Close
Join 237,000 weekly readers and receive practical marketing advice for FREE.
MarketingSherpa's Case Studies, New Research Data, How-tos, Interviews and Articles

Enter your email below to join thousands of marketers and get FREE weekly newsletters with practical Case Studies, research and training, as well as MarketingSherpa updates and promotions.

 

Please refer to our Privacy Policy and About Us page for contact details.

No thanks, take me to MarketingSherpa

First Name:
Last Name:
Email:
Text HTML
Join Our Research Team at DMA 2014
Apr 24, 2007
Event Wrap-up

Authentication Summit Notes: Top 13 Takeaways + Image-Rendering Tips

SUMMARY: 400 email marketing professionals gathered in Boston’s historic Back Bay neighborhood for last week's third annual Authentication and Online Trust Alliance summit.

There was plenty of good news and not-so-good news as Microsoft, AOL, GoDaddy.com, Iron Port, Datran Media and others grappled with deliverability, blacklists and reputation issues. On the sunny side, important tactics and best practices by and for the industry are taking hold.

Includes image-rendering tips, 13 takeaways and a multitude of industry links.
In session after session at last week’s Authentication and Online Trust Alliance (AOTA) Summit, speakers used automobile analogies to simplify the uber-granular topic of email security. Best practices were called “seat belts.” Authentication standards, such as Sender ID, Sender Policy Framework (SPF) records and DomainKeys Identified Mail (DKIM), can now be to your ecommerce “engine” what emissions tests are to your car (see hotlinks below for definitions).

“Who you are is more important than what you are mailing,” says George Bilbrey, VP & GM, Delivery Assurance Solutions, Return Path. “Today, reputation is the major determinant if your email is getting delivered or not.”

Buzz in the Halls
o Get ready to test deliverability issues against the emerging Windows Live -- it won’t be long before all Hotmail users are transitioned over.

o About half of the domain names sending email to Hotmail/MSN/Windows Live are from domain names “we’ve never heard of,” says John Scarrow, GM, Technology Care and Safety Group, Microsoft.

o Microsoft (lead sponsor of the Summit) says Sender ID adoption has tripled in the past year, with more than 8 million domains using its protocol. GoDaddy.com says more than 50,000 of its domain name system (DNS) customers are Sender ID compliant.

o Comcast promises to have a feedback loop by the end of the calendar year. “In the meantime, call us and we’ll give you the feedback,” says Jay Opperman, Director Privacy & Security.

o As if it’s not enough for the government to monitor the sector, there’s also the whims of the ISPs that the industry seems unable to adequately confront. “It’s not that the trade organizations aren’t doing anything, but I don’t think marketers have a loud enough voice,” says Neil Bibbins, Compliance Director/Marketing Data Analyst, Auto Revenue. “I don’t think it’s fair that companies can enforce policy simply because of their market shares. In fact, I find it unnerving.”

o Missing from the conference: Yahoo!, which, along with AOL and MSN Hotmail, make up the big three email providers. It would have been nice to get some kind of word on the likelihood of whether Yahoo! is moving toward shutting images off by default in all its inboxes, which was the scuttlebutt last week. “While it’s not surprising that Yahoo! wouldn’t want to endorse Microsoft’s show, it’s easy to see it as a bit political at the same time,” said one direct marketing manager.

(Note to burgeoning Gmail: more needs to be heard from you on deliverability issues as well …)

Finding Solutions - a Community Effort
Although Microsoft, AOL, Comcast and reputation management providers, such as Datran Media, StrongMail and Lashback, tried to exude a “We Are Family” vibe, it wasn’t all handshakes and hugs. Throughout the course of the summit, an occasional hiss could be heard after a comment from one of the powers-that-be or service providers. Simply put, marketers are tired of the rules changing.

“We don’t have all of the answers,” conceded AOL Postmaster Charles Stiles. In between speeches, Stiles offered this tidbit: “Most complaints [at AOL accounts] happen within the first few hours of a campaign, and then they dramatically drop off from there. This at least tells us that people usually see your email right away.”

Still, authentication gets you only partway to the inbox -- your content (including relevancy) or a bad reputation may still *junk* your messages. What’s frustrating is that the major ISPs cannot (or will not) disseminate deliverability tips specific to their brand because they think it will fuel the fire for spammers -- who are now masking themselves as legitimate mailers in a variety of fashions.

In presentations and Q&As, everyone clearly communicated that tackling spam, phishing, spoofing, deliverability and consumer distrust needs to be a communitywide, grassroots effort. Thankfully, the responsibilities are spreading. It’s no longer just a marketer’s issue -- ISPs, ESPs and domain registars are increasingly interested in meeting the cyber-pandemic head-on.

Image Rendering Concerns
Unfortunately, no silver bullets were given about how to sidestep the image rendering problems that all marketers are having with nearly every ISP. “You can test and test, but you don’t know exactly how each image will render in each [inbox],” says Jared Blank, VP, Client Solutions, Epsilon. “Email is not about looking beautiful -- it’s about getting read.”

Blank and others had this advice on the topic:

- From the moment visitors sign up, educate them about how you will send images and what they need to do to receive them. (While you are at it, tell them how to add your domain name to their address book.)
- Design campaigns for image-blocking accounts. Use descriptive copy around where the images are supposed to give the recipient a good reason to click the display button.
- Make sure your offer is above the fold, which might give them another reason to enable images. This should cut down on deletes (and complaints, too).
- Longtime Sherpa readers will recognize this one: let recipients sign up for text-only messages.

Holding Spammers Accountable
Spammers are starting to use SPF records and other authentications to hide their actions. However, this is good news “because reputation can be applied” to them, says Pat Peterson, VP, Technology, Iron Port.

It’s also clear that legitimate emarketers are no longer held accountable for spam. Multiple current and former governmental speakers confirmed that the general public is starting to understand that botnets, zombies and organized crime are behind most CAN-SPAM violations these days.

“There is not enough working together between domain [name] registars and reputation management providers,” says Warren Adelman, President/COO, GoDaddy.com. “What are we going to do? In the months ahead, I think we’ll see conversations unfold to leverage the information we have to work with -- with this group of leaders -- to provide a better experience going forward.”

Top Takeaways: A Baker’s Dozen
#1. SPF records and Sender IDs aren't just for email marketers. Big-name companies who don't use email need to protect their brands and be on the record to combat spoofers, says Josh Baer, Chief Technology Officer, Datran Media. “The net of setting up your Sender ID right is a plus and not a negative.”

#2. If you switch ESPs, take the necessary steps to transfer your authentication records with the new provider.

#3. No two spam filters are alike, so you have to test and test against ALL of them as much as possible.

#4. You can protect your domain from being spoofed with proper SPF record filing.

#5. Publish a SPF record to a DNS that supports “txt” records. This type of protection will cover more ground.

#6. ESPs that send under dealer domains (for instance, car dealerships) need the dealers to publish individual SPF records to correctly track each business’s reputation.

#7. Give a staff member the title of Reputation Manager, who will ensure that your firm is signed up for feedback loops and not showing up on blacklists.

#8. Be on top of reputation management for both transactional and marketing emails if they are segregated and/or mixed.

#9. Including a list-unsubscribe header in your emails will reduce complaints and improve deliverability. (See hotlink below for more info.)

#10. Your complaint rate should never exceed your unsubscribes for a campaign. If it does, you need to re-evaluate what you are doing.

#11. Look for a vendor who will mentor your company on reputation/delivery –- not just a rudimentary service provider.

#12. Expect some initial hits to your goals before achieving success on all the major deliverability fronts.

#13. Include marketing and IT people in meetings so everyone is on the same page. Greg Tseng, CEO Tagged Inc., allocates three to five weekly man-hours for deliverability issues, including a weekly one-hour teleconference with his ESP vendor.


Useful links related to this article

SPF information site:
http://www.openspf.org/


Microsoft’s SPF tips and download site:
http://www.microsoft.com/downloads/details.aspx?familyi
=B7CE1CAC-D884-4216-82FE-379F875663FF&displaylang=en#Instructions


List-Unsubscribe.com, a very helpful learning tool:
http://www.list-unsubscribe.com/


Learn about DKIM:
http://email.about.com/od/understandingspamfilters/g/dk
m.htm


AOTA presentation about DKIM given by Jon Callas, CTO, PGP Corp., and Jim Fenton, Engineer, Cisco:
http://www.aotalliance.org/summit2007/2007_presents/301
DKIM.pdf


IP spoofing:
http://www.webopedia.com/TERM/I/IP_spoofing.html


For more information on spoofing, check out expert Deb Shinder's free online resource:
http://www.windowsecurity.com/articles/Email-Spoofing.h
ml?printversion



Definition of Sender ID:
http://en.wikipedia.org/wiki/Sender_ID


Microsoft Program Manager Henry Katz's overview of the Sender ID Framework from AOTA:
http://www.aotalliance.org/summit2007/2007_presents/201
SIDF.pdf


Microsoft's Sender ID/SPF info and signup pages:
http://www.sign-up.to/html/total_support/resources/send
r_id_spf.htm


Epsilon's Jared Blank and AOL's Charles Stiles' slide show on image suppression from AOTA:
http://www.aotalliance.org/summit2007/2007_presents/503
image_surpressionx.pdf


AOL Postmaster site:
http://www.postmaster.aol.com/


MSN Windows Live/Hotmail postmaster site:
http://postmaster.msn.com/


Comcast help for marketers:
http://www.comcastsupport.com


See Also:

Comments about this Event Wrap-up

Apr 25, 2007 - Mario Vellandi of Melodies in Marketing says:
Thanks for the wonderful tips. This has been one of the most valuable email marketing posts ever. I think there's a lot of ways we can creatively design copy that will effectively convey the message without necessarily having graphics. Graphics can help of course, if they are contributing to the core message. Otherwise they're either unnecessary filler or advertisements.


Apr 25, 2007 - Douglas Otis of Trend Micro says:
Requesting that recipients to check SPF records overlooks a sizable and real hazard created by SPF as a DDoS exploit. Malicious SPF traffic generated by bad actors can be accomplished without expending any of their resources. The bad actor would only need to utilize the local-part of some email address to randomize subsequent queries without their base SPF record being re-read. SPF expects as many as 11 subsequent SPF records to be read, which might be wildcard records now given local-part sub-domains! SPF also expects as many as 100 A, or AAAA records to be queried before quitting. This alone exceeds the amplification of all other DNS DDoS related exploits! The bad actor can simply conclude their records with “+all” where their email then receives flying colors. To dissuade the use of problematic libraries, the assertion “+all” indicates the record's intent is for white-listing and to ensure forwarded email is not inadvertently lost. bell.ca would be one example of this.



Post a Comment

Note: Comments are lightly moderated. We post all comments without editing as long as they
(a) relate to the topic at hand,
(b) do not contain offensive content, and
(c) are not overt sales pitches for your company's own products/services.










To help us prevent spam, please type the numbers
(including dashes) you see in the image below.*

Invalid entry - please re-enter




*Please Note: Your comment will not appear immediately --
article comments are approved by a moderator.

Improve your marketing

Join our thousands of weekly Case Study readers. Enter your email address below to receive MarketingSherpa news, updates, and promotions:
Note: Already a subscriber? Want to add a subscription?
Click Here to Manage Subscriptions