Future of deliverability: 2. The role of authentication
Latest posts | Feed | | By Mark Brownlow
[Be sure to read Part 1 of this series: User interaction]OK, hands up if you don't understand how email authentication works.
(This is where I sincerely hope I'm not the only one holding my hand up).
The good news is you probably don't have to understand it. But your email marketing service or IT technicians should know how it works because your emails and/or email system need to support the authentication process. Here's why...
Authentication is not a deliverability solution, but...
A simplified definition of authentication is that it's the process by which the alleged identity of the sender of an email can be verified. It requires action at both the sending and receiving end of the email delivery process.
Senders must modify some technical domain records and (depending on the type of authentication) also modify the information sent along with emails so that receivers can run appropriate verification checks.
Interest in authentication comes from a need for more accountability in email. You can see immediately how verifying sender identities helps the battle against, for example, phishing.
If an email purports to come from PayPal.com, but cannot be authenticated, then organizations managing incoming email can tag it as suspicious or block it.
Only PayPal can properly authenticate their outgoing email as "from PayPal" because only they have access to the appropriate domain records etc.
Authentication lets us check if mail claiming to be from BigBrand.com really is from BigBrand.com.
But it says very little about the value of BigBrand.com's emails and whether those emails deserve delivery to the inbox.
So authentication can help stop people claiming your identity (phishing) but authenticating your email doesn't magically increase your delivery rates.
As George Bilbrey (President) and Tom Sather (Professional Services Director) of Return Path point out:
"Authentication is not about deliverability and that was never the intention. It's about phishing and spoofing. The intention was never to hurt (or help) deliverability."
So what's authentication doing in a deliverability post?
The use of authentication does have indirect impacts on your ability to get email delivered.
As Deirdre Baird, President & CEO of Pivotal Veracity puts it:
"It's very important to authenticate...not being authenticated doesn't necessarily hurt you, but being authenticated provides additional benefits that can help deliverability..."
So much so, in fact, that Chris Wheeler, Director of Deliverability at Bronto adds:
"In this day and age and with large-scale adoption at major ISPs, not having authentication is something you cannot get away with any longer."
There is already talk of authentication having a direct benefit to spam filter scores. And some email address providers are already flagging non-authenticated email with warnings.
Such warnings affect deliverability because trust is an important factor in determining how a subscriber interacts with your email. Remember, positive (clicks) and negative ("report as spam") interactions with your email play an increasing role in determining your future delivery success.
In Germany, Web.de and GMX webmail services now display "trusted" and brand icons next to authenticated email from selected senders. Gmail has begun something similar.
Suddenly, authentication starts becoming very interesting in terms of trust and brand building.
As it stands, though, the three main benefits of authentication for marketers are: brand protection, access to delivery resources and sender reputation.
1. Authentication helps protect your brand
Accountable email helps protect you and your customers from criminals attempting to send emails that pretend to be from your brand.
Bilbrey and Sather note that authentication as brand protection should be a top priority, and not just for big companies:
"If companies think they don't get phished or spoofed they are mistaken. Through the Return Path Reputation Data Network we get data on millions of messages coming from ISPs every day. And a shockingly high number of those messages are phishing and spoofing attacks."
"Companies are being spoofed and phished all the time. This is true even of relatively small, lesser-known brands. Authentication can limit the damage."
Wheeler adds:
"Brand affinity is put at risk when the potential fallout from spammers and phishers is substantial. Authentication helps avoid this."
2. Authentication enables access to information and services
Some ISPs require senders to authenticate email before they will provide a lot of courtesy delivery data. Jeremy Saibil, Director of Deliverability at Campaigner, says:
"...if you are not signing Yahoo-destined mail with DomainKeys (DK) or DomainKeys Identified Mail (DKIM) authentication then you are unable to participate in the Yahoo Feedback Loop. DK/DKIM signing is also a requirement for Gmail's new unsubscribe/complaint reporting function."
Feedback loop data lets you remove complainers from your list and provides critical information on how recipients are reacting to your different emails. According to Saibil, if you don't get access to this data, you "...are missing a HUGE piece of the puzzle required to judge the effectiveness of your campaigns."
And he concludes:
"I suspect every piece of informational candy ISPs will share with email marketers moving forward will have an authentication requirement."
3. Authentication supports the next phase of sender reputation
Perhaps the biggest delivery influence of authentication in the future will be in support for domain-based sender reputation.
In the ideal email world, those managing incoming email could build up a behavioral history for specific senders (e.g. BigBrand.com), and judge their emails accordingly. You would have a reputation associated with your domain name.
This is good for receivers and good for you, since your reputation is more directly linked to your actions and its independent of the location (IP address) from which your emails are sent.
[Hint: Part 3 will look at the dawn of domain-based reputation in more detail.]
Clearly, this kind of reputation system depends on authentication. Receivers can only use domain-based reputation if they can be sure of the provenance of the email. As Baird puts it:
"Authentication is a pre-requisite for taking advantage of domain-level reputation at major ISPs."
So what authentication standard should you implement?
Of course, there is more than one way to authenticate your email. Historically, the main standards are:
Sender Policy Framework (SPF) and Sender ID
DomainKeys and DomainKeys Identified Mail (DKIM)
Which do you go for?
SPF/Sender ID are relatively easy to implement and important for Microsoft webmail properties. But DKIM is emerging as the real must-have standard. Saibil says:
"DKIM in particular is the authentication standard that is really going to matter moving forward..."
To learn more about DKIM, see these articles:
- Searching for Truth in DKIM by J.D.Falk
- DKIM: Not Shiny, But Very Important, also by J.D.Falk
- How hard is it to deploy DKIM? by John Levine
- What do you want out of DKIM? by Al Iverson
- DomainKeys Identified Mail (DKIM) Grows Significantly by Jim Fenton
- DKIM: what it's not by Laura Atkins
- Determining the DKIM Value Proposition by Dennis Dayman
- Franck Martin on the Future of DKIM and Domain-Based Reputation, also posted by Dennis Dayman
Should you panic if you're not authenticated?
Not for the moment. Bilbrey and Sather tell us:
"As it stands today, authentication is at barely 50%. If ISPs started blocking all unauthenticated mail the false positive rate would sky rocket."
But all our experts advise ensuring authentication ASAP. As Baird states (with my emphasis):
"As ISPs continue to evolve their filtering mechanisms, authentication will play an even more important role in determining the good actors from the bad actors. By setting up email authentication on your mailing domains and IPs you are building a reputation history for the future."
Part 3: domain-based reputation
More on deliverability
[This post brought to you by Campaigner Email Marketing]
Permalink | October 21, 2009 | 0 comment(s)
Get posts like this: as an RSS feed | biweekly email | via Twitter
Permalink | October 21, 2009 | 0 comment(s)
Get posts like this: as an RSS feed | biweekly email | via Twitter
Sign-up for the Email Marketing Reports NEWSLETTER
Twice a month, free, packed with email marketing advice and all the posts from this blog.
Twice a month, free, packed with email marketing advice and all the posts from this blog.
0 Comments:
Comments closed during migration to a new blog platform in early May
