There has been a lot of talk lately about email authentication, due in part to last month's Authentication and Online Trust Summit held in Boston. The Summit was a great opportunity to learn about the state of email authentication. That being said, this month's article is more of a "why to" than a "how to."
One of the main challenges to email authentication adoption is that many marketers don't really understand what it is or why they should care about it. You don't want to be in that group, because email authentication can help protect your brand and get more of your mail to your customers. In order to get you up to speed, this article will give a quick overview of the various types of authentication, answer common questions often posed by marketers, and explain why you should care about any of it.
Email authentication comes in two flavors
There are two forms of authentication that are being used today: IP/Path-based and Cryptographic. SPF and Sender ID are the most common IP/Path-based methods. These authentication methods validate the origin of the email by verifying the sender's IP address against the owner of the domain. They look more to where the message came from while cryptographic solutions focus more on who the sender claims to be. Cryptographic technologies, such as Domain Keys and DKIM (Domain Keys Identified Mail), rely on a secure key that attaches a digital signature to all outgoing email so recipients can verify that the message came from the source indicated.
At the Summit, there were a number of presentations that talked about the adoption of these technologies and what it means to senders. According to a presentation by Harry Katz, more than 43 percent of all legitimate email being sent today includes SPF or Sender ID records, with close to 85 percent of all Fortune 500 companies following suit.
While Domain Keys has not been around as long as SPF and Sender ID, the adoption of this technology continues to grow. Also, the DKIM standard has recently been approved by the Internet Engineering Task Force (IETF), which will only increase adoption and potential migration from Domain Keys to DKIM.
What's stopping you?
So if your company is not using these technologies, what is stopping you?
Not sure which solution you should use? Use both. Various ISPs are using either one or both of these technologies to determine a sender's reputation. Because these technologies are complementary, you'll have better results using them together.
You think it is just an IT issue and it doesn't really affect your brand? If you're like many marketers, you probably think of email authentication as a technical item; however, it should be seen as a critical component of safeguarding your company's identity. These solutions can have a profound impact on how your brand and reputation are perceived by the ISPs. The ISPs tie your brand to the reputation of your emailing practices, and authentication is a big part of that.
Your IT department tells you that it doesn't have time and doesn't see any benefit from it? You must realize that email is moving away from content filtering, that most ISPs are filtering based on reputation, and that one of the most important factors of reputation is whether email is authenticated.
You are not sure of the short-term benefits? Many of the larger ISPs are starting to use these authentication methods as a way to determine what they do with your email and more. Some ISPs will enable you to bypass certain filters when using these methods, while others will suppress images if you are not. Others require it as the way to sign up for their feedback loop process.
You are not sure of the long-term benefits? Along with the potential for increased inbox delivery, rendered images and better list hygiene, these solutions will also enable you to migrate systems in the future with fewer issues. One of the key benefits of Domain Keys and DKIM is that your reputation is aligned with your domain, so even if you decide to change providers or bring your email systems in-house, your reputation stays with you. As more ISPs start checking for DKIM, the easier the transition will be.
Do's and don'ts for getting started
Now that you know the reasons to start using these authentication methods, here are some do's and don'ts to help you along the way:
- Make sure your hosting facility can support authentication records
- Build time for testing and rollout into your game plan
- Avoid typos (syntax) and formatting errors
- Make sure your records say what you want them to
- Don't under-authenticate (inventory your systems to find out who sends email)
- Don't over-authenticate (publish records only for servers that send email)
- Include email service providers and others who send email on your behalf
- Check authentication records when making network or email program changes
Remember, as the amount of email increases, the ISPs will continually change how they look at your mail. Make sure to support these authentication solutions and keep your eyes out for the next method to come out to help fight spam. We are all in this together, so let's help where we can. Supporting both types of email authentication is a good start.
Spencer Kollas is director of delivery services, StrongMail Systems. Read full bio.
