At SparkPost, we love email. The way you feel about those pictures of your cat you posted on Instagram? That’s how we feel about email. But we know not everyone shares our excitement about email RFCs. Which is why we work to share our knowledge of email standards and make sure that setting up and sending email is as easy as possible for as many people as possible. Except for you, Mr. Western Union scammer.
Email has grown a lot over the past 40+ years and along the way several standards have cropped up, meant to combat spam, phishing, and spoofing. Keeping up with these standards and implementing them correctly can be tough. On the flip side, setting them up the wrong way can really hurt your business. Set up incorrectly, your email won’t get delivered or, more dangerously for your customers, will let any malicious sender impersonate you online, even to the point of letting someone change your content while it’s in flight.
That’s why today we’re happy to announce the release of three new tools for building and verifying the state of your email. I’ll walk you through each of them quickly and how they can help you win the trust of ISPs and your users.
DKIM is a content authentication standard meant to let ISPs (Internet Service Providers, the ones who manage the inboxes you send to) verify that the email you sent is the one they received and that no content has changed since it left your system. DKIM requires you to set up a special DNS record with a public key and other metadata that receivers use to verify the content of the message they receive.
Our DKIM Validator lets you safely verify that your DKIM is set up correctly. It will give you a unique email address; send to that address from your domain (through the system you’re validating) and we will check your DNS entry and make sure the email we received complies with the DKIM policy you set up. We’ll even give you recommendations if we find something that could help you out.
Find something surprising in the results and want to share them? We got ya covered: all results are deep-linkable for easy sharing (click the “Share” button, and we’ll even put the URL in your clipboard).
Not sure about any of this DKIM stuff? Sign up for a SparkPost account and we’ll take care the hard parts for you.
SPF is a standard used by ISPs to verify that an email addressed “from” your domain is coming from a server that you’ve specifically said is allowed to send for your domain. Setting up a correct SPF DNS record is one of the best ways to combat spoofing attacks and keep your email reputation high.
The thing is, SPF is deceptively complicated. There are only a handful of simple mechanisms in the SPF standard, but when they’re combined into your domain’s record, it soon becomes a complicated tree of hosts, any of which can send for your organization. It’s quite easy to be too broad and leave yourself open to spoofing attacks, or be too narrow and have your email appear to be illegitimate.
That’s why we made the SPF Builder – it will walk you through a series of simple questions to build out your SPF record. You don’t need to know any special syntax, we’ll translate everything for you and even copy it to your clipboard for easy pasting into your favorite DNS provider!
Whether your SPF record came from our builder or is artisanally hand-crafted, it’s good to check the validity of your record once it’s live. Our new SPF Inspector will not only verify your record’s syntax (and the syntax of any others you’ve included), it will also show you all IPs and hosts that are allowed to send on your behalf. If we find anything wrong, or slightly not great, we’ll give you a heads up along with some pointers on how to fix what’s not quite right.
All your results are shareable, just like the DKIM Validator. In addition, if you are signed in to your SparkPost account, we’ll keep a history of the domains you inspect over time. That becomes really useful as you start to manage and send from several domains.
Find SPF too confusing? Send through SparkPost and we’ll handle all the messy SPF details for you!
Go Check ‘em Out
We’re really proud of these SparkPost email tools and we think they will make your life easier and your email better. Do you have ideas for other tools that would help you send better email? Let us know on Twitter, Slack, or in the comments!
— Cole Furfaro-Strode
Here’s the full press release on the SparkPost email tools
Data Privacy Day is a timely reminder for all organizations to reflect upon their data security or data breach protection, especially so with the release of the 2014 Data Protection & Breach Readiness Guide by the Online Trust Alliance. The report discovered that 2013 was the year with the highest recorded number of data breaches, with an estimated 740 million records being exposed. Other notable data breach statistics:
- 89% of data breach incidents could have been avoided with simple security best practices
- 40% of the largest data breaches recorded took place in 2013
- 76% of the data breaches were due to weak or stolen credentials
Exposed records included credit card numbers, email addresses, log in credentials, social security numbers and other personal information, leaving both individuals and business open to significant financial harm.
The guide provided 10 Questions of Risk Assessment so readers could do a quick self audit of whether they were prepared for a data breach. It also provided 8 data security best practices that businesses should implement today.
- Email authentication through the implementation of SPF, DKIM and DMARC
- Implementation of Secure Socket Layer (SSL) for all data collection
- Upgrading to Extended Validation SSL (EVSSL) certificates for all commerce and banking applications
- Reviewing all password management policies and support for two-factor authentication
- Encrypting data and disks
- Encrypting communication with wireless devices
- Default disabling of shared folders, multilayered firewall protection etc.
- Creating a BYOD Plan and policy
The plan also covered data breach incident response planning, a topic that Craig Spiezle, President of Online Trust Alliance spoke about in our annual digital messaging conference in 2013. When preparing for a data breach, it is vital for businesses to:
- Create an Incident Response Team
- Establish vendor and law enforcement relationships
- Have a communication plan
- Take into consideration international data breach notification laws
In order to benchmark and encourage adoption of data security best practices, the Online Trust Alliance publishes an Online Trust Honor Roll audit every year, of which Message Systems was proud to be listed in 2013. As a member of the Online Trust Alliance, we take our role in educating the industry about email authentication and DMARC seriously. In the past year, we’ve hosted a webinar about The Benefits of DMARC Email Authentication, published an e-Book on How DMARC Is Saving Email, as well as numerous blog posts about DMARC, SPF and DKIM. We’ve also released a free email validation tool called The Validator, which is a free DKIM validation, DMARC Validator and SPF checker tool to test your email server for compliance and ensuring message delivery. In fact, if you are looking for an email software or email system that adheres to the DMARC standard, feel free to talk to our experts.
As stated in the 2014 Data Protection & Breach Readiness Guide:
Business leaders need to recognize if they collect sensitive data, they will realize a data loss incident. Not being prepared is a recipe for failure, and loss of consumer trust.
Want some additional information on DMARC email authentication? Watch the DMARC webinar by Groupon, ReturnPath and Message Systems!
What’s the magic pass/fail standard that decides whether your email reaches a recipient’s inbox or their spam folder…or even gets delivered at all? Sender Reputation, determined by a bevy of metrics and measures that include authentication via SPF, DKIM and DMARC protocols, complaint rates, the number of spam traps hit, bounce rates and, ultimately, user engagement metrics: if you’re badged spam by the addressee, it’s a rough road back to the inbox.
But your Sender Reputation – and, therefore, your deliverability — may not be the same across the ‘Big 4’ major inbox providers. Yahoo, Gmail, AOL and Hotmail don’t share their data with each other. They also vary in how they implement authentication protocols, user engagement metrics and other practices.
So it’s obviously useful to understand how each of them gatekeeps deliverability. Here’s a rundown of some of the key considerations about each, condensed from An Email Delivery Report for 2013: Yahoo, Gmail, Hotmail & AOL, as researched by EmailDirect, a small Sacramento, CA ESP:
- Yahoo! checks for SPF, DKIM and DMARC flags.
- SpamGuard, their proprietary filter, learns to flag spam via user complaints and lack of engagement.
- Yahoo! maintains a whitelist, but it doesn’t ensure delivery, since all senders are still subject to SpamGuard.
- Good reputation metrics and getting subscribers to put you on their “safe” lists will protect your deliverability.
- Yahoo! references block lists at The Spamhaus Project – so being listed there will result in a block.
- DKIM authentication is needed with AOL.
- AOL uses an IP-based whitelist; mailers with good reputation scores in the AOL Feed Back Loop program qualify for it.
- Their spam filter is proprietary and custom-built, influenced by metrics like complaints, unknown users, content, bounce processing and spam traps.
- AOL references the block lists maintained at The Spamhaus Project.
- If you’ve been routed as junk mail or bounced, good luck! Getting back into the Inbox is tough, though a form to request delisting from AOL’s internal block list is available.
- Unlike other inbox providers on this list, Gmail doesn’t employ a feedback loop or whitelist.
- They’re very aggressive in blocking bulk commercial email compared to the other major inbox providers.
- Poorly-optimized creative content can prompt junk mail routing.
- Once you’re sent to the junk folder, it’s hard to get back to the Inbox. Requests to be removed from Gmail’s internal block list can take several months – or longer.
- Microsoft releases more reputation data than these other inbox providers via its Smart Network Data Services (SNDS) program.
- Windows Live Hotmail has switched to SPF authentication.
- They filter email using Symantec/Brightmail Probe Network and Smartscreen filtering, along with proprietary content-level filtering.
- Blocking may result from being listed with Brightmail; removing blocks requires contacting Symantec, not Hotmail.
Looking for more information about email best practices that can get you into the inbox? Download our free eBook, Email Best Practices 101.