Building a Solid Email Reputation
Understanding Authentication, Reputation and Accreditation
By Stephanie Jordan
Authentication and reputation are so closely bound it is nearly impossible to talk of one, without the other. Authentication is the first of a two-step process. Authentication helps the receiver to ascertain if the sender is who he says he is and has the right to send email from that IP address. The sender could be sending spam or legitimate email; the fact the sender is authenticated does not help determine the content of the email. This is where reputation, as the second and critical step, comes into play. Once the sender is authenticated, then the sender's reputation (or emailing history) can be referenced and applied to the ovrall mail score.
"Many have looked at authentication as black and white and this is incorrect," notes Director of Microsoft Technology Care and Safety Craig Spiezle. "Similar to a car, having a license doesn't make you a good driver. Authentication means your email has been verified or validated. It is only the first-part of validating the identity of the sender. It does not establish if you are a good mailer or a bad mailer. That is the importance of dynamic reputation data on the domain and the IP of the mailer."
Combining authentication with reputation promises to help improve the deliverability to the inbox by increasing the accuracy of mail handling options, such as junk mail, quarantine, or block/delete. "We are at a point now where we are able to stop talking about research theory and look at actual results of applying reputation. That has changed dramatically in the last six months, and more so because of the onslaught of image-based spam and other tactics. Reputation data is strongly coming into play now and changing the rules of deliverability," says Spiezle.
A "Good" Reputation
Now more than ever, senders need a good reputation. But what does it look like? "There are myriad of factors that build a 'good' email reputation," reveals George Bilbrey, general manager of delivery assurance for Return Path. "Including proper infrastructure, low complaint rates, identity stability, and proper list hygiene." Programs like Return Path's Sender Score Certified program, which replaced Bonded Sender, monitors a sender's complaint rates, unknown user rates, spam trap data, permission practices, email infrastructure, volume of email sent, identity integrity and more. "In general, a Sender Score of 80 or higher is considered good and is likely to be highly correlated with good inbox delivery."
Building a solid email reputation should be among an email marketers top priorities. But while it is not difficult, it does take time and vigilance. "First and foremost, you need to create a program that is relevant and respected by your customers. That limits complaints, which are the death nail to email reputation. It is also important to maintain the proper email infrastructure, clean your list often, and don't change IP addresses frequently," recommends Bilbrey.
How Reputation Works
Email receivers use reputation factors to determine mail handling - what is accepted or rejected. Having a solid reputation helps avoid the filtering algorithms used for other, unknown email senders. Bilbrey says, "Many ISPs use the Sender Score system, but even if they don't, they are watching their own reputation data closely."
Here is an example of how reputation works: A publisher of a financial newsletter sends mail. It passes Sender ID. However, the content of the mail contains stock tips, mortgage interest rates, advice, etc. The receiver's heuristics and content filters analyze the mail and conclude it is either spam or junk mail. The mail is screened improperly, because the content of the mail scored, for instance, is -1.
If reputation had been applied, the magnitude of the reputation would have outweighed the negative scoring of that mail- and it would have been delivered to the inbox. "Reputation can do outweigh or override a negative score received on content and improve deliverability," explains Spiezle. "The net result is that false-positives come down." Microsoft is reporting over 85 percent reduction in falsepositives with a combination of Sender ID and reputation for high volume legitimate mailers. Falsepositives result when legitimate is inadvertently junked or deleted.
This is not to say that filtering will go away. "We need to look at multiple approaches. They are all useful and necessary, but imperfect," says Spiezle. "By combining the filtering, blockless and personalization with authentication and reputation, we can help overcome evolving spam tactics, including the rising tide of image-based spam."
Accreditation and Reputation
As with the confusion between what authentication can do, there is also confusion on reputation versus accreditation. "Different people are going to have different perspectives," acknowledges Spiezle. "I look at reputation as what do we know about that sender? Have people complained? Back to the car analogy - how many tickets has he had? How many accidents? That is essentially reputation."
Spiezle believes accreditation is similar to an insurance AAArating, because the insurance company thinks the driver is good. "Accreditation uses reputation data. For example to qualify for a program, you have to have a good reputation. But it can get confusing-because when you start to look at some thirdparty accreditation services and programs and what are they? To get in and qualify, you have to meet certain criteria. You have to get accredited and the criteria will be different forms of reputation. It's a continuum - with reputation on one side and accreditation on the other," explains Spiezle.
Bilbrey describes the differences in this way, "Reputation is the precursor to accreditation. When you have a solid email reputation, you can earn your way into accreditation programs. Like our Sender Score Certified that will vouch for you as a sender and serve as whitelists, aiding deliverability to the inbox." He goes on to say that typically accreditation programs involve an agreement from an ISP to accept and deliver mail. "An accreditation program usually entails a detailed review of practices and policies, as well as reputation data. While reputation is often based entirely on quantitative factors-such as complaint rates."
Neither accreditation nor reputation is necessarily better than the other. However, accreditation does negate the need to research, apply and analyze the different forms of reputation.
Pitfalls
Reputation does put a burden on companies to meet criteria that could be a moving target. The Email Sender and Provider Coalition (ESPC) is an enthusiastic supporter of reputation, but advocates that the criteria be objective and open. Last year the ESPC released a reputation position statement that outlines guiding principles of email reputation and provides a framework for public and private reputation services. "Independent, third party reputation service providers (RSPs) are an emerging segment of the market that collect performance data and assert positive reputations about email senders. This statement reinforces the principles of objectivity and openness, and suggests how RSPs should generally weigh different factors, such as complaint and unknown user rates, in determining sender reputations and facilitating the delivery of legitimate email," says Trevor Hughes, executive director of the ESPC. "It is the ESPC's intent to act as a guide for reputation providers, senders and receivers as reputation plays an ever increasing role in email deliverability."
Another potential shortfall is not having any reputation. "If you have not mailed before, you do not have a reputation," explains Spiezle "Receiver networks throttle mail, which means the ISP will limit the amount of mail accepted until reputation feedback is available. That is a big difference for an email marketer that wants to start up a new data center and pump out a lot of mail. For example if a mailer wants to send out a bunch of valentines and it is Feb 3, it should be no problem. However, with no reputation to apply, the receiver networks are very judicious about how much of that mail is allowed through. Which is a good thing for the user, but the marketers need to understand that."
Benefits Outweigh
Given the state of messaging, the benefits of authentication plus reputation far exceed the pitfalls. "Everyone benefits from reputation-except for spammers. They can never build a good reputation or take advantage of the privileges it provides. Businesses with solid email reputations have their email delivered-and with higher response rates. Consumers benefit when receivers use reputation to filter, as they are spared volumes of unwanted email. ISPs benefit by helping the good guys get their mail delivered, and their subscribers the email they want," concludes Bilbrey. "Reputation systems provide a clean way to keep spam out by putting the onus on senders to do the right things."SJ/TMP