Improving Deliverability With Authentication
For many email marketers deliverability is the key to success. Without peak
performance in this area, you're wasting valuable resources and putting your
company's reputation on the proverbial line. Let's look at several ways to
increase email delivery performance rates through authentication.
The Deliverability Hurdle
There are many hurdles you need to overcome as an email marketer, but automated spam filters (on the ISP and desktop level) are the most challenging. As end users become increasingly familiar with and adept at utilizing in-box filtering mechanisms (Report as Spam for example), marketers' challenges increase exponentially - especially when it comes to false-positives (blocking good email from arriving at its destination). Let's look at some tactics to raise your email reputation and deliverability performance through authentication - the process of validating the identity of an email sender.
This may come as a surprise, but there is no universal authentication system in place for email marketers. Shocking, I know. Instead, there are two primary means of authentication; IP-based Sender Policy Framework using Sender ID (SPF/Sender ID) and Cryptograhic based Domain Keys and Identified Mail (DKIM). Both solutions do improve deliverability - I've even got the data to prove it myself.
The purpose of authentication is to improve the likelihood that legitimate email will get through to the intended recipient. Sounds simple enough. Authentication helps prove that you are who you claim to be and that you have the right to send email from your IP address or the IP address(es) of a third-party sending email on your behalf. All that A marketer has to do is modify their domain name records to indicate which IP addresses are allowed to send email on behalf of their organization’s domain. This allows ISPs something to refer to when attempting to authenticate that marketer’s email. In short, they become "authentic" senders of mail.
The procedure to authenticate is fairly simple. When a sender attempts to deliver an e-mail, the receiving mail system will go out and query a high-level DNS server to see if there are authentication records for the claimed sender's domain name. A successful validation proves the email originated from the same people responsible for the DNS servers for that domain and that neither the headers nor the body of the e-mail were altered on its way from the sender. This authentication check prevents people from forging the sender’s identity.
Let's dig a little deeper into the types of authentication available:
IP-based Solutions: Sender Policy Framework (SPF) and Sender ID Framework (SIDF)
SenderID is used mostly by Microsoft (Hotmail.com addresses for example) but many other ISPs and corporate mail systems use it as well. SenderID and SPF are essentially the same technology but are implemented a little differently. SPF relies on the Envelope (or return-path) address which is also called the bounce address, while SenderID looks at the Purported Responsible Address (PRA) to determine who the sender is. SPF is used by AOL, GMail, and other mail systems.
Cryptographic Solutions: DomainKeys Identified Mail (DKIM)
Domain Keys Identified Mail is used mostly by Yahoo and AOL as well as a few other ISPs and corporate mail systems. Domain Keys works off the From Address in the message. Customers who have an existing DKIM key can typically provide their email service provider the private key and they will configure their system to sign messages.