Industry News

News from the Email Marketing and deliverability Industry as well as news on trends on email use.

Yahoo Feedback Loop made available to all.

2 years ago

by EmailManual in All Items, Deliverability, Industry News

For a long time Yahoo! have offered a feedback loop which was developed and maintained by themselves. For a brief period this was available to the public but involved signing paperwork, sending it off and waiting over 6 weeks for it to be processed.

This was a major inconvenience to anyone who was mailing for several domains as the feedback loop itself was not done on an IP level like most, but instead a domain level using Domain Key technology which Yahoo! developed with Cisco.

Yahoo have now deprecated their feedback loop by preventing further signups and have now partnered with Return Path and are using them to deliver their feedback loop messages which uses ARF (Abuse Reporting Format) back to the organisation who has signed up to receive the complaints. Organisations should then automatically process these and unsubscribe the complainant. If these ARF messages are processed correctly and complainants are unsubscribed this allows the organisations spam complaint levels to remain low and therefore a good reputation is maintained with Yahoo allowing better delivery of emails to Yahoo users.

For more information on the Yahoo! Feedback Loop see http://feedbackloop.yahoo.net/

Brands must do more to protect their subscribers from phishing.

2 years ago

by EmailManual in All Items, Deliverability, Industry News, Spam Filtering Techniques

According to the OTA (Online Trust Alliance) organisations must do more to protect their email subscribers from being victims of phishing scams.

Phishing scams are emails sent by a spammer which mimics a well known brand in order to get the subscriber to disclose usernames and passwords or other personal information. For instance every one of us has received an email claiming to be from our banks. Most of these are easy to spot and consequently easy to ignore but some are not. Spammers will often put in considerable effort, registering similar domains to the genuine brand, putting many hours into the site design containing the genuine brands logos etc which often makes them indistinguishable to the average internet user.

The online trust alliance released a report last month claiming that 56% of .gov Web sites and 45% of leading e-commerce sites are not taking appropriate e-mail and domain security measures.

The report measured 25 government domains, as well as the top 300 online retailers as measured by sales volume during a 10 day period last month.

Analysis was done against the DNS records of the US government and ecommerce sites which shows whether the organisation uses SPF, Domain keys or its slightly younger sister, DKIM and found that a huge percentage of these domains had not adopted one of these email authentication technologies which allows spam filters to pickup on phishing emails/spam and either block or quarantine them.

Whilst big brands and government organisations continue to fail to adopt these sorts of technologies there will always be successful phishing scams. If large organisations like these started to adopt these technologies, spam filters could become more aggressive against domains that don’t authenticate correctly which will apply pressure for smaller brands and individual companies to follow suit which would dramatically help reduce the amount of phishing and spam emails sent across the globe.

A Gartner survey of 5,000 adults in the US estimated that 24.4 million Americans have been duped by a phishing e-mail in 2006. If the larger organisations did their bit in helping IT departments block these sorts of emails it would undoubtedly save the economy millions of pounds which are lost to fraudsters every year.

Email Manual Recommendations:

Implement SPF on your domain, initally with softfail, then switch to hardfail once you have gained confidence.

Implement Domain Keys/DKIM on outbound email.

Block inbound email which hardfails SPF checks.

Block inbound email which is not Domain key/DKIM signed where the policy record for the domain indicates all mail should be signed.

Goodmail Adopts DKIM: Widening the range of supported MTA’s

2 years ago

by EmailManual in All Items, Deliverability, Industry News, MTA's

Daniel Dreymann the co-founder of Goodmail, the company whose product range includes CertifiedEmail recently wrote on his personal blog that Goodmail are to adopt the use of DKIM as an authentication method rather than relying on a standard which goodmail themselves had designed and implemented involving RSA key pairs and SHA-1.

Daniel said:

“It was a relatively simple matter for us to substitute DKIM for our original authentication layer. The authentication layer was, and still is, a rather prosaic component of CertifiedEmail. The other security components, the “secret sauce” that made CertifiedEmail the best and the only secure email certification system, remain in place. DKIM-based CertifiedEmail is as secure as the original specification of CertifiedEmail.”

The benefit to marketers and IT staff here is that rather than having to run and maintain specialised MTA’s from vendors like Port25, Strongmail, Message systems and Socketlabs nearly all off the shelf mail servers will support DKIM signing on outbound messages. This allows organisations to use CertifiedEmail from Goodmail on your outbound corporate email as well as emails you send through your ESP (Email Service Provider).

If you wish to read more about this news please see the full press release here.

Go to Top