E-mail Deliverability: Your Next Impending Technology Crisis

By Chris McKeachie

While the past year has seen a focus on the compliance implications of the CAN-SPAM Act, a less discussed but potentially more significant result of the SPAM onslaught has begun to impact organizations: e-mail deliverability.

For technologically savvy organizations, e-mail has, for the past 10 years, been an incredible windfall, providing groups with the ability to communicate cost-effectively with constituents. E-mail has been a nearly “free” method to keep in touch with members and, when coupled with self-service Web sites, has reduced labor, phone and postal costs traditionally associated with mailing or faxing hardcopy materials.

ANTI-SPAN  STRATEGIES HELP FILTER UNWANTED E-MAIL
E-mail deliverability used to mean keeping up with the current e-mail address as the typical e-mail user switched Internet Service Providers (ISPs) or changed employers and thus e-mail addresses. Today, deliverability means keeping up with a rapidly developing set of tools and rules used by companies and ISPs to identify SPAM and either reject it before it gets to the recipient or filter it into a bulk e-mail box that the recipient may never view.

Because of the growing number of consumer complaints related to junk e-mail, ISPs have placed significant effort into their anti-SPAM strategies, to the point where the effectiveness of the filter technology employed by each has become a key competitive selling point. A recent AOL marketing campaign depicts an annoying human SPAM message crashing into the glass doors outside an AOL office to make the point that they have effective SPAM filters.

What you may not have realized is that your organization’s electronic newsletter could be considered the annoying SPAM hitting the glass doors. Several ISPs, as well as many universities, have begun utilizing systems that actually initiate an introduction between sender and receiver. In one version, the receiving system sends back an e-mail to the sender that includes a unique Web page link. The sender must go to this link and enter relevant identifying data, which the e-mail recipient can then review prior to accepting delivery of e-mail from the specific sender.

While ISPs have aggressively implemented methods to combat SPAM, corporations have actually led the charge to implement filtering systems on their internal e-mail systems. SPAM reaching employees can carry viruses and trojans, and even when benign, must be reviewed—thus becoming a huge productivity sieve.

Official deliverability statistics vary wildly by ISP and company, and by the reputation of the sending organization, but it is clear that at least 2% and as much as 25% of e-mails sent are not delivered at all and another 2% to 60% are delivered into the recipient’s bulk e-mail box rather than their primary inbox.

The potential fallout from poor e-mail deliverability is significant. Has your organization moved to electronic delivery of newsletters? Do you send out e-mail notifications to members for dues renewal? Do you advertise your conference or promote products and services via e-mail? Imagine then, for example, that you discover members with AOL addresses are no longer receiving your organization’s e-mail, or worse yet, your mail server has been blacklisted and is unable deliver to many ISPs and corporations.

A department used a rented list to send a promotional e-mail with poorly considered content and structure could be identified as unsolicited e-mail and start your organization on the road to deliverability issues. In these situations, many hours of technical time will be spent working with ISPs and reputation services in order to achieve reasonable deliverability again. The alternative is to revert to distribution of printed materials via postal or fax delivery—both of which are more expensive and less timely than e-mail.

SPAM FILTERING APPROACHES
ISPs and corporate mail systems establish their own rules for defining what SPAM is and, therefore, what e-mail messages are allowed through to the end-user. Typically an inbound message is evaluated on the basis of dozens of factors. Some of the more common evaluation factors include:

1. DNS blacklists check the apparent sender’s IP addresses against third-party databases of known SPAMMERS.

2. Verification tests ensure the sending server is set up appropriately. For example, the mail server should have a proper reverse-lookup DNS record; it should not allow relaying of e-mail, and it should offer an “abuse” administrative address to which to report problem e-mail messages.

3. Content phrase filtering examines message content for obvious inappropriate content.

4. Statistical filtering compares each word in a message against collected word counts to determine if the message is statistically likely to be SPAM. This is often referred to as heuristic filtering.

5. HTML filtering examines messages for HTML tags and domain names contained in URLs and attempts to detect patterns commonly used to bypass or confuse other forms of SPAM detection.

6. SPAM complaint systems review inbound e-mail against complaint logs or whether e-mail has been identified as SPAM by subscribers of their system.

7. Proprietary techniques are developed by major ISPs and shared infrequently with the outside world (since exact knowledge of them would make it easier for SPAMMERS to circumvent.) For example, some use statistics, tracking how many attempts to send to an invalid address were made from a particular sender. This may trigger blocking of further mail from that sender, because it is an indicator that an out-of-date e-mail list is probably being used and the content is therefore more likely to be unsolicited commercial e-mail.

8. IP Authentication filtering, including sender policy framework (SPF) checks to see if the sender’s domain has published a list of valid servers from which it will send e-mail exclusively, then verifies if the current message is coming from one of the registered servers. AOL uses this extensively and it has some similarities with Sender ID, which is a Microsoft standard used by Hotmail and MSN to authenticate the sender.

9. Reputation filtering, sometimes called whitelisting, involves a sender becoming  accredited” as following guidelines regarding e-mail content, frequency, opt-in standards, rapidity and consistency in following recipient requests to be removed from lists, etc. Habeas Safelist and Ironport Bonded Sender are two of the better known programs.

10. Sender Authentication is used to verify that part or all of the message is coming from the identified sender. DomainKeys Identified e-mail is a cryptography-based sender authentication system developed from a technology partnership between Yahoo! and Cisco.

SUMMARY
The e-mail deliverability/SPAM filtering industry is still in its infancy with regard to authentication and reputation filtering, and multiple competing standards and services currently exist. Your organization will need to continuously review its position relative to the SPAM filtering approaches discussed in this article in order to achieve maximum deliverability. Deliverability standards are a moving target and, even if you believe you are reaching nearly every target inbox today, the bar for acceptance continues to get higher—forcing organizations to actively manage the reputations of their mail servers and domain(s).

Chris McKeachie is the Vice President and Chief Information Officer of Bostrom Corporation.