Another View on Email Authentication
By George Bilbrey
In an Email Insider column last week, Chad White wrote about the adoption of authentication processes and gave what we believe is a false impression that authentication is a sort-of annoying task that belongs down in the IT basement.
We believe authentication is something that should be front and center on the mind of every marketing executive. While they don’t need to know every technical detail, they should understand what it is and be able to ask intelligent questions of the IT folks so they can make sure the standards are being implemented.
In reporting that 43% of legitimate email volume is certified by Sender ID (a stat from Microsoft) and 48% of retailers have implemented DomainKeys, Chad sees the glass as half-full – most people authenticate, so let’s just get past this already.
We hate to be the pessimists here, but this glass looks a little more than half empty to us:
- It’s fine that half of retailers use DomainKeys, but our data would indicate a lower overall incidence of signing with DomainKeys. Data from our reputation network (over 65 million mailboxes reporting) reveals that less than 25% of messages (and far less than 25% of mailers) appear to be authenticating with DomainKeys. This seems to be a very low number, especially since the DMA mandates authentication for all its members (we’re still putting together numbers on other authentication techniques).
- Our data would also indicate that a large number of mailers are only signing or authenticating their marketing domains – leaving their brands very much open to phishing attacks.
In email, as in life, it is very rare for something to come along that is straightforward, low-cost and almost assured to improve your situation. Authenticating your email (establishing Sender ID/SPF records and implementing DomainKeys) is something every legitimate commercial emailer should do immediately for their commercial and corporate mail streams. Email authentication is a win-win-win for ISPs, senders and consumers. Here are just a few of the benefits:
- It helps ISPs by ferreting out spoofing and phishing. (Just ask a marketer whose brand has been phished – or a consumer who’s been duped by increasingly sophisticated scam emails — and you’ll understand why this matters.).
- In some, limited ways it improves delivery rates. However, this is currently the exception rather than the rule. Since spammers can, and do, authenticate ISPs can’t completely rely on authentication for filtering. Reputation still counts.
- It helps consumers feel more confident that they are getting the email they want without fear of phishing, spoofing and viruses.
- Broad-scale authentication will allow for the creation of robust domain-based reputation systems and “reputation portability.” (Wouldn’t it be nice to send mail from a new IP address without getting throttled by ISPs because you are starting from scratch with your reputation?)
Authenticating your email is not terribly difficult – though it does require a little organization. Implementing Sender ID and SPF only requires a change to the domain’s DNS record. Most commercial and open source mail servers (MTAs) support DomainKeys. Need help? Check out our step-by-step guide to authentication.
It may be fair to equate authentication with blocking and tackling – not the most exciting stuff. But you’ve got to be great at those skills if you’re going to have any chance of scoring a touchdown.
About George Bilbrey
George Bilbrey is the founder of the industry’s first deliverability service provider, Assurance Systems, which merged with Return Path in 2003. He is a recognized expert on the subjects of email reputation and deliverability and is active in many industry organizations, including the Messaging Anti-Abuse Working Group (MAAWG) and the Online Trust Alliance (OTA). In his role as president of Return Path George is the driving force behind the ongoing innovation of our products and services. Prior to Return Path, George served as Director of Product Management at Worldprints.com and as a partner in the telecommunications group at Mercer Management Consulting. He holds a B.A. in economics from Duke University, and an MBA from the Kenan-Flagler School of Business, University of North Carolina.