Jul 16, 2008

Gmail Using Authentication To Block Scams

Authentication is a high-tech way of signing your emails to show it’s not a forgery. It’s basically a string of code you have to add to your email (it’s built-in to MailChimp, and it’s free for all customers). The idea behind authentication has always been that eventually, ISPs may start blocking emails that are not authenticated (or at least slow those emails down). This might eventually stop all the stupid phishing scams you get in your inbox from people pretending to be eBay, or PayPal, or your local bank.

But most ISPs have not gone so far as to block non-authenticated emails…

Instead, ISPs mostly just mark non-authenticated emails with some kind of "caution" icon like this:


YahooMail, on the other hand, takes the opposite approach. They give an "approved" icon for emails that are authenticated:


Gmail seems to be taking that first step towards actually BLOCKING non-authenticated email. According to this article at ZDNet, emails claiming to be from eBay or PayPal will be totally rejected if they aren’t authenticated.  It’s a nice first step towards actually using authentication to outright block scammers and spammers. Of course spammers will just think of some way to game this system (like they always do), but kudos to Gmail nonetheless.

Here’s an interesting quote I pulled from the article, from the Authentication and Online Trust Alliance (MailChimp is a member of the AOTA):

“Over 700 million mailboxes are now protected by email authentication thanks to adoption by leading ISPs including AOL, Bell Canada, GoDaddy.com, Google (Gmail), Microsoft (Windows Live Hotmail), and Yahoo!. However, there is considerable room for improvement in the adoption rate amongst all ISPs. As a best practice, ISPs are encouraged to begin to delete or block email which fails authentication, rather than placing it in bulk or junk email folders where consumers remain at risk of disregarding warnings and opening the email.”

To learn more about how you can authenticate your email marketing campaigns in MailChimp, see http://blog.mailchimp.com/authentication/