By now, the words “authentication, accreditation and reputation” (AAR) are staples of every e-mail marketer’s vocabulary. Marketers generally understand that these solutions aim to reduce spam and phishing. But much of the discussion around these developments has been technically dense, leaving many feeling hopelessly on the outside looking in.
For the most part, authentication implementation is the responsibility of an organization’s IT department and/or its e-mail service and technology partners. However, successful e-mail delivery under an AAR regime also necessitates adherence to various Internet service provider/Web-based e-mail client delivery requirements, careful monitoring and sending consumers the most relevant and wanted communications.
This places the onus for deliverability success right back on the shoulders of those in charge of their organization’s e-mail campaigns – marketers.
Authentication, accreditation and reputation are typically mentioned in the same breath for a good reason: They are fundamentally linked. As such, it is essential to understand the role each plays and the dependence each has on the other.
Authentication: Whether IP-based (e.g., Sender ID Framework and SPF) or cryptographic (e.g., DomainKeys Identified Mail), authentication simply verifies that a computer server/IP address or a specified sender is authorized to send e-mail that purports to be from that sender and/or domain name. This is all it does – verify authorization to send messages – and not, as is commonly assumed, inherently reveal the identity of a “real world” sender.
Accreditation and reputation: Because authentication only verifies authorization to send e-mail, accreditation and reputation solutions also are needed in order to assess the value of authorized senders. In other words, these solutions help ISPs determine whether authenticated e-mail is coming from a spammer or a legitimate marketer.
Though the process across ISPs may vary, most will accredit a sender and/or track and assess a sender’s reputation based on criteria. The criteria often include factors such as complaint and bounce rates, bounce acceptance and other infrastructure-related capabilities, CAN-SPAM and ISP white-listing or acceptable use policy compliance.
If a sender effectively satisfies these requirements, it will be accredited and added to “white lists” or receive positive reputation ratings that can provide deliverability benefits, including bypassing certain levels of filtering, inbox placement and full image and link rendering/display.
Getting started. It’s critical for marketers to communicate and coordinate effectively with their IT counterparts. Having AAR solutions in place will enhance your legitimate e-mail efforts and let you focus on your specialty – marketing. Here are a few “authentication tips” to get you started:
· Audit e-mail and Domain Name System capabilities. Verify that they support header additions and authentication compliance.
· Publish your SPF record and implement cryptographic solutions. For more information and tools to make compliance as easy as possible, visit: www.emailauthentication.org/resources.
· Periodically monitor and ensure accuracy of authentication compliance.
· Control your domain name and leverage authentication to protect your brand by empowering ISPs to make future accept/reject decisions on derivative “cousin” domains.
· Stay informed. Follow AAR news as developments in the AAR space unfold and affect deliverability.
