June 22, 2005
Headlines are blaring across the Web, Microsoft's Hotmail Now Requires Sender ID! Plus, Yahoo will probably follow suit shortly. How does this affect you as an emailer? In our quick FAQ, discover:
- What happens if your email doesn't have Sender ID
- Why you can't count on your email vendor to handle everything for you
- How Sender ID will affect deliverability
- Why most junk mail won't be stopped by Sender ID.
Plus, we've included a PDF of the most useful instructional booklet we've found on handling Sender ID.
After discussing Sender ID implementation for almost a year but denying (even as recently as two weeks ago) that it was happening anytime soon, Microsoft abruptly gave emailers just a few days' notice that Sender ID was launching.
If you're like most emailers, you're probably about to call your vendor or IT department to make sure you're covered. Here's a quick FAQ and four useful hotlinks so you can sound like an expert.
Q: What's Sender ID anyway?
Sender ID is Microsoft's version of an email sender authentication program. (There's no single standard now and other companies who are also inventing authentication programs call them by different names.)
Basically, the program checks official DNS records (the records of who owns an URL) to make sure that email senders, based on the @ email address in the visible "from" line, are who they say they are.
If your email fails the test, it will be filtered by Hotmail.
Microsoft says at first the filter will be nothing more than a yellow alert line to the recipient that the message in question didn't pass the test. The recipient will still see the whole message in their in-box though. (See link below to instructional booklet with screenshot of what this looks like.)
Later, -- no one knows precisely when -- Microsoft will start either shifting non-passes directly to recipient's junk mail boxes or blocking nonpasses altogether.
For more general info, see link below to Microsoft's official What's Sender ID page.
Q: Will Sender ID stop spam?
Obviously legitimate mailers would be thrilled if this stopped the spam cluttering people's in-boxes, making way for permission-messages to be heard.
But, that's not really what Sender ID does. The only thing the program currently does is check if visible @ senders of an email are who they say they are. You could be a spammer and as long as your DNS records are correct, your mail will not be affected.
You can also be a legitimate mailer, sending from an account you legitimately own, but if your DNS records aren't properly updated, your email campaigns will be affected.
The true immediate value of Sender ID is in combating phishing scams. These are mailers who lie about who they are, most often mimicking financial institutions and trusted brands in hopes that recipients will hand over personal financial data. (Link to story below on how to fight phishing.)
So, the folks at eBay and subsidiary PayPal are probably throwing a big party today. And Microsoft's staff are happy they'll ultimately save on server space (by blocking more messages), please some key advertisers, and improve Hotmail user satisfaction.
Since phishing scams only make up a fairly small portion of all junk mail, Sender ID isn't going to stop the spam blitzkrieg soon. Plus, most spammers can easily move to "from" domains they do own. Anyone can buy a domain after all.
However, the program may open the door for future improvements that could help. We'll keep you updated as things develop.
Q: How will Sender ID affect deliverability?
Good question! Being permission-based won't make any difference. You have to make sure your DNS records have been handled properly. This means you'll need to:
1. Figure out who the technical contact on your DNS records is for every URL you own that sends email. This is a name on the domain record on WhoIs.net.
2. Get that technical contact person to publish your Sender ID records for you. We've posted a link for specific instructions below.
First, here are a two pieces of advice:
A. Remember ALL your domains that ever send email.
If you're like most companies you've got at last a handful or more of domains in use, or at least registered. Get the records fixed for all of them now.
B. Keep your tech contact email alive in-house.
Don't put in a vendor's name (often smaller companies allow their Web design firm to handle this, and bigger companies ask the email vendor to handle it for email-specific domains). Why not? Because if you switch vendors someday, you may forget to switch tech contacts, and the resulting mess is almost inevitable. It's not impossible to handle, but definitely a pain.
This is also a good reason not to use an individual's email address but instead set up an "Alert!" email address that's checked on a regular basis. If an IT staffer leaves your company, you don't want domain-related info to be bounced from a now-dead email box.
If my ESP is Sender ID compliant, am I OK?
Most email service providers are compliant. However, Microsoft's program checks the visible "from" email address that is powered by your copywriter, and not the real reply/bounce address that is powered by your ESP.
Whatever email From you choose to display as the visible From has to be one your brand actually owns and has been updated properly.
Four Useful links related to this article
#1. Easy Sender ID Instructional Booklet -- Seven-page PDF includes screenshots so you can see what all the fuss is about: http://www.marketingsherpa.com/SenderIDImplementation.pdf
#2. Sender ID wizard tool to help your techie: http://www.anti-spamtools.org/SenderIDEmailPolicyTool/Default.aspx
#3. Microsoft's info page on Sender ID for consumers: http://www.microsoft.com/mscorp/safety/technologies/senderid/default.mspx
#4. MarketingSherpa's past Article, "Phishing Email Fraud Attacks Up 50% -- How to Protect Your Brand": http://library.marketingsherpa.com/sample.cfm?contentID=2670