With major ISPs planning to launch an e-mail authentication system as early as this fall, retailers should take several steps now to assure their e-mail will arrive at their targeted destinations, the DMA urges.
With major ISPs planning to launch an e-mail authentication system as early as this fall, retailers should take several steps now to assure their e-mail will arrive at their targeted destinations, the Direct Marketing Association urges.
ISPs including AOL Inc. and Microsoft Corp. are expecting to begin using Sender ID, an e-mail sender authentication protocol, as early as October, the DMA says. Sender ID would combine AOL’s Sender Policy Framework with Microsoft’s Caller ID, which are methods of verifying that incoming e-mail messages are arriving from addresses that have not been hacked by spammers.
To benefit from the authentication system, the DMA advises retailers to secure their e-mail servers to assure that spammers cannot try to use them to send bulk e-mail. Spammers, for example, can connect to and send bulk e-mail through another company’s e-mail servers that maintain constant openings to the Internet, known as open relays. The Federal Trade Commission provides information on how to secure e-mail servers at FTC.gov/secureyourserver.
Retailers should also register their IP addresses and corresponding domain names, the DMA says, adding that registration will eventually become mandatory in order to get on ISP “white lists” of approved IP addresses. Addresses not registered will likely get blocked by ISP filters.
Retailers can register at SPF.pobox.com. The registration process is quick as well as free, the DMA notes.
The DMA adds that e-mail sender authentication will only ensure that e-mail is coming from the IP address identified in the "from" column, but that it will not identify the actual sender. The identification of senders is being addressed by another industry effort described as "content signing," including individual efforts by major ISPs. Yahoo, for instance, is developing a "DomainKeys" system of using encryption technology to identify legitimate e-mail from senders registered with the Domain Name System. Content signing may take another year to two to develop, the DMA says.