Deliverability.com

The Email Experience Council (EEC) has just scheduled its yearly legislative update webinar on May 19, 2010 from 02:00 PM - 03:00 PM EST.

If you attended last year's webinar event, you found the advice and updates very useful. Check out Return Path's Stephanie Miller post from last years webinar to see what was said.

This year's webinar will cover:

• The proposed expansion of powers of the FTC and any impact on CAN-SPAM
• Permission legislation revival in Canada
• Behavioral targeting protections under consideration by the FTC
• Online privacy legislation under consideration in the House of Representatives
• Five-year review of Children Protection Act and how website content affects email marketing (or any outreach marketing)
• Security breach, data management and identity protection legislation.

Speakers:

• Tom Bartel - CPO & General Manager of Accreditation Services, Return Path
• Rick Buck - Vice President Privacy/ISP Relations, CIPP, e-Dialog
• Jerry Cerasale - Senior VP, Government Affairs, DMA
• Dennis Dayman - Chief Privacy Officer, Eloqua
• Lois Greisman - Director of the Division of Marketing Practices, FTC's Bureau of Consumer Protection
• Stephanie Miller - Vice Chair, eec; VP, Market Development, Return Path

Need a small price break? Use discount EECS on the event registration page.

-Dennis
Eloqua

Don't Just Send, Deliver!

As a follow-up to my previous post published recently on Deliverability.com presenting how to find email headers in the most common email clients available, here's a high level overview of what exactly those headers mean. 

You've found where the headers are.  Great!  But, if you're not sure what they mean or where to go next, hopefully this post will clear things up a bit.  As an email professional, you should always check headers of actual email messages sent out as a test to your own account before launching the email into production and also by seeding random live messages.  It's very easy to overlook key meta data describing your email - it's on every message that goes out, by nature of the underlying technology around email transmission (SMTP).  Not only can they give you evidence of how your email is seen by receivers but they are also great for diagnosing how ISP's treat your mail.

Since nothing is standard except the most low level layers around email communication, you might have to hunt around depending on which client is used for receiving the message and which headers you're looking for.  Unfortunately, nothing fits into a "one size fits all" header mapping.  But, there is hope.  If you understand what to look for and get used to seeing the different types of headers that are displayed (you must practice looking at different headers), you'll quickly be able to identify the key areas where your message may be running into problems.

Let's break it down.  The following is a random message I picked out of my personal Gmail account from Plaxo urging me to reengage with the site.  I picked Gmail because it does a good job of showing all headers in native form without much munging.  Headers will look different depending on what service you're using to collect mail!  But the underlying intent of the header should remain the same.

 
 
1.  Delivered-To: The address of the mailbox the email was actually delivered to when rendered.  This is usually the same as the To: recipient but in some cases can be different if you have forwarding rules enabled.

2.  Received:  A very valuable data point which explicitly tells you the path the message took from sender to receiver by denoting the machine hops it made in between.  It is made up of IP addresses and/or server names, which in conjunction, spell out the sending identity and the receiving machine and domain.  If you want to get really crafty, you can begin looking up the hops along the way to tell what networks the email touched during its journey.  This is also very helpful when trying to determine exactly what the receiving machine can tell about where the email originated.  And, you might have guessed, this is where the IP reputation is garnered and thus assigned back to a sender. An old but good post from AOL about IP reputation here.

3.  Return-Path:  The return address for the email if it bounces.  Note, this is different than the Reply-To: in that this is the required address the receiving server can communicate back to the sender for whatever reason whereas Reply-To: denotes where a message will be sent when a recipient hits "Reply".  These two can often be the same, though.

4.  Received-SPF:  The determination listed in this header will tell you if the message passed SPF authentication.  If not, then you need to revisit the From: address listed on the message and ensure it resolves to a domain that the IP address is allowed to send from (the IP address found in the Received: header).

5.  DomainKey-Signature:  Is your signature correct?  If so, the end result is your email passes DomainKey authentication.  If not, then you need to revisit the authentication parameters you're using.  It's better to send a message not authenticated than one that fails authentication.  The signature is the value your sending server calculated based on the content and headers (encryption based authentication).

6.  DKIM-Signature:  Same as with 5, this is where the newer domain authentication protocol is shown to pass or not.  DKIM is backwards compatible with DomainKeys.

7.  Content-Type:  You've probably been told you should make sure the email content you send is represented properly by the headers of the message.  This header tells the receiving system what sort of content to expect in the body.  Text/plain is used when no HTML is present but multipart is best as it has both a text and HTML part which allows for greater render success depending on what the recipient is using to view the mail.

8.  X-<value>:  An X-header is simply a header the sending or receiving server can insert without it interrupting the mail flow.  Think of it as a comment, wherein it can give you useful information about antivirus software used, versions of the email platform, ESPs used in some cases, or spam scan results but the inclusion or absence of the header itself won't impede the delivery of the message.  Depending on how verbose the systems talking are, this section can grow to be very long.

9.  Message-ID:  This is the email fingerprint and can be very helpful when communicating problems with email receivers about a specific, tractable problem where an actual email example is needed.  Remember, most receivers get billions of messages a day depending on their user base so having a pointer back to actual evidence comes in very handy when mitigating deliverability problems.

10.  Standard headers:  These are the basic headers we should all be used to seeing and what's usually shown in all email clients.  The friendly from, from address, subject, date/time and who the message is addressed to can be found here.  It is also important to ensure your headers are not intentionally misleading to comply with CAN-SPAM.

There is a distinction between what is called an "envelope" and a "message" header but I will forgo that here since I doubt many folks reading this blog care too much about the semantics.  However, if you want to know about headers, go here to see a full listing in detail of the machine language headers that are inserted into email.

There you have it.  As always, please post questions or comments if you'd like know more or there's something I can help you understand.

I've been asked many times over the years how to actually get at the email headers when using a standard email client to read messages.  This not only comes in very handy when you're troubleshooting deliverability problems on the sender's side (IP address, HELO values, authentication, etc.) but also allows you to take a closer look at the individual ISPs and what information they tack on to the message headers which can usually tell you something you didn't know before.  Headers are an immutable piece of data that represent the snapshot of when and how the email was sent from points A to B.  Granted, if you work in deliverability to any extent, this is child's play.

However, if you've ever wanted to be an email diagnostician (I remember saying this on my 5th birthday!) or found yourself wondering what people meant when they discussed email headers, keep reading and I'll show you some of the most popular email clients' paths to headers.  Keep in mind, every email that is successfully sent contains headers.  But, the programs that consume the email packets and present them to the end recipients vary on how transparent they are with exposing headers.  Following the lead of the major clients below, you'll get a pretty good idea of what access strategy to use in the majority of email clients available.  

Yahoo!:

Windows Live Mail (desktop client):

Windows Live Hotmail (web client):

Gmail:

AOL:

*If left clicking doesn't produce what's shown in the image, right click.

Hopefully this gives you a better idea of where to look when trying to needle out the email headers from your email client without having to get too technical with setting up your own fancy inbound mail server or handler.  If you have any questions, let me know and I'll be glad to go deeper.  Many resources are available explaining the value of and how to read headers.  Depending on the feedback, I might post a follow up to this explaining what you should look for and how the data points play into enhancing your deliverability strategy.  Let me know what you think!

Mark Brownlow posted a great series on the future of deliverability at his site Email Marketing Reports.
He started off with getting some well known deliverability experts in the industry together (and I am humbled to have been one of them), got our thoughts and opinions on certain topics ranging from authentication to recipient engagement to spam complaints.  And then, he put it all together in a nice chronological series coming out with a new post every week or so giving you time to digest the previous one.

This is a fantastic tool and resource for folks who aren't as savvy in email deliverability as they'd like to be.  Or, for those who just need a primer to brush up on their skills and knowledge.  As we all know, one of the things that keeps the world of email deliverability so fun and exciting is the ever changing landscape while everyone from senders to receivers tries to figure out what to do next.  We're still pioneering email, folks.  There's a lot of uncharted territory out there just waiting to be discovered.  So, without further adieu, I give you Mr. Brownlow's series broken down by post and topic.

• Future of deliverability: 1. The role of user interaction (click)
• Future of deliverability: 2. The role of authentication (click)
• Future of deliverability: 3. The role of domain reputation (click)
• Future of deliverability: 4. The role of certification (click)
• Future of deliverability: 5. Sender reputation and B2B email marketing (click)
• 192 email deliverability resources (click)

I would especially make sure you have that last link bookmarked as it's chalk full of places to go and people to reach out to if you find yourself in need of further help around deliverability.

Chris Wheeler
Director of Deliverability at Bronto
@ChrisAWheeler

xoxo - wife

------

I hope that you had a great holiday season as my family did; however, it wasn’t a long enough vacation though…

As you might recall, the plan to tackle the broad topic of “How Email Works” was to break it down into the following sections:

• How MTAs (Mail/Message Transfer Agents) Communicate
• What is a “Bounce?”
• How MTAs Handle Bounces
• How Bounces Can Affect a Subscriber’s Status

We left off in the series discussing “How MTAs Handle Bounces”. Today, I wanted to close this series by discussing how bounces can affect a subscriber’s status within your database.

As you should know by now, bounces are a way for a recipient mail server to tell you how you should treat that message (often including information specific to an email address). Some tell you the address is no longer valid and that you should never try it again, some say that the email inbox for that recipient is full and to try again later, some tell you that the recipient mail server is broken and to come back later, and some tell you that the ISP’s suspects that your email might be spam.

In most cases, there is an action to be taken in how you can email that person in the future, if at all.

Let’s take a look at this from an ISP perspective instead today and use the example of a bounce telling you an email address is no longer valid (550 User Unknown).

If you look at AOL’s standards, which are mostly identical to other ISP’s standards, a high number of invalid recipients (bad email addresses) will harm your reputation. Also, it is important to note that many ISP networks and anti-spam systems usually have auto-blocking mechanisms in place to prevent against mailing too many invalid recipients as it looks like a “Directory Harvest Attack”. The ISP has no clue that you are not intentionally malicious as the data patterns have extremely similar characteristics. They are only trying to protect their network and subscribers from abuse.

You will always have some invalids due to people changing email addresses, but the lower the number, the better your reputation. A majority of spammers (if not all) don’t care about bounces and tend to use the “spray and pray” method. Spray and pray is when a spammer fires out tons of email (usually in long bursts) without aiming, hoping that someone will buy from them when they hit a valid account out of the millions they harvest off the Internet. They never stick around to collect bounces to clean their lists and usually move on to the next rock they can hind under to spray and pray again. So every time they send, they are sending to the same valid AND invalid addresses. This is why removing dead addresses is vitally important the first time an ISP tells you the address your trying to deliver to is NO longer valid.

Another key reputation metric some ISPs use is to count the number of times a particular sending IP address attempts to mail the same inactive/non-existent/dead accounts. This data point can be used as a way to determine if that sender should be blocked. You may have had all the permission in the world for mailing these addresses, but use a system that did not effectively manage bounces with relation to a subscriber’s status. Regardless, the data from the ISPs point of view is extremely similar to that of a spammer and usually triggers a block (rightfully so).

Now let’s take a look at temporary (often referred to as “soft”) bounces such as mailbox full (again from an ISP’s perspective).

While I am currently unaware of any ISPs that will block based solely on mailing to accounts that are over quota (mailbox full), over time it‘s likely those addresses are abandoned and will eventually turn into a non-existent email account. In the B2C world of delivery, many ISPs have provided PLENTY of storage space to their subscribers; however, this is often not the case with corporate domains. Therefore, some subscriber management systems are advanced enough to “suppress” mailbox full bounces from various ISPs on the first notification; however, they may not do the same for the same bounces from a non-ISP domain.

Finally, let’s look at one more example such as blocking (you guessed it, from an ISP’s perspective). Again, I don’t know of any ISPs that will block you “more” if your trying to send to a system that your blocked from, but again it makes NO sense to continue to try if you can’t get through.

In terms of seeing a block in your bounce reporting, you should suspend delivery of email to that particular domain until you can resolve the root cause of the issue. ISPs would greatly appreciate the gesture of sender’s not hammering away at their networks while knowing their mail will not be accepted (Do you see any similarities between this behavior and the “spray and pray” behavior we discussed earlier?); however, this will not be enough for you to get the block removed.

Most bounces indicating a block are typically classified in the 5xx (“hard”) category; however, some ISPs will actually issue a 4xx (“soft”) bounce based on reputation (or other parameters). Often times a subscriber status should not be affected based on these codes and verbiage; however, you should:

1. Suspend future mailings to that ISP/network/domain.
2. Carefully examine your data to determine the root cause of the issue.
3. Attempt to resolve the issue with the ISP/network/domain via their proper/preferred channel's.

One of the basic principles to ensure good delivery has always been quality over quantity. Address “churn” is always increasing and mailers should expect to see list degradation; however, ensuring that your mailing platform is built to effectively manage a subscriber’s status can be instrumental to your success!

Again, I want to thank one of my good friends and colleagues in this industry Greg Kraios for helping me originally with this idea. He helped with the first post and had hoped to participate more during the series, but do to some pressing issues could not help as much as we wanted; however today he was able to add his two smart cents to this final posting in the series and in record time I might add. Great work my friend...

-Dennis
Eloqua

Don't Just Send, Deliver!

Common Craft produces short video tutorials on popular topics such as Blogging, Twitter and more. They are some of the best instructional videos I've ever seen. Here is the latest installment, covering Phishing scams in email. Send this to your mom!

So one of the documents we received in the email tracks at the Marketing Prof's Digital Mixer last week in AZ was one called "On the Shoulders of Giants: Leaping Pitfalls and Harnessing Best Practices When Managing an Email Program". I thought it was cleanly put together document that I needed to scan and share. I hope no one minds.

MODERATOR:
Karen Talavera, President, Synchronicity Marketing

PANELISTS:
Doug Williams, Director of Marketing, Lane Bryant Catalog
Daryl Nielson, Commercial eMail Marketing Manager, Hewlett-Packard
Lori Keller, VP, Marketing, Pacifica Hotels

Just like every other marketing program, your email campaigns sometimes get driven by the needs of the organization rather than the interests of your customers. What does that do to the chances for an open, click or response? Not much. They talked how both B2B and B2C companies could optimize their email marketing results by creating relevancy, optimizing cadence, reaching the inbox and conducting effective tests and data analysis.

Download pitfalls_and_harnessing_best_practices_when_managing_an_email_program.pdf

-Dennis
Eloqua

Don't Just Send, Deliver!

At work, we have been working with a customer to get their database scheme flipped from quantity over quality to quality over quantity. To help, we sent them a few examples, best practices in language to be used, choices to be given to customers, and frequency of some email series they could use to get inactive customers re-engaged. A lot of the advice we gave them was based from my experiences and my friends who have blogged extensively on this topic.

• Offer a catchy subject line/Reach Out With a Special Offer. Free shipping plus save 15% on Easter fun for everybunny... or Last Opportunity To Stay Informed - Direct. Clear. Concise. Created a sense of urgency (”last”). Hook with “stay informed.
• Simple TXT email without lots of images
• Personalize it with a high level person/title sending the message, even might use their picture in it to make it feel one to one.
• Critical information is above the fold: the email continues on with other news, but their call-to-action is what they really want me to see in the preview pane.
• Give them  3 different ways to sign up
• Restate your value proposition. This is a simple reminder of what your email program offers.  A concise restatement of what your subscribers can expect reminds them of what you are all about… and what they will miss if they do not confirm their email subscription.
• Use YES and NO options. There is something about seeing both options that drives more people to respond.
• Sets expectations around time to fix this problem of it being your last possible issue. “final issue” in bold, “takes just one minute to subscribe”
• Attempt a Second Contact if first isn’t opened. follow up with an e-mail announcing that their subscriptions will expire soon
• Send a last email to them if the second wasn’t opened or clicked, but keep it shorter this time.
• Send farewell. Send a farewell message letting them know their accounts have been suspended, and include a link to reactivate their accounts, should they require updates about your products or services in the future

Here are some winners from MarketingSherpa’s 2008 Email Awards that we also sent them. http://www.marketingsherpa.com/article.php?ident=30374

Here's what they came up with. I was pretty proud of their work and thought the rest of us could use some examples.

Email #1
Subject Line: Last Opportunity to Stay Informed (Action Required)

Dear [FirstName]:

Our records show that you previously expressed interest in receiving research and Webinar invitations from COMPANY that are specific to your field.  We’d like your permission to continue sending you relevant information via email so that you can stay up-to-date on the latest industry trends.

Please click “YES” below to continue receiving research and trends in [variable content: sales best practices, marketing research and best practices, training research and best practices, best practices for collaborating with employees and partners, support research and best practices, IT help desk support research and best practices, consulting best practices, business productivity and telecommuting research and best practices]. COMPANY subscribers receive exclusive benefits, including the latest research briefs, white papers and invitations to Webinars with thought-leaders and industry analysts.

Please update your communication preference by Friday, [DATE/TIME] or this could be your last chance to receive any future research.  It only takes a second to click one of the choices below.

YES, I would like to stay informed and continue receiving exclusive research from COMPANY.

NO, I no longer wish to receive best practice research, industry trends and how-to information from COMPANY.

Sincerely,
The CEO

--------------

Email #2
Subject Line: Your Subscription to COMPANY Industry Research Expires Soon

Dear [FirstName]:

Our records show that you previously expressed interest in receiving industry research and Webinar invitations from COMPANY, but we do not want to bother you with emails you do no wish to receive.

If you wish to be removed, you don't have to do anything further.  However, if you do want to continue receiving exclusive research from COMPANY, please click the link to let us know:

YES, I would like to stay informed and continue receiving exclusive research from COMPANY.

Sincerely,
The CEO

--------------

Email #3
Subject Line: Your Subscription to COMPANY Industry Research Has Expired

Dear [FirstName]:

Thank you for your previous interest in receiving industry research and Webinar invitations from COMPANY.  Your subscription has now expired and you will no longer receive any future emails.

If in the future you would like to receive COMPANY research, please click the link to sign up:

YES, I would like to receive exclusive research and Webinar invitations from COMPANY.

Sincerely,
The CEO

--------------

-Dennis
Eloqua

Don't Just Send, Deliver!

No this is not a show on the Discovery Channel for you "How it works" fanatics nor is this a slap in the face to those who know how to type and hit send in a simple email client. This is more of a behind the scenes look at the inter-workings of email itself. I had originally hoped that my good friend and colleague, Greg Kraios, was going to have the time to partner with me on this topic, but was sad to find out that he can no longer participate due to some other pressing issues. I do want however to give him credit for helping me flush this idea out and writing the first post of what I hope to be a good/quick series.

As some of you know, I have been in email now for around fifteen (15) years and have some great expediences and understandings of email. Please be patient with me in this series, but feel free to post suggestions/comments for other posts and also corrections as you see fit or if you want to take a topic on let me know and I will post it for you. Also understand that I am not trying to overload the audience with all the mundane details of email. I know some of these posts are short...

At first, I wanted to discuss bounces and then we realized that there is too much information to cram into one (1) post. Therefore, we decided to break it into four (4) sections:

• How MTAs (Mail/Message Transfer Agents) Communicate
• What is a “Bounce?”
• How MTAs Handle Bounces
• How Bounces Can Affect a Subscriber’s Status

With that said, let’s start with how MTAs communicate. MTAs communicate and have “conversations” similar to human beings. For example, let’s say that you and I meet in a public place. We might shake hands or hug, one person says hi, the other says hi in return, we ask how the family is doing, the other person says GREAT, etc. (it’s a back and forth conversation or interaction). It's usually sane and polite, but sometimes it also can be met with "resistance" or a level of "cautiousness".

Much like regular postal mail, email has 2 distinct parts – the “envelope” headers and the “message” headers. The envelope headers are used to distinguish where the message should be delivered. Let’s make a visual comparison:

Physical Address:
John Smith
123 Main St.
Dallas, TX  12345

Email Address:
jsmith@domain.com

.com = 12345 (or the zip code)
domain = Dallas, TX (city and state)
jsmith = John Smith (the recipient’s name or identity)
*If the domain (or portion after the @ sign) was subdomain.domain.com, the subdomain portion would equal 123 Main St. (or the street address); however, you will likely not see many email addresses which exist in this format.

As you can see, these parts of an email address are used to tell the MTA where to send the message (which happens behind the scenes). The MTA will use DNS (Domain Name Service) to determine:

1. Does the domain exist?
2. If so, who handles its mail (it might be handled internally, it might be handled by their ISP, it might be routed to their anti-spam provider, etc.)?
3. If not, what do I do with this message (depending on the error code or bounce returned)?
4. Am I allowed to deliver the message addressed to this user/subscriber/person?

The message headers are actually rolled into the actual message and include items such as From, To, Subject, etc. Based on standards and formatting, our email client knows how to parse (or separate) these headers from the message body (much like if we received a letter in which the salutation, message body, etc. were all rolled together, we would know where things should be separated).

Getting back to the actual communication, the main difference between human and MTA conversations is that MTAs communicate in the form of numerical codes which are (primarily) composed of 3 types:

• 2xx – Accepted
• 4xx - Temporary Failure
• 5xx - Permanent Failure
  *It is important to note that these are 3 digit codes. The “xx” portion is used to designate the other digits in the code. These numbers are designated to provide more granular information; however, we are only concerned with the 1st digit of the code at this time.

These codes serve to ensure the synchronization of requests and actions between the email client and the MTA/s. Every request or command MUST generate exactly one reply. The 1st digit of the 3 digit response code will determine the next action taken by the MTA. In the next article, I will expand on these codes, additional codes that can sometimes be used and how industry experts are collaborating on making things better to reflect situations that are common occurrence in today’s email environment.

-Greg Kraios

-Dennis Dayman
Eloqua

Don't Just Send, Deliver!

A recent message to our Ask the Experts panel had the following question:

Hello!

I have recently began employment with an ESP providing support for their web based application that Marketers use to create their mailings.

My boss would like me to move into the deliverability side of support which is fantastic for me, but an area that I know little about...

I have had some training, which is all well and good, but there is nothing like experience and knowing where to go and what to use to troubleshoot...

I was wondering if you can recommend any literature or useful sites that will aid me in gaining the knowledge in this field of e-mail industry?

Any assistance or guidance you can provide will be greatly appreciated.

Kind regards

Edward

Well you started at the right place by reading this blog on email deliverability. In addition to this, you'll find a number of other popular email deliverability related blogs listed in the right-hand column. In the left-hand column, we list a number of great books by email deliverability experts.

Return Path has a bunch of great whitepapers that can be helpful in getting started. Other sites that I would recommend include MarketingSherpa and ClickZ.

What are your favorite email deliverability resources? Please add them to the comments below.

So on one of the marketing discussion groups we have been going a few rounds with how to support video in email or even if you should. Two of my good friends who founded Smith-Harmon creative agency posted this GREAT synopsis of the discussions, their own experiences, suggestions, and successes they have had with their customer base.

Reference Video in Your Subject Line.
Including the word “video” in your subject line can help inspire opens. Three examples:

• Saks Fifth Avenue, Feb. 4, 2008: “Video Exclusive! Days 1 to 3 of Fashion Week”
• J.Crew, Feb. 13, 2008: “The well-traveled tote (see video)”
• Ralph Lauren, Feb. 18, 2008: “RLTV Presents: Cape Lodge, An RL Home Video”

Use Strong Visual Cues to Indicate a Link to Video.
Recipients respond best to obvious treatments like play buttons, and frames that look like Windows Media or Quicktime video players. Of the group at right, the Williams-Sonoma Bananas Foster example is particularly strong, as it uses a combination of camera iconography, video player frame graphics and verbal indicators. (Don’t you just love Bananas Foster? I wonder if there’s a video on how to make an Orange Mocha Frappuccino®!?)

Match Your Video Content to Your Message.
Yes, video’s hotter than Hansel—but hotness doesn’t hide irrelevance (at least not for long!) Video needs to support your ultimate goal, whether that’s to build your brand or inspire a direct response. Two ways I’ve seen it used effectively in email:

To Demonstrate or Instruct

• REI’s Winter Newsletter links to a series of Expert Advice videos on how to select ski and snowboard gear.
• Williams-Sonoma announced the launch of their new website (featuring video) with this email. The “Cooking Videos” callout links to a Bananas Foster recipe demonstration embedded within a French Skillet product page. 

To Deliver a Cross-Channel Experience

• Saks recreates an in-store experience online with a holiday windows unveiling video.
• Free People brings us behind the scenes of their catalog shoot with this on-location video montage. Party at Hansel’s house! 

http://blog.emailexperience.org/2008/03/make_it_pop_video_in_email_so.html

-Dennis
Eloqua

For those of us who missed the recent AOTA event in Seattle, you can now download the presentations online.

Hat tip: Tom Bartel

Emails are sent from a mail server (a MTA) to another. The receiving MTA chooses to accept or not the email, hence deliverability issues. Most antispam filters are based on the idea than a given mail server has a specific probability of sending spam. For instance, a mail server sending Viagra spam has either a security breach (enabling spammer to use it) or is a spam server. In both cases, the receiving MTA should reject emails coming from this server.  (As we all know, this approach has its limitations but this is not the point of this post.) Therefore each IP sending mail is scored with respect to its history.

But using an IP address as the unit (the grain) for scoring introduces some important problems. For instance,

• IP address are usually not « owned » by email senders (whether ESP or corporate customers), hence they are unreliable over time.
• IP address changes over time: new servers are added, some are deprovisioned
• No authentication are « embedded » inside the score.
• A lot of email senders are sending their emails on a lot of different IP addresses.

For instance,

• It is easy to bypass the reputation system to send phishing emails.
• Enabling or deprovisioning a mail server is complicated.
• Shared mail servers are not handled at all in this system: what can you infer from  a shared email servers with different sending patterns?
• An ESP using three different IP addresses can have some emails accepted while others would be rejected.

A system abstracting IP address and binding an email sent to this system would solve these issues. The good news is that it is already here: it is the domain name system or DNS.

Currently SMTP (the email protocol) provides no way to bind an email to a domain name (for instance you can send email from Gmail servers with any domains you want). This is why some new protocols have been issued.  The main ones are SPF, SenderId, Domain Keys and DKIM.

Each has its own set of specificities but they all share some common traits: they bind an email sent to a DNS entry. Because of this binding, antispam filters can score now the domain names instead of the IP address (reflecting for instance a specific sender).

SPF and SenderID are using IP addresses while DK and DKIM are using a public/private key system.

It seems that antispam filters will not stop using IP addresses but the importance of the domain name will grow. In a further post, I will examine what it means for ESP, their customers.