AOL announced its plans to begin DKIM verification sometime
this next year during an ESPC call moderated by Ben Isaacson of CheetahMail
with special guest Mike Adkins from AOL. DKIM is the next generation of
DomainKeys, an encryption based authentication method, which is picking up
adoption in the receiver community. Currently, AOL uses an IP based
reputation algorithm to determine the propensity of outbound mail to be spam.
Under the new paradigm, a sender’s domain will be verified against the DKIM
signature with inbox success being determined by that domain’s
reputation. Mike proposed that by the end of the first half of 2009 an
initial version checking the signature will be in place.
It is important to note that the current IP based reputation
filters and delivery metrics will continue as they have been with a regular and
enhanced whitelist. DKIM will follow the same pattern with a domain
whitelist explicitly requested by senders providing information about the
domain and an enhanced domain whitelist that will be dynamically controlled by
AOL (also coined an organic whitelist). Domain reputation will be looked
at as the first layer of the onion and, absent DKIM, will fall back on IP based
reputation scoring. It was also mentioned that SPF will be actively used
as another data point providing information about a sender, whereas now SPF is
checked but not used in the reputation algorithm.
You can use *@dkimtest.aol.com
to test whether your outbound mail is DKIM signed properly (the * is a wildcard
character meaning anything can be used, such as firstname.lastname@example.org).
There are some other special provisions that will be included with the DKIM
verification in regards to some third party accreditation services which inject
headers into the envelope. It’s important to note that the first revision
of DKIM with AOL will only help to add value to senders’ efforts for delivery
but won’t punish senders who don’t currently sign. But, as Mike stated,
they want to keep their email recipients “safe and happy” and to that end, the
likelihood that DKIM will be used in greater force in the distant future is
very possible. Net – get your email DKIM signed sooner rather than later!
To keep up with the latest on AOL, check out their blog.