Saving yourself from e-mail authentication schizophrenia
It's a common disease, a quick check of 40 well-known brands found that 60% suffer from it. Most don't even know they have it. Diagnosis? You're authenticating some of your e-mail, but not all of it. Typically, you're doing fine with your marketing e-mail, probably working with an ESP (e-mail service provider). But your transactional e-mail, the order and shipment confirmations that spit out by the millions, isn't authenticated.
Symptoms? You may not even see them. As far as you're concerned, those transactional systems have been humming along for years with no complaints, so what's the problem? Unfortunately, this inconsistency is probably hurting you already, or is about to.
To start, let's get some context. E-mail authentication allows recipients to positively identify your messages as yours, giving them an opportunity to track your reputation and leading to more intelligent decisions on how to deliver your messages. As a by-product, if you're authenticating your messages, people pretending to be you can't, which allows recipients to keep those fraudulent messages from reaching your customers.
This schizophrenia can have significant impact in three key areas: brand protection, deliverability and user perception. So it's time to bring some harmony to your e-mail authentication persona.
Brand protection - Since phishers typically defraud users by pretending to be you, what type of e-mail will they send? That's right, transactional. After all, it's your official e-mail. By authenticating these messages, you allow your real messages to be positively identified, and give ISPs and other receiving systems the ability to discard pretenders.
Deliverability - Though the specifics still shift frequently as good guys stay a step ahead of the bad guys, authentication is the bedrock for making smart delivery decisions. If you authenticate and follow best practices to keep your reputation high, your messages will get delivered more often. If you don't authenticate, they're thrown in with the rest of the noise and subjected to in-depth analysis and filters. Why risk that?
User perception - Many e-mail services, notably Windows Live Hotmail and Yahoo Mail, now give some kind of indication to the user regarding the authenticity of the message. Some use a carrot (Yahoo Mail) by highlighting messages that pass authentication, while some use a stick (Windows Live Hotmail), highlighting messages that fail. Additionally, there are now enhanced services based on authentication that can further differentiate your message in the inbox. Regardless of the specifics, do you want some of your messages marked as real, and others as unknown? Probably not.
So what's the cure? Conceptually it's simple. Identify all sources of e-mail in your company transactional e-mail; vendors handling newsletters, welcome messages, surveys, and ensure they're all sending authenticated messages. Getting it to happen may be tough, especially given organizational and control issues, so it may be stress-inducing - but there are pills for that.