Authentication And Online Trust Summit

by , , Apr 30, 2007, 2:00 AM
  • Comment
  • Recommend (2)
Subscribe to Email Insider

Tags

I thought this update from Pivotal Veracity from the Authentication and Online Trust Summit (AOTS) was quite valuable to share with the MediaPost audience. As background, Microsoft started AOTS in 2004 to foster adoption of Sender ID and promote email authentication through the industry. I will warn you, if you are a novice to deliverability and authentication, you will be completely lost in this article, so I recommend you read a few things before you dive into this. Authentication: http://www.deliverability.com/resources/emailAuthentication.php DKIM: http://www.dkim.org.

Thanks to Len Shneyder, director of partner relations & industry communications at Pivotal Veracity, for writing this very timely update.

AOL & AIM. Not much new to report except that they plan to incorporate Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) into the reputation model in the coming months. By late summer they hope to be actively using both as a means of authentication and reputation checking for connecting IPs as an added data point to help them determine the final disposition of email. As is always the case, they advocate being responsible with your sending patterns and trying to limit your email to "active" customers who have purchase patterns or some form of response-based relationship.

Comcast. Ninety-one percent of all inbound email to Comcast, the largest broadband provider in the United States, is flagged as spam. Comcast monitors the quantity of hard bounces, specifically unknown users, sent to their domains. They use this as a measure of list quality and maintenance. By the end of the year, Comcast announced, they will adopt DKIM as an extension of their reputation check, in addition to launching a feedback loop.

MSFT, Hotmail, Windows Live Mail. Hotmail receives 4.5 billion emails a day, of which 90 % is flagged as spam. Statistics show that 35% of all spam today is "image spam," or messages comprised solely of one or multiple images. Microsoft advised mailers to use the hard fail flag in their SPF/SenderID records (-all), in addition to covering every sub domain with its own SPF/SenderID record. If you are lost at this point, contact your ESP or one of the delivery auditing companies and they can help you understand how to set this up. It is important to note that IPs sending a low volume of email at infrequent intervals will most likely be flagged as "suspect" by this filter as they have similar characteristics to spammers. Because of this, new IPs with no mailing history will have a harder time getting their email to even the junk mail folder. Microsoft is relying heavily on an IP's mailing history as one aspect of reputation in order to determine where email should be placed. Further insights from Microsoft personnel included information on mailing volumes: It's better to email smaller volumes more often rather than larger volumes at infrequent intervals. Consistent mailings of 5-10K emails per day have been documented as performing well.

Implications. ISPs use a variety of filters, including third-party filters, blacklists, whitelists, reputation metrics, volume filters, and content filters. There are many reasons your message may not make it to the recipient's inbox. Reputation metrics consist of one or all three of the following, depending on the ISP: spam complaints (the number of recipients complaining you are spamming them); unknown user bounce rates (bad addresses), and spam traps (emails you send to email addresses harvested from the Web or purchased). Managing feedback loops (spam complaints), good bounce management (removing bad addresses), and carefully governing your email acquisition methods will remain crucial to sustaining a good delivery reputation with the ISPs.

Authentication will become increasingly important as well. If you are not already authenticating with a combination of SPF, SenderID, and DKIM now is the time to get started. Whereas Microsoft adopted SenderID, many others adopted a combination of SPF + DKIM or SenderID + DKIM. Yahoo is even requiring DKIM in order to sign up for their feedback loop (spam complaint reporting).

I've published an extended version of this article with comments and links to some valuable sources and partners that you may find useful, on my blog.

Be the first to comment on "Authentication And Online Trust Summit"

Leave a Comment

Sign in to leave a comment. Don't have an account? Join Now

Recent Email Insider Articles

» Email Insider Archives