E-mail Group Offers Reputation Guidelines

E-mail reputation service providers should be objective and open when constructing their reputation scoring services, according to a new white paper from the E-mail Senders & Providers Coalition (ESPC).

“Authentication has seen great adoption over the past year by senders and receivers and we’re happy to see that reputation service providers are ready to step in and provide objective scoring systems for commercial senders,” said Trevor Hughes, executive director of the ESPC. “It is the ESPC’s intent to act as a guide for reputation providers, senders and receivers as reputation plays an ever increasing role in email deliverability.”

While the ESPC is not attempting to endorse one provider over another, or even one methodology over another, the group does want to ensure that reputation providers are following certain best practices, and are using appropriate data to score a sender’s reputation, Hughes said.

According to the ESPC, a reputation service provider (RSP) should first ensure that senders have implemented authentication before beginning to look at a sender’s reputation, so the reputation is accurately linked to the sender. A sender’s identity should be tied to a domain, or ideally a sub-domain when used, and not an IP address, which can be more easily changed.

RSPs should also hold clients accountable for compliance with all applicable laws governing email. Reputation ratings should also be based on objective and observable behavior of senders, rather than a “black box” approach, Hughes said.

“Without a clear understanding of the factors that may help or harm their reputation, and a way to manage their reputation, senders will have no incentive to participate,” Hughes said.

The ESPC recommends that reputation scores be based first on direct recipient feedback that is as specific as possible. For instance, the use of a “junk button,” which many recipients use to unsubscribe from consent-based mail, should not be weighted as highly as a specific complaint of abusive sending practices, he said.

The same kind of precision should be used when evaluating bad addresses, with distinctions made between “honeypot” addresses, which are nonexistent addresses that are designed to catch spammers, and stale addresses that are simply outdated legitimate addresses. While stale addresses should be managed by the sender, their existence does not in itself imply a serious permission problem, as the presence of a honeypot address would, Hughes said.

The ESPC and other industry leaders are meeting tomorrow in Chicago to help senders and receivers of commercial email better understand the commercial email landscape, including issues of authentication and reputation. The ESPC is holding a pre-conference “boot camp” today, where it released this position statement along with a report detailing how each of the major ISPs is using authentication and reputation services.

“We’ve seen for a long time now an evolution in the way ISPs handle inbound mail. While none of them are relying exclusively on authentication to decide what gets to the inbox, authentication has become an increasingly important component in the algorithm that determines what gets delivered,” Hughes said.

Related reading