That's the goal of e-mail service providers (ESPS), Internet service providers (ISPS), and marketers, who are adopting two new types of e-mail delivery protocol standards, authentication tags and accreditation, which results in a "reputation" score very similar to a credit score. Microsoft, Yahoo!, Bigfoot Interactive, DoubleClick, the Direct Marketing Association, the E-mail Service Provider Coalition, and Visa have already gotten behind the initiatives. "Major e-mailers continue to struggle with the problems of deliverability," says Trevor Hughes, executive director of the E-mail Service Provider Coalition. "Even with messages you have permission to send, about 20 percent of them are not making it to the inbox." On the e-commerce side, Hughes says: "Some stats...suggest that 1 in 5 transactional messages are not getting delivered, either. That's a real incentive for folks to do whatever they can to move those numbers."
Here's an even bigger incentive: Non-participation isn't an option. Compliance with the new standards will determine whether or not a company will be able to use e-mail marketing as an effective tool at all.
Companies maintaining ethical e-mail practices--such as clean lists and opt-in/opt-out policies--will thrive, while companies with sloppy practices or incorrect data will be stuck with defunct authentication tags and low reputation scores.
Here's an explanation of the new standards to help you understand how to move forward.
Step 1: Authentication Tagging
Tags are embedded into each e-mail message to identify the sending company. These enable receiving ISPS to verify that senders are actually who they say they are, making it virtually impossible for spammers and phishers to hide their identities.
There are two main types of authentication tagging systems used today. The first is an Internet Protocol-based approach called the Sender id Framework, which verifies authentication through a "Sender Policy Framework," or SPF--a published identity record that lists the IP addresses of servers authorized to send e-mail on behalf of a domain. When ISPS receive e-mail, they check the SPF record to ensure that the sending server (IP address) and domain name match. If they do, they let the e-mail in. If they don't, it's rejected.
The second type, called Domain Keys Identified Mail (DKIM), is a collaboration between Yahoo! and Cisco. "DKIM has a provision to prevent the message from being tampered with," explains Dave Lewis, vice president of marketing for e-mail technology provider StrongMail Systems. "It's done through a public and private key combination. The key becomes invalidated if messages get tampered with, and may even expire."
How to choose? You don't. "It isn't an either/or choice," says Lewis. "Marketers will need to support any and all protocols out there in the marketplace." But don't stress over the learning curve: Your ESP will handle tagging of outgoing e-mails, while your ISP will handle verification of the incoming authentication tag. And both will advise you on any minor coding or housekeeping you might need to do. Also, companies that don't use an ESP for outgoing mail delivery will need to work with their internal technology department to develop the appropriate protocols.
E-mail security provider IronPort Systems recently reported that just 3 percent of all registered domains are actively publishing SPF records today--but noted that this small group is responsible for one-third of all outgoing Internet e-mail. In a study of its Hotmail addresses, Microsoft found that one-fifth of all e-mail received had published SPF records. (Data on DKIM, for which implementation is more involved, were not yet available.) Marketers need to be prepared to test and tweak. Sixty percent of e-mails with Sender id Framework tags that IronPort studied failed authentication. In addition, one out of every 20 e-mail messages that got let in was spam.
Step 2: Accreditation
After using authentication tags to identify the sender, reputation scores will tell the world how well your e-mail complies with legal and ethical practices. "Ratings will be based on three categories of behavior," says Ken Takahashi, vice president of strategic partnerships for DoubleClick Email Solutions, a division of DoubleClick Inc. "The number of bounces, the number of 'honeypot' or 'trap' addresses (fake addresses that ESPS put into a mailing to see if spammers pick them up and try to mail to them), and the number of customer complaints about irrelevant e-mails from an IP address." Unlike authentication tagging, however, the mailers themselves will have primary responsibility for maintaining practices that lead to a high reputation score. For instance, keeping lists clean will be critical. Also, it's not enough to know how many addresses bounced: Companies must know why their mail bounced so they can correct the problem. For example, notes StrongMail Systems' Lewis: "Failures due to 'address error,' such as a misspelling or wrong punctuation, generally point to a problem with data capture, while 'unknown user' means the account either never existed or was closed." In the latter case, a check against the e-mail change-of-address program or a company's own database can save the account by finding a more up-to-date address.
The message is clear: With e-mail based on reputation scoring, Takahashi says: "Your brand and your logo will make no difference. Your performance will be the biggest driver."
Step 3: Participation
To eradicate spam, make e-mail safe again, and add more value for both consumers and marketers, all parties need to participate and be on the same page. "All of us have a stake in the outcome here, whether we're senders or receivers," says Lewis. "This is fundamental, because if you don't have consumer confidence, what do you have?" A handful of technology providers are trying to help companies comply with authentication and accreditation standards, including Goodmail Systems, Habeas, IronPort Systems, and ReturnPath. Additional tools will surface as the industry grows. As a steward of either your own or your clients' e-mail marketing programs, though, your first step should be to understand where the ESPS and ISPS are on the standards adoption curve. You can get up to speed on the subject by going to emailauthentication.org, a Web site created by the Email Service Provider Coalition, which includes, among other tools, all the sessions from the Email Authentication Summit. The meeting, held in July, was attended by more than 500 industry professionals.