|
Last week I had the pleasure of attending the Email Authentication Summit, an event put together by the big players in the email industry. The topic, predictably, was email authentication, and its adoption. Amid all the authentication cheerleading, I found a few outstanding tidbits:
Much ado about protocols - The two clear leaders in authentication are Microsoft's Sender-ID and Yahoo/Cisco's DKIM, or Domain Keys Identified Mail. Microsoft has already begun end-user notification of Sender-ID enabled mail, causing a stir in the email marketing industry. Meanwhile, just one day before the summit, Yahoo and Cisco submitted DKIM to the Internet Engineering Task Force, the Internet's official standards body.
If the IETF gives its blessing and makes DKIM a standard, it could be pushed onto the stage much as Sender-ID was. Unlike Sender-ID, DKIM requires some significant resources from both senders and receivers to generate and process cryptographic keys and would have a much greater impact if the industry is caught unprepared.
MTA (mail transfer agent) vendors are scrambling to support DKIM functionality. I expect ESPs will be following closely behind.
Reputation approaches fast - All day long, every utterance of the word "authentication" was almost immediately followed by "reputation." It's abundantly clear that authentication is here to stay. So, it's time to start looking at the next step. Bonded Sender and Habeas got many plugs as the next step to the "spam solution," and rightfully so, as they are the two leading companies offering reputation and accreditation services.
Once everyone is authenticated (and some presenters spoke as if this was already the case), reputation and accreditation will be used to determine just how good email senders like you are as "netizens." Your reputation can be based on your statements about your privacy practices or an authorized third party's review of your past and present practices. In many cases, both methods could be used.
If, for example, an ISP can see that you use confirmed opt-in subscription, and your IP addresses have never been exploited to broadcast spam, it can then decide to pass your mail around its network of content filters.
Start looking at Habeas (www.habeas.com) and Bonded Sender (www.bondedsender.com), if you haven't already, and familiarize yourself with their methods and offerings. Both already have a deal with MSN/Hotmail and a host of other ISPs to provide what's essentially an outsourced whitelist of good senders.
One summit per day keeps the FTC away -- An interesting thing happened during the DMA's CAN-SPAM session. You may remember when the Federal Trade Commission listed all the reasons a Do-Not-Email list was a BAD idea. The FTC also recommended that the Senate let the email industry sort out spam and come up with its own solution. Apparently, the FTC began to lose hope when it faced the emergence of 10 different authentication proposals, squabbling with Sender-ID licensing, and lack of all-around adoption.
As the DMA's Jerry Cerasale said in his speech, the FTC was "ecstatic" with the Email Authentication Summit and its wide base of industry representation. The summit espoused all the ingredients needed for a successful spam solution: cooperation, consolidation, and adoption.
Here are my key takeaways from the summit:
1. Authentication! If you're not authenticating your email yet, you will soon be left far behind your competition. Look to Sender-ID and DKIM as the methods to use.
2. Reputation! It's coming fast, so be ready. Look at Habeas and Bonded Sender and the requirements for both programs.
3. Cooperation! Participation and adoption ensures that we retain control of our industry, heading off any government movement toward federal Do-Not-Email lists.
|
