Email and Social Marketing Tips | Pinpointe Blog

At Pinpointe, we’ve been using DKIM and SPF for nearly a year for our customers – at no extra charge. 

 If you want to know more about which ISP’s are presently using Authentication and/or Authorization to verify the validity of your email (and thereby decide whether to deliver your email or possibly drop it into Ethertrash) – you can download the full table a the ESPC Coalition site here:

A brief summary is included below:

If you want to learn more about DKIM Authentication or SPF Authorization – two steps you should be taking to improve your email delivery, check out our other Blog entries:

http://www.pinpointe.com/blog/deploying-dkim-authentication-in-4-simple-steps

http://www.pinpointe.com/blog/install-an-spf-record-to-improve-email-delivery

DKIM is an email ‘authentication’ method that organizations and ESPs like Pinpointe use to verify to the recipient that the email is coming from a valid email server, and is not being ’spoofed’ by a spammer.

In an interview, Mark Risher, the anti-abuse product manager for Yahoo Mail gives his perspective on how important DKIM signing is:

“I would describe it as profound. As we’re crossing the tipping point of this technology, we will see even small senders like a small bicycle shop sending out a newsletter using DKIM. It’s really moving us to a much better, more responsible, easier-to-manage network. As the receiver protecting the largest number of user in-boxes, there are messages we want and there are messages that we don’t want…”

We cover an explanation of DKIM Email Authentication in our blog entry DKIM Email Authentication.  Here we’ll summarize some the top advantages and disadvantages.

DKIM Authentication – Advantages

If you have a very large list, your campaigns are more likely to get blocked or “throttled” by major ISPs like AOL, Yahoo, Hotmail, and Gmail. However, if you are using DKIM authentication, (or if your ESP is doing DKIM signing), the throttling limits are often raised by some domains.

Potentially less stringent SPAM filtering. If you send marketing messages, email firewalls can be harsh when they scan your content. For example, if you have a large number of email subscribers that are all in the same domain, then sending a campaign to that list is going to look like a wave of spam. Again, authentication (and maybe some email certification) may smooth things out a bit.

Not too long ago, Bellsouth started blocking HTML emails randomly (no idea why – perhaps a Bellsouth employee can enlighten us?) Interestingly, since Pinpointe authenticates all of our customers’ emails by default, our emails seemed to get through just fine.

One thing to keep in mind however is that authentication (and authorization) do not give you a free license to start creating and sending spammy, low value email content. Your content is still going to get filtered. Authentication and authorization help receiving systems to know, with absolute assurance, that you are who you say you are.

DKIM Authentication – Disadvantages

Authentication has a few minor drawbacks worth noting. These are relatively minor and only occur in edge cases, but for full disclosure – here are the downsides:

If you are using an ESP who is doing DKIM signing, you “might” see this scenario. Depending on the email software being used by the recipient, your email may be displayed to some recipients as follows:

Sent from mail.pinpointe.com on behalf of john@yourcompany.com

For most people, that’s not a big deal – but the receiving email might be displayed like this.

Authenticated emails can occasionally get rejected by mobile devices if the email is forwarded. Here’s the scenario. You send an authenticated email to your customer account. The message’s authentication says, “this message is only authentic if it came from Pinpointe Server [server-name],” but the recipient forwards the message from his company account to his Blackberry. The Blackberry server receives your message, but since it was forwarded from your recipient’s company server, it appears to be a forgery when they read the authentication instructions.

The bottom line is this: if you have a big list (tens of thousands), you should be working with your ESP to do authentication and authorization to help improve email delivery. If your list is relatively small (in the hundreds) then you probably don’t need it yet – but start getting yourself educated on the topic. 

DKIM is an emerging e-mail authentication standard supported by Yahoo, Google and others ISPs, as well as a growing number of Email Service Providers like Pinpointe and that was developed by the Internet Engineering Task Force. DKIM allows an organization to cryptographically sign outgoing e-mail to verify that it sent the message.  Deploying DKIM for your company is pretty straightforward. If you are managing all of your own email servers and outbound email, including sales, marketing and transactional emails, there are 4 steps.  If you are using an ESP like Pinpointe- there are 2 very simple steps that take about 10 minutes.  Here’s the rundown.

Configuring DKIM (Companies Managing their Own MTAs)

A company needs to take 4 steps to deploy the emerging DomainKeys Identified Mail (DKIM) standard:

Step #1:
Figure out all the domains that are allowed to send outbound mail on its behalf. Often this includes multiple corporate domains as well as third-party e-mail Service Providers (like Pinpointe). This is often the hardest step – especially for large organizations.

Read the rest of this entry »

Email authentication is a way to say, “This email is from Pinpointe’s servers, but it’s being sent on behalf of me, so you can trust it.” It basically prevents your email from looking spoofed (like a forgery).  DKIM is the e-mail authentication standard developed by the Internet Engineering Task Force to address one of the Internet’s biggest threats: e-mail fraud.  As much as 80% of e-mail from leading brands, banks and ISPs is spoofed, at least according to the Online Trust Alliance (www.otalliance.org). DKIM is an important step in rebuilding consumer confidence in e-mail, because DKIM makes it hard (i.e., almost impossible) for evil, fraudulent spammers to send emails where they pretend to be someone else – like your bank – asking you to update your account information. Email protocols (like SMTP) do not include Authentication support, so a recipient of a message has no confidence that the message they are receiving is from whom it claims to be from. DKIM is a way to permit a receiver of a message to validate that a message is, in fact, from whom it claims to be from.

DKIM, which stands for “Domain Keys Identified Mail”, lets an organization insert a cryptographic signature on outbound e-mail and associate that signature with its domain name. The signature travels with the e-mail regardless of its path across the Internet. The recipient of the e-mail can use the signature to validate that the message came from the organization’s domain name. (If you’re a Pinpointe customer – you don’t have to worry – by default we use DKIM signing for all of your emails). DKIM won’t eliminate e-mail fraud altogether, but it will help companies that are targets of phishing scams to give their customers a way of ensuring they sent a particular message.

DKIM is a merger of two protocols: DomainKeys, which was created by Yahoo, and Identified Internet Mail, which was created by Cisco. These companies along with other ESP’s and ISPs work with the IETF’s DKIM working group on technical specifications.  DKIM has been under development since 2004 and it’s finally reaching a critical mass: we expect to see Enterprises implement DKIM through 2009-’10.

DKIM Usage will Boom in 2009-10

DKIM adoption is accelerating, especially among banks, mortgage companies and insurance companies. It’s pretty easy for a corporation to go out and deploy DKIM because there are now enough commercial products that have DKIM support, and many Email Service providers (“ESP”s), like Pinpointe are now supporting DKIM authentication. Now that the standards are complete and compliant products are readily available, many enterprises will implement DKIM in their email systems in 2009. In order to ensure your emails are not blocked by these domains, you’ll want to ensure your emails are being sent with DKIM enabled.

If you want to learn more, we cover authentication and authorization (DKIM and SPF) in our recent Webinar: Email Marketing 201: Advanced Email Delivery Topics.  Here are a few examples validating that DKIM  is quickly gaining critical mass:

• BITS, a group of 100 of the largest U.S. financial institutions, last year recommended that its members adopt DKIM by October 2008. The fact that 100 large financial institutions are throwing their weight behind a standard together is going to help drive rapid DKIM adoption.
• BITS also recommends either Sender ID Framework (SIDF) or Sender Policy Framework (SPF) to validate that a received e-mail originates from an authorized mail server within a particular domain. (Read our Blog Tutorial on setting your SPF record correctly.)
• ISPs are adopting DKIM because they want to protect their customers against spam and phishing scams. E-mail senders are tying to protect their brands, identities and customers from phishing scams.
• Ebay, PayPal and banks in general have always attracted fraudsters and “phishers”, so PayPal and eBay are signing their e-mails with DKIM to battle what are called Phishing attacks. [link] Yahoo will block e-mails claiming to be sent by eBay and PayPal that haven’t been signed through DKIM.

You know those annoying emails that pretend to be from PayPal, EBay or the local bank, asking you to login to your account and validate your password or other credentials? Those are “phishing” attacks – you’ve officially been “phished”.

According to Wikipedia:  “Phishing is the criminally fraudulent process attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication. Phishing is typically done via email or instant messaging and directs you to enter details at a fake website that usually is almost identical to the legitimate one.

Read more about phishing on Wikipedia.org

We often get the question: “How do I know if my company is on a SPAM Blacklist?” Followed by “If my company is on a SPAM blacklist, how the heck do we get unlisted?

There are several hundred SPAM blacklists but luckily, there are a few tools that can help you check most of them quickly. We’ve included here a handy reference with the sites that you can use to check your blacklist status. We’ve also highlighted one or two of the more prominent SPAM blacklists.

What you need to know to check Blacklist status

Read the rest of this entry »