Here’s an interesting article about email authentication over at NetworkWorld: Will Yahoo block messages that aren’t signed?
For years, ISPs have been a little vague about how they’re going to handle authentication. Will it be used to block email? Does every legit email marketer need to authenticate their messages? Do ESPs need to offer it to all our clients?
Network World Senior Editor Carolyn Duffy Marsan interviewed Mark Risher, anti-abuse product manager for Yahoo Mail, and asked some blunt questions, like:
- What benefits does DKIM provide?
- A year from now, will you be stopping a lot of mail at the front gate because of DKIM?
- Will you send non-authenticated email through more filtering?
Risher also shared the following:“We have seen aggressive uptake of DomainKeys. More than 40% of our inbound traffic to Yahoo Mail is using DomainKeys. That’s more than 1 billion messages a day with the open source version. DKIM is its successor. …Within 18 months, all of the top financial institutions will use DKIM.”
FYI, MailChimp offers both DKIM and Domain Keys (along with SPF and SenderID) for free. Just check a box, and bam—you’re authenticated.
With the preponderance of evidence (and clearly the trends) suggesting that authenticated emails means increased delivery rates, why isn’t this an opt-out option in MailChimp – or even better done automatically on every campaign from MC?
Great question, Ryan. It’s because the first time we rolled out authentication a couple years ago, we made it mandatory, and our customers gave us a beat-down like you wouldn’t believe. People seem to like choice. Also, some email readers display the “from” and “Sent on behalf of” fields differently, which makes some senders uncomfortable. Finally, there are some edge cases where someone’s server might have authentication that conflicts with authentication sent from an outside service. Until they square things away on their server, they’d want this turned off for their campaigns. I think this will all one day become moot, and authentication will just be “always on” like you recommend.
Opt-out is still a choice … you get to proactively choose to do something destructive, but do the right thing for the majority (and allow those that are corner cases to address their needs too).
This way the folks like me that would totally forget to check that box when they’re hurriedly trying to send a campaign would still get the benefit of continuing to expect that best practices are defaults, and not an opt-in feature.
Alternatively, an account preference/setting would solve this too. “Always Authenticate my campaign…”
Thanks Ryan, I’ll forward your comments on to the team.
[...] Clearly, the FTC is concerned with the impact of Phishing, and they feel authentication is an effective technological weapon against it. This is a sign that they intend to push ISPs to penalize non-authenticated emails. On a related note, check out this interview with Yahoo: Will Yahoo block messages that aren’t authenticated? [...]
[...] get through some spam filters, and lets your customers know your email’s authentic. Big ISPs have been hinting that one day, they’ll throttle or block non-authenticated emails. MailChimp comes with [...]
Hi Ryan, Authentication is now pre-checked, and opt-out. Thanks for your input!