Repost from Pivotal IQ Blog
Yesterday, Goodmail announced
that it launched the industry’s first 3rd party domain-based whitelist,
called CertifiedDomain. We had a couple of questions for the Goodmail
team and here’s what we found out, straight from the source:
- Authentication Required. Before looking
up a domain on CertifiedDomain, a receiver must confirm the message was
indeed sent from the domain it purports to. Goodmail is agnostic as to
what authentication method is used. It could be DKIM, Sender ID
Framework, SPF, DomainKeys, or anything else. - Goodmail’s Whitelist is Publicly Available for ISP Use.
The basic CertifiedDomain list is publicly available to anyone on the
planet and can be used by receivers (ISPs and businesses) to help them
in their email filtering. These receivers are not required to ask for
Goodmail’s prior permission or even inform them that they are
consulting the CertifiedDomain list. Goodmail says it expects the basic
list to be used extremely widely. Goodmail also says that a more
comprehensive list is licensed to ISPs, but the company does not
publicize these agreements. Not all ISPs who accept CertifiedEmail have
the technology to filter incoming messages based on domains yet, but
ultimately Goodmail expects all its ISP partners to consult the
CertifiedDomain list. It also anticipates that not partners such as
enterprise networks/B2B etc will consult with the new whitelist. - You CAN Get Booted Off the List.
If Goodmail’s get data from its partners or other evidence showing a
domain is no longer worthy of being listed, Goodmail will remove the
domain from the list. Goodmail says it might publish a specific AUP for
CertifiedDomain, but until it does, adherence to the existing
CertifiedEmail AUP is recommended. - Image Blocking Benefits are the ISPs’ Prerogative.
At this stage, Goodmail is not aware of any ISP that intends to turn on
images solely because of the inclusion of a domain on a whitelist, but
says it is likely that ISPs which selectively turn images on will
consider the inclusion of a domain on the CertifiedDomain list as a
positive input to this message-by-message decision. Each ISP will set
its own policy and will assign its own weight to the inclusion of a
domain on the CertifiedDomain list. - Fee Structure.
There’s a onetime accreditation fee but, as specified in the Terms
& Conditions document for CertifiedDomain, Goodmail might charge an
annual renewal fee and might introduce other fees in the future. - CertifiedDomain Can’t Help You if Your Connection is Dropped.
The first line of defense of all ISPs is blocking at the IP address
level (refusing a connection), and CertifiedDomain won’t help there.
CertifiedDomain is helpful only once a message has been accepted and
authenticated by the ISP, when the ISP is looking for multiple inputs
to its filtering algorithm. - rDNS and WHOis Not Required, But Recommended.
Goodmail doesn’t impose such technical requirements as a precondition
to being listed on CertifiedDomain. However, an ISP sophisticated
enough to validate the authentication of incoming messages and to
consult the CertifiedDomain list is also likely to perform such checks
and to use the results of these checks as yet another set of inputs to
their algorithm.
Cheers!
-Len Shneyder
Director of Partner Relations
& Industry Communications
www.pivotalveracity.com
Last 5 posts by Len Shneyder
- Job Opening - Product Manager EMM - May 12th, 2011
- The New Mail.com Webmail Client - March 30th, 2011
- The New New Yahoo! Mail Beta - March 18th, 2011
- Mail.com Bulk Foldering 90% of Inbound Mail - February 24th, 2011
- HTTP, HTTPS, Gmail, IE – INCONCEIVABLE! - January 6th, 2011
Nice piece Len! I think CD is an exciting new entrant to the email ecosystem. However, as to them being the first "3rd-party domain-based whitelist", I believe http://emailreg.org began operations in 2008.
Props where props are due, as it were.
–
Neil Schwartzman
Director, Certification Security & Standards
Return Path Inc.
0142002038