Ezine Delivery Into MSN and Hotmail Now Requires Sender ID
By Christopher Knight
Print | Email This | Bookmark | Subscribe
This was inevitable.
If you ask any email server administrator as to what has gone wrong with the spam problems, they would all nod their heads in agreement that - it is fundamentally wrong that anyone can *spoof* anyone and send forged emails.
It's just like having someone hijack your personal mobile phone or home phone number and then make calls to others as if they were you. If that were possible, you'd never know when CALLER ID says who is calling is really who called - and this is precisely what the problem is with how the email protocols are structured pre-email authentication.
Translation = MSN (which is Microsoft and they own Hotmail) now requires any emails being sent to a @ hotmail.com address to be compliant with Microsoft's Sender ID email verification program.
This should not come as a surprise as Microsoft announced this about a year ago...and they finally forced it, uhm, er, I mean implemented it this past week.
What does this mean to you, the ezine publisher or email marketer?
If you're not publishing SPF (Sender Policy Framework) records or if your ESP (Email Service Provider) is not publishing SPF records, then you may find some or all of your emails into hotmail are landing in the junk bin with a safety bar that says "The sender of this message could no be verified by Sender ID."
What to do: Call up your ESP/ISP or local mail administrator and ask him or her if your firm or their firm publishes SPF records and is compatible with Microsoft's Sender ID initiative?
If they say, YES, then the next question is: Do *you* currently publish SPF records for the domain that you use to send your emails from?. If not, then you've got some more questions to ask of your mail administrator to ensure that your domain name has the proper SPF records published to be compatible with SenderID.
NOTE: SenderID: authenticates the "FROM" email address found in the email headers. Having your ESP to publish SPF records is not enough as every domain that you use to send in the ezine FROM: fields must also have SPF records published on the mail server level.
Example: If I sent today's Ezine-Tips from an email address that is @emailuniverse.com and I used a different provider than myself to send this newsletter, then BOTH of us must be publishing SPF records in order to be compatible with Microsoft's SenderID program. When I say "BOTH" of us, I mean the ezine publisher's sending FROM: field address and the email list server must be publishing SPF records.
The difference between SPF and SenderID is that SPF alone authenticates on the FROM: field whereas SenderID authenticates on the FROM: field and the MAIL FROM: fields (prevents further spoofing). Confusing, eh? What's great about SenderID is that it prevents spoofing between the POP account that you can send mail from and the domain that can be in your actual FROM: field that you have setup in your email client or ezine template.
My take on SPF (Sender Policy Framework)
My team had implemented it last year and we ran with it for a few months before tossing in the towel because there appeared to only be a downside to publishing SPF records (pickier mail server issues when trying to handle forward to a friend form submissions and some forum mail issues) and no apparent upside to publishing SPF records...*until this past week*!
By July, our team will begin publishing SPF records again and then we'll have the month of July to sort out all of the things that might break because of it. Every time you tighten security up on anything, something breaks. It's just the way it is.
From an email list server perspective, publishing SPF records makes a lot of sense because usually these servers have a single purpose and they are not multi-purpose like a general mail server or a webserver that also handles mail delivery functions.
What's next or better question: Who's Next?
Yahoo's email authentication scheme is called "DomainKeys" and they have already implemented it on incoming addresses @yahoo.com, but with a positive flag and spin rather than negative message and denial as found in the Microsoft Hotmail error message if it fails.
When Yahoo detects that a message was sent by an authorized source that is publishing DomainKeys records, they give a message next to the email that reads: "DomainKeys has confirmed that this message was sent by yahoo.com." (assuming the email was sent by someone at Yahoo because of course, they publish their own domainkey record for themselves to themselves.)
Translation = MSN/Hotmail may DENY mail to reach the inbox if the sender can not be authenticated with SenderID/SPF whereas Yahoo is only FLAGGING whether an email is authenticated by DomainKeys or not and if not, they are not denying it from reaching the inbox.
Technically, neither MSN/Hotmail or Yahoo is routing 100% of all failed authenticated emails into the bulk mail filter, but MSN/Hotmail has indicated that they will begin dumping all non-authenticated emails by November of 2005.
Craig Spiezle, director of Microsoft's technology care and safety Group, said in a statement released last week that "...It further protects consumers by providing them more information about suspicious e-mails, and it's a call to action for domain holders and e-mail senders to publish their SPF records to help protect their brands and maximize the deliverability and reliability of their e-mail." See resource below.
The real issue here is that the corporate world needs brand protection from phishing scams and consumers need confidence that emails received were sent by the authorized and verified real sender they were expecting.
I'll keep a close eye on where email authentification is headed and will keep you updated on how these changes will impact ezine publishers.
Useful & Related Resources:
Special thanks to Ezine-Tips member, Dr. Bill Pease, Chief Technology Officer over at GetActive Software for helping with today's article on SenderID! Read Dr. Pease's latest article: Microsoft Suddenly Enforces Sender Authentication
Q&A: MSN Hotmail Adds Safety E-Alerts for E-Mail Authentication
If they say NO, then ask how soon they will have it? If they say longer than 3-6 months, then perhaps it might be time to find a new provider. In the meantime, backup your list memberships TODAY again as a safety precaution just in case on the rare chance your list server begins purging @hotmail addresses falsely. It should not happen, but it's always better to have an increase in list backup frequency when uncertainty looms.
This Ezine-Tip was submitted By Christopher Knight -- Email List Marketing Expert, author and entrepreneur.
Get your weekly dose of Email newsletter publishing, marketing, promotion, management, email-etiquette, email
usability and deliverability tips by joining the free Ezine-Tips newsletter:
Ezine-Tips for June 28, 2005
Additional Ezine-Tips Articles from the Management Category: