Intela Global Performance-Based Marketing and Lead Generation Blog

What is DKIM?

DKIM (DomainKeys Identified Mail) is an authentication protocol developed in order to address the security problem of spoofing, phishing, forged e-mail messages, and other fraudulent practices for underlying email sending technology. DKIM is an enhanced protocol of DomainKeys with the adoption of certain aspects of Identified Internet Mail. DKIM is the result of combined efforts from Yahoo! and Cisco amongst other supporters.

Why has DKIM become essential?

DKIM authentication technology allows supporting Internet Service Providers (ISP) to confirm the identity of the sender. If the identity of the sender cannot be authenticated, email messages will result in additional anti-spam filtering to determine if messages should be delivered to inbox, bulk or rejected. Without DKIM authentication, sender’s chances of being filtered or blocked by major ISPs are greatly increased.

As previously mentioned, DKIM authentication is important because it allows ISPs to verify the originating source; preventing phishing scams, domain forgery, and other fraudulent practices. DKIM authentication plays a key role in the emerging reputation and accreditation systems that will drive the future of email. As a legitimate business, authentication is not optional; rather it is essential to securing your brand and online reputation.

DKIM is now the key component of the newly developed domain reputation systems allowing senders like Intela to benefit from the numerous advantages of domain reputation: domain whitelist / enhanced whitelist and more importantly reputation portability from one IP to the other.

How does the DKIM authentication protocol work?

Generally, ISPs utilize two primary methods of authentication: IP and cryptographic.

1. The IP solution ties a responsible sending domain back to a set of permitted IP addresses, which requires publishing text (TXT) records in the Domain Name System (DNS) record for each of your domains. Essentially, this solution validates the origin of e-mail messages by verifying the IP address of the sender against the alleged owner of the sending domain.

Examples of an IP-based solution are SPF (Sender Policy Framework) and Sender ID, which has been adopted by over 10 million domain holders worldwide.

2. Cryptographic authentication signs each message in a way that is difficult to forge and designed to verify the DNS domain of an e-mail sender and the message integrity, proving that the message came from the indicated sending domain and provides senders with a consistent reputation across their domain regardless of what IPs mail it’s sent from.

Examples of a cryptographic solution are Yahoo! DomainKeys and DKIM.

• AOL supports SPF (IP solution) and DKIM (Cryptographic authentication).

• Microsoft (Hotmail, MSN, and Exchange) supports Sender ID (IP solution) which provides additional input to their SmartScreen junk email filtering process.

• Yahoo! supports DomainKeys (Cryptographic authentication) and DKIM (Cryptographic authentication).

• Gmail supports DomainKeys (Cryptographic authentication), DKIM (Cryptographic authentication), and SPF (IP solution).

Presently, there is no single method accepted by all ISPs. However, a consensus seems to grow around DKIM and there are more and more adopters of this protocol.

The majority of smaller ISPs are relying on some or all of these methods to authenticate email senders. In addition, businesses must broadly adopt authentication across all their domains, not just those associated with large volume commercial email.

This means domains used for corporate email, customer support and other services. While most online fraud is associated with high-profile marketing domains, without authentication it is possible for any of your domains to be spoofed — and compromise critical business functions.

DKIM: The ultimate solution to all deliverability problems?

It’s important to note that DKIM and other authentication protocols will not fully resolve deliverability problems. Validating a domain does not reflect positively upon the content or value of the message, only to the identity of the responsible sender.

DKIM and other authentications will make it harder for your domains to be forged and it is critical to your deliverability since most ISPs make authentication a requirement for inclusion on a white list. However, authentication will not compensate for weak sender email practices pertaining to content, permission standards, bounce handling, complaints, or filter triggers.

By: Martin Ebongue, European Email Delivery Manager

With the new year upon us, big changes are expected in the field of deliverability. Indeed, 2009 has witnessed the foundation of two major advancements in the deliverability world: engagement and domain reputation, and the development of these new features is going to continue in 2010. Based on his interaction with ISPs and his constant involvement in the deliverability landscape, Intela’s Martin Ebongue (European Email Delivery Manager) has made the following predictions/analysis on the upcoming market changes:

1. The increasing importance of “engagement” and its integration in the spam filters (even though engagement has been used for a while by the ISPs) has never been as important as what we witness today. Indeed engagement is becoming a key metric for ISPs when it comes to inbox placement and reputation. Previously, reputation filters focused on elements such as unknown users, spam complaints, spam traps, volume and frequency to determine inbox placement. Times have changed and the focus has shifted from the sender of the message to the recipient; in the sense that the subscribers perception of the email is now valued. In the past, the “only” way for a subscriber to display his discontent was the famous “this is spam button”. Spam filters are now and are becoming smarter and will now determine inbox placement by analyzing the activity that each subscriber performs on emails: opens, clicks, forwards etc. For marketers, this highlights the importance of relevancy, personalization and targeting. Bottom line: If subscribers don’t read your emails, they won’t get delivered to the inbox in the future

2. Domain based reputation is coming. Senders have been asking for this metric for a long time and it is finally there. Several ISPs have started developing and implementing domain reputation in their spam filters and they should start using it in 2010. The current reputation system is based on IP addresses, simply because IPs are impossible to forge and the usage of domain reputation had been jeopardized in the past by spammers and spoofing. Because of inadequate authentication protocols, domain reputation could not be used as a reliable indicator but with the adoption of DKIM (authentication protocol) it is now possible. The advantage of domain reputation for senders and ESPs are undeniable and are welcomed by the sender community:

• The reputation is attached to the domain and not the IP and that allows the reputation to be portable. In other words, switching IP will no longer be a nightmare since the reputation will follow you on the new IP.

• The warm up period will be far shorter and ISPs will be able to assess and update reputation with a limited volume

• For senders still using shared IPs, the ISPs will be able to determine a reputation for each individual domain limiting by the same token the “collateral damage” effects

• New domain white lists will be developed, based on the IP model, but these white lists will not expire with inactivity; as this is currently the case with IP white list. AOL is currently looking into building such a tool. The only requirement for benefiting from all these advantages is to properly authenticate emails using DKIM. DKIM has been widely adopted by the majority of ISPs (Yahoo, AOL, Gmail) and the only ISP using a different system is Hotmail with sender ID. Hotmail however, is looking to build the same type of reputation system using sender ID

3. The Adoption of DKIM: As explained above, signing emails with DKIM opens totally new perspectives in terms of deliverability and we expect it to be adopted by the entire sending community. It has now become an imperative for anyone looking at improving ROI. DKIM was recommended back in 2009 and there is now an urge to implement it in the new year. Some of the most significant developments will be witnessed in 2010 in the email industry and will change the delivery habits of senders. For senders who want to be successful in 2010, the focus has to shift from the sole ROI to their subscribers and on how to keep them active and happy. Technologically speaking, the sender community must now jump on the bandwagon on DKIM to benefit from the many advantages of domain reputation.

By: Martin Ebongue European Email Delivery Manager

Just a quick note on the current problems affecting deliverability around the industry:

1. Spam Assassin Bug

Spam assassin is an open source spam filter and the common backbone to every spam filter used at the ISPs. All ISPs use it and then customize it depending on their own requirements by adding their own rules or filtering modules on top of it.

As surprising as this might sound, spam assassin is experiencing what people thought all machines were going to experience after Y2K. It seems that SpamAssassin had a rule in their default installations YEARS ago that would catch any spam with the date 2010+.

Unfortunately, the rule was never updated. Any emails sent as of January 1, 2010 to servers running SpamAssassin before the fix was made available, and to any servers running SpamAssassin that have not implemented the fix, will experience a higher than normal SpamAssassin score. This will affect delivery for messages by causing more false positives and sending emails to the spam folder.

A fix has been released to correct this problem but it could take some time before all admin apply the fix (this is not an automatic process).

2. AOL Delivery Delays

AOL announced on their postmaster site that delivery to AOL members will be delayed due to the installation of a new MTA. Mailers should expect to see delayed clicks and opens for their marketing campaigns due to the delivery delay. No specific advice was given on the postmaster site about the delays.

By: Martin Ebongue, European Email Delivery Manager