To Prevent a PR Nightmare, Apply E-mail Authentication
by Andrew O'Halloran, Chief Privacy Officer
This is a short article that I published in Direct Magazine.Anytime you plan to take an international flight, the one thing you don’t want to forget is your passport.
You know the drill. The airline representative or scanner reads your passport and confirms your identity (Yes, this is Bob Smith booked on flight 123). When you arrive at your destination, the customs agent uses your passport to again identify you as the authentic person and then determines whether you should be authorized to enter the country. Assuming that nothing of concern pops up on the screen, you are waived through to enjoy your stay in the foreign country.
But if you forget your passport or absentmindedly bring your spouse’s instead, a whole different scenario plays out, with you missing your flight. The key point is that the process is linear: authentication (identity) followed by authorization. The same is true in the world of e-mail.
But e-mail authentication is implemented quite differently. To wit:
* In the travel world, the passport is standard across countries as identification. In the e-mail world there are more options: DomainKeys Identified Mail (DKIM), SenderID, and Sender Policy Framework (SPF).
* In the travel world, you personally are involved in the authentication process. In the e-mail world, it is the servers in between sender and recipient that are involved in the authentication process.
* In the travel world, the passport determines in a binary way your authorization. In the e-mail world, your successful authentication (or not) can have severe impact on your deliverability authorization.
*In the travel world, you are asked for your passport in all international directions of your travel. In the e-mail world, you have the option to apply e-mail authentication to the e-mails you send, the e-mails you receive from the outside world, or both.
While you do need your passport to travel internationally, you don’t necessarily need to be using e-mail authentication to send or receive e-mails. That’s because the Internet leaves it to the individual sender, Internet service provider, or company private network to apply screening and authentication technology.
In an ideal world, everyone would use e-mail authentication. But they don’t. There is no “customs” agency or other standards body to force everyone to authenticate.
Then why bother with e-mail authentication?
The short answer is spam.
Unless you take the necessary steps, there is nothing to stop Spammer Joe from sending out his next batch of spam e-mails using your company domain name as a front. The most likely consequence is that recipients may be fooled and really believe that your company sent these messages. Talk about a public relations nightmare.
The whole issue could be avoided completely if you had set up proper e-mail authentication. Then, had Spammer Joe tried to send a message using YourCompany.com, a receiving ISP would see that Joe’s Internet protocol (IP) address was not authorized to send messages for your domain. Appropriate action—such as blocking the messages, flagging them as dangerous to the recipient, or filtering them to the spam folder—could be taken. Ultimately, e-mail authentication minimizes abuse of your domain and brand.
E-mail authentication also helps you deliver legitimate messages, because the e-mail ecosystem is based on trust and reputation. Here is an example how it can play out at the ISPs and other receivers you are sending to, especially the larger ones. Just for starters, the mere fact that you have set up e-mail authentication and the receiver can identify you may reduce the content filtering taken on your messages. Botnets and similar spam networks, by virtue of their network architecture, have difficulty setting up e-mail authentication.
Even better, if you have been using authentication for a while and the antispam reputation system has a (positive) history for you as a sender, then you can benefit and have more of your messages delivered to the inbox. False positives are a major concern for ISPs and receivers, and the last consequence they want taken is to block and filter messages from good senders. A positive domain reputation, confirmed through e-mail authentication, also may benefit you as a sender should you change the IP addresses you are sending from, allowing the receiver to quickly identify you and warm up your IP reputation quickly.
And don’t forget: E-mail authentication ties closely into the experience your subscribers have with your e-mail message. Recipients will likely be presented with different view options related to the successful (or unsuccessful) authentication of your message. Opening a message may 1) display the full content including images, 2) require the recipient to take an added step to “show content,” or 3) if authentication fails, flag your message as dangerous.
Each day that goes by that you are not using e-mail authentication is one more day of opportunity for Spammer Joe. So take control your brand, reputation, and deliverability by implementing your internet passport.
Are you worried about email authentication? Then let Cypra Media figure it out and do your email marketing for you! Find out how easy and affordable our services are.
Or contact Cypra today for a free consultation and email marketing assessment.