ID adoption grew three-fold in the past year. Microsoft now tracks over eight million domains under its authentication protocols. “Growth of Sender ID support outpaced the formation of new domains,” said Spiezle.

The findings on authentication practices using Sender ID come mainly from Windows Live Hotmail, because that’s the platform Microsoft has easiest access to, but it wasn’t the only data source. Registrar GoDaddy.com said over 50,000 of its DNS customers are Sender ID compliant.

Compliant registrars and ISPs allow messages with Sender ID and DKIM protocols to be delivered. E-mail service providers first have to implement the systems on outbound messages. Providers like Message Systems are set up to add layers of authentication to client e-mail campaigns. Message Systems’ VP of field operations Barry Abel believes 2007 will be the year of authentication adoption.

“This year is where a lot more carriers will pick one or both,” said Abel. He attributes the adoption by ESPs to the scrutiny of incoming e-mail. “Once implemented, it allows [carriers] to do checks in real time. It takes away phishing and spoofing attacks where a spammer can spoof a domain to get in and wreak havoc. Authentication immediately kills that.”

Deliverability drives stakeholders to adopt authentication on both the outbound and inbound sides of messaging. “We spent three years in meetings really trying to help people understand the idea of deliverability and components of reputation,” said Abel. It’s gone from an early adoption state to being seen as a methodology. It aids [carriers] tremendously in the ability to filter e-mail.

Related reading