Microsoft offered an eye-popping statistic at its Authentication and Online Trust Summit in April: Ninety percent of incoming marketing e-mail the software giant processes comes from servers that comply with its Sender ID authentication scheme.
One possible reason for the high percentage? Most of this e-mail originates from service providers whose business it is to make sure their processes conform to industry best practices.
So sure, most marketing e-mail is authenticated. But what about companies' customer service e-mails? And how about the messages sent from human resources?
Though the Direct Marketing Association and the E-mail Sender and Provider Coalition require authentication as a condition for membership, so far results have been “mixed,” according to Pat Kachura, the DMA's senior vice president for ethics and consumer affairs. “We're finding that a lot of people are authenticated and a lot of people still need to be educated on how to get authenticated,” she says.
E-mail authentication is designed to let e-mail inbox providers determine if incoming mail truly has been sent by the company it claims to be. Authentication also allows Internet service providers to track the reputations of sending machines and to process their mail accordingly.
If incoming e-mail isn't authenticated, or the sending IP address has a bad reputation (or none at all), the inbox provider can block it or divert it into the user's junk mail folder.
Microsoft's scheme is one of three authentication standards marketers should know about. The other two are Sender Policy Framework (SPF) and DomainKeys.
SPF and Sender ID are IP-based solutions, meaning they verify that the IP address of incoming e-mail is from a server authorized to send e-mail on behalf of the company named in the e-mail's return address. AOL uses SPF.
Meanwhile, Yahoo!, EarthLink, Google and Verizon, among others, use a cryptographic solution called DomainKeys. Such e-mail carries an encoded signature that the receiver's servers verify using so-called public and private keys.
Currently, the benefits of authenticating aren't as strong as they could be. Yahoo! displays a little key symbol at the top of messages signed with DomainKeys that the user can click on to find out what it means. Microsoft says that e-mail is more likely to get delivered when it arrives authenticated by Sender ID.
However, industry consensus is that sooner or later authentication will reach critical mass and ISPs will begin blocking unsigned e-mail. “If you're a marketer and you're not setting this up right, you may not be getting into the inbox,” says Experian's privacy and compliance leader Ben Isaacson. But an e-mail doesn't necessarily have to be authenticated to get delivered.
According to Isaacson, SPF is compatible with Sender ID, so a company only needs to implement DomainKeys and Sender ID to satisfy all the major ISPs' authentication requirements.
The most difficult part of authentication is taking an inventory of all the places e-mail is sent from. But once that's done, it's fairly easy to tell if messages are authenticated.
Examples of areas to consider during a domain inventory are human resources, investor relations, advertising and PR agencies, customer support, newsletters, and order/delivery confirmations. Fortunately, no contact with the IT department is required to identify whether your company's outbound e-mail is authenticated.
Once all the sources of a company's e-mail are identified, set up free e-mail accounts at Hotmail and Gmail — if you don't already have them — and send e-mail to those accounts from all the sources.
In Hotmail, right-click on the subject line of the message you sent yourself. Select “view source” from the drop-down menu that appears. If the e-mail is authenticated, the third line of the window that pops up will say “X-SID Result: Pass.” If it doesn't say “pass,” it will say “neutral,” “fail” or “soft fail.” Obviously you want it to say “pass.”
In Gmail, open the message. Left-click on the small drop-down arrow that appears in the upper right of the message to the right of the “reply” button. Select “show original.” If the e-mail has been authenticated, it will say “Received — SPF: Pass” in the 10th line.
W
Magilla Marketing, Ken Magill's weekly e-mail newsletter, is archived at http://directmag.com/magill/.
Authentication Resources
SPF
www.openspf.org/wizard.html
Sender ID
www.microsoft.com/senderid
DomainKeys
http://antispam.yahoo.com/domainkeys
General information
www.deliverability.com
www.the-dma.org/emailauthentication
