The Email Wars

A great ReturnPath alert today. These guys are being so proactive with sharing knowledge with their partners and customers and it is really appreciated. I wanted to pass on the love and share it with you.

NEWS:
We’ve recently learned some news from AOL about changes to how they authenticate inbound mail as well as changes to their whitelist program. We’ll know more after a question and answer session with AOL this afternoon (hosted by the ESPC) but here’s what we know now.

Changes to AOL White List
AOL is making a few changes to their whitelist - to the point where calling it a whitelist is probably a misnomer going forward. AOL indicates that in the future, the “whitelisting” process is simply a way for a mailer to introduce themselves to AOL and let AOL know a little about what kind of mail they are sending. AOL will want to know:

Domain and IP information for each mail stream
The kind of mail that is sent for each mail stream

AOL will then take that information and plug it into their reputation system. If your mailstream’s performance varies a lot from what is expected for that type of mail stream (e.g., transactional mail) this will likely cause delivery issues. Currently whitelisted IP’s will be subject to the same reputation process for determining delivery of email. There is no need for re-application (or re-introduction as the case may be). In AOL’s analysis, that vast majority of whitelisted IP’s will not be affected by the changes since their reputation is within guidelines.

AOL Implements DKIM
It appears that AOL has been been using Domain Keys Identified Mail (DKIM) for a month now. With the addition of AOL, that makes three major North American ISPs (Yahoo, Google and AOL) that are using DKIM. If you’ve been thinking about implementing DKIM, this should make the decision a little easier.

A few things to note:
DKIM (by itself) will not improve delivery rates - Like all authentication mechanisms, DKIM simply authenticates that the mail is from the domain that it purports to be from. That doesn’t by itself mean that AOL should take the message.

DKIM will help reduce spoofing - If the vast majority of messages from a given domain are authenticated and have a good reputation while the unauthenticated messages from a domain have a bad reputation, AOL will provide a negative spam rating to unauthenticated messages from the given domain.

There is one more “identity element” on which to hang a reputation on (and to monitor) - Going forward, senders are going to have take into account both IP-based reputation and domain based reputation. AOL (and likely other senders) are going to take into account all available information about a given message (domain, IP, URLs, etc) before making a delivery decision.

Learn more about DKIM. Sign up for our Quarterly Education Series on Authentication starting February 12th. Email editor@returnpath.net to sign up.