Emailers Still Struggling with Authentication

While over 50 percent of email is authenticated in some fashion, smaller companies lag behind in this key security concern.
This month's Authentication and Online Trust Alliance (AOTA) Summit in Seattle showed how far the industry has come in understanding the value of authentication and trust-enhancing technologies.

Unfortunately the event also highlighted how far the industry still needs to come in understanding the vital role that authentication needs to play in making online communications and commerce more reliable and trustworthy.

As with past AOTA summits, this year's featured a wide array of top-tier speakers, including Craig Newmark from Craig's List, former cybersecurity czar Howard Schmidt, and Washington State Attorney General Rob McKenna. The crowd wasn't too shabby either, dotted with marketing and technical executives from major brands across a spectrum of industries.

Wearing my hat as chairman of the AOTA Privacy and Data Governance committee, I sat down this week with my colleague Mike Mills, Senior Director of Products and Services at Habeas to get the benefit of his wisdom as one in the trenches of building products that leverage authentication to increase email reliability.

"We haven't fully crossed the chasm," Mills says. "Most of the attendees of the AOTA Summit clearly get it. But the attendees are weighed towards the largest companies with higher email volumes, while mainstream companies still don't seemed as deeply engaged."

His comments are definitely supported by AOTA's survey from January, showing that over 50 percent of email is authenticated in some fashion. While these figures were confirmed at this month's Summit, a lot of the discussions revolved around how to push that number higher.

Unfortunately, Mills points out, budging that number will require the engagement of the countless thousands of companies who aren't attending conferences about authentication and who aren’t aware of authentication as a critical brand protection and reputation protection measure.

How to bring those companies on-board?

"Mainstream emailers still need help from their reputation service providers, their email service providers, their mail server vendors, and the others in this ecosystem on whom they rely because email isn't their expertise," Mills said.

During the conference, Mills also noticed a rather sizeable elephant in the room that was being gingerly talked around, but will need more attention going forward.

"There remains a conflict in the industry over who owns the consumer relationship at the inbox," according to Mills. "During one session, a questioner pointed out that by providing a 'This is Spam' button, the ISPs are inserting themselves between consumers and senders and making it less likely that consumers will express more granular choices."

On the one hand, by putting the Spam button in the email interface, consumers are given an opportunity to express their desire to be rid of unwanted email. But all too often consumers click that button on email they have actively requested to receive, resulting in missed opportunities for senders to better understand their recipients’ preferences – and improve accordingly. Instead, the outcome can be a damaged reputation for a sender who follows responsible mailing practices and the creation for more work for ISPs in the process.

For example, perhaps a recipient really only wants to receive such messages monthly rather than daily or weekly. It's difficult to get a recipient to consider those options and choices when the Spam button is glowing in their face.

In many of the sessions, Mills saw continuing evidence that deliverability remains a significant challenge for many major brands, in large part because deliverability remains a very imprecise science. Even when companies employ the very best practices, the difference in how various ISPs assess reputation continues to make reliable deliverability a challenge.

"SPF records may have a great deal of weight at one ISP, while DKIM signatures have more weight at another," Mills notes.

"Content filtering may also begin to see a resurgence for ISP-to-ISP email due to some problems with hackers breaking the 'CAPTCHA' process and automatically creating accounts for spamming."

Adding further confusion to the deliverability landscape is the proliferation of "best practices" documents and recommendations. With recommendations out there from the DMA's EEC, the ESPC, MAAWG, the IAB, and others, it will be increasingly difficult for senders to stay on top of what "state of the art" actually means.

"For online reputation management companies like Habeas, we are constantly having to evolve our technologies and processes to reflect the various standards and practices, not only as defined by these organizations, but also as actually applied by the receiver community," Mills said.

For all the key players in the email ecosystem, the AOTA Summit continues to be one of the most important events for engaging marketing and technical executives across a variety of industries in focusing on authentication issues and technologies.

Even though the event is over for this year, clearly the challenges being addressed by the members and attendees will continue to move throughout the email ecosystem until everyone who operates a mail server does their part to make email a safer and more trusted communications channel.




Tags: services, consumer, marketing, privacy, spectrum


0 Comments (click to add your comment)
Comment and Contribute

 


(Maximum characters: 1200). You have characters left.