E-Zine Mailers Urged to Comply with Sender ID

The clock is ticking. E-Zine mailers have until November to comply with Sender ID, the e-mail authentication platform now being rolled into Microsoft’s Hotmail system.

Ignore this warning and your newsletter or other e-mail could end up in a Microsoft junk folder or, worse yet, your Web site could be temporarily shut down. But don’t panic.

‘The urgency of getting it done now is low, but the urgency of getting it started is high, especially if you run your Web site from the same domain,” says Elaine O’Gorman, vice president for marketing at e-mail marketing services firm Silverpop.

Hotmail has 40 million registered users worldwide. Thus, Sender ID will thus “determine deliverability for a significant number of mailboxes, especially B-to-C,” O’Gorman adds.

Essentially, Sender ID matches the IP address that a message comes from against published records of a mailer’s servers. The platform requires that “your Internet record be updated with a special field that indicates the IP address,” O’Gorman explains.

But that can be tricky if you’re “sending the newsletter from your company and it also has a major e-commerce site.” Mess up, and it can “impact the entire domain and take down the entire e-commerce site,” she warns.

What can you do? One thing is to start complying now, and make sure you have your IT department on board, although that can be difficult. Fortunately, there’s no real cost unless you make a mistake.

Another option is to have your e-mail service vendor send your e-mail, using the vendor’s domain name in your from line. If you use Silverpop for this, for example, this would mean that your newsletter name would be followed by @message1.com.

Large outfits like Home Depot and Delta Airlines do it themselves to maintain their brand equity. But many firms might benefit from the vendor taking on the responsibility and the risk.

And why is Microsoft going to this trouble? Ostensibly, it is to fight spam, but spam is only part of the problem, according to Craig Spiezle, Microsoft’s director of technology care and strategy.

“We need to reinforce confidence in electronic messaging and e-commerce,” he said last week during the E-mail Authentication Summit in New York. “And even businesses that don’t want to do e-mail marketing need to protect their brand and their domain.”

Spiezle cited June Gartner Group findings showing that more than 80% of online users say phishing reports have damaged their confidence in e-mail from companies they don’t know. Forty-two percent said news of those attacks has affected their online shopping behavior, and 28% cited an influence in their online banking behavior.

One of the design goals of Sender ID, according to Spiezle, is to get an authentication toll into the market quickly. “Exploits and phishing attacks are rising exponentially,” he said. “We really need something that can get out there quickly.” By itself, no e-mail authentication system will halt spam; in fact, spammers have been some of the earliest adopters of Sender ID, publishing the IP addresses from which their servers operate. “That’s fine,” Spiezle said. “Now we know where they live.” But he added that confirming the identity of a sender was a necessary first step to building a mailing reputation based on that sender’s past behavior.

As an authentication standard, Sender ID adoption has suffered from the fact that Microsoft has applied for some patents on the technology used for checking IP addresses against records and may be in the position to license its use by ESPs, ISPs and corporate e-mail receivers. “In the likely event that Microsoft is granted patents on these components, we will offer the license royalty-free to anyone who wants it, now and forever,” Spiezle assured the audience.

Since mid-2004, Sender ID has been contending for users with another authentication standard put forward by an industry group including Yahoo!, Cisco Systems and IBM. This method, in development since August 2004 and now called DomainKeys Identified Mail (DKIM), uses encrypted keys to verify that mail indeed is coming from the domain it claims to. The proponents of that standard sent it to the International Engineering Task Force last week, and it will probably be considered at the IETF’s annual meeting in Paris at the end of this month.

But DKIM is not ready for deployment now, although it has been in test with both Cisco and Sendmail. Meanwhile, e-marketers will need to start armoring themselves against phishing and fraudulent e-mails very soon, according to Microsoft. “The holiday shopping season is approaching, and that means the phishing season is too,” said John Tafoya, program manager for MSN Hotmail.

What should you do in the meantime? Start on an action list.

“It can be complex to adhere to the standard,” O’Gorman says. “Think about it now and not in November.”