Matt Vernhout from EmailKarma reports that Gmail is now turning images ON by default, so long as the recpient has sent YOU, the sender, two messages in the past (kind of a neat way to make sure there’s a trusted relationship). Here’s the post from the official Gmail Blog.

There’s another catch — your emails to the recipient have to be authenticated (SPF or DKIM). As a reminder,  Authentication is a method used by many ISPs to judge whether or not an email is trustworthy (learn more at the Online Trust Alliance’s website). All major forms of authentication are built-in and automatically turned on for all your MailChimp campaigns.

As Matt points out, it’s almost worth it to get rid of any “DO-NOT-REPLY” statements you might be using, and actually encourage your recipients to send you emails. If it sounds a little too scary to add a “send us feedback!” link for your entire list, just add that for Gmail subscribers.

Here’s how you can segment your list and send only to your subscribers @gmail.

Reading through the FTC Spam Summit Report (472k PDF), I came across an interesting study they did, buried way back in the Appendix.

To determine how effective ISP spam filters are, they created 150 fresh new email addresses, and posted them at 50 locations around the Internet:

“The 50 Internet locations included websites controlled by the FTC and several popular message boards, blogs, chat rooms, social networking sites, video posting sites, and sites with user-generated content that had high hit/visit rates.”

Then they measured how much spam they got, how fast, and how much their ISPs’ spam filters blocked…

“At the conclusion of the two week study period, the 50 Unfiltered Addresses had received a total of 718 pieces of spam. At the conclusion of the five week study period, these same addresses had received 3,045 pieces of spam. The total weekly amount of spam sent to the Unfiltered Addresses more than doubled from weeks one and two to weeks three through five.”

Wow. The ISP that had no spam filters got over 3,000 pieces of spam in a little over one month. The two ISPs that had built-in spam filters blocked spam pretty good: 93% at one ISP, and 78% at another.

Most Email is Harvested from Websites, Not Blogs, Forums, etc.

Ever wonder where the spambots harvest email addresses the most?

“At the conclusion of the two week study period,  86% percent of the total amount of spam messages received at Unfiltered Addresses were from addresses that had been posted on the FTC’s website pages, and only 14% percent of the spam messages had been received from addresses posted elsewhere.”

Spam Traps

To conduct the study, the FTC setup 150 fresh new email addresses that were used strictly to trap spam. These are called “spamtraps.” ISPs and anti-spam companies setup spamtraps all the time. If an email marketer buys a list from a disreputable source (who probably bought their list from yet another disreputable source who harvested addresses from websites), chances are high that list has a spamtrap on it that could get you instantly blacklisted. Some ISPs even turn very old email addresses (from closed customer accounts) into spam traps, and post them around the Internet. That’s why email marketers should never send campaigns to very old lists.

The Importance of Authentication to the FTC
One more random tidbit from the report (from their “Next Steps” section, pg 26):

“Staff will…urge ISPs to further implement negative scoring for non-authenticated email…”

Clearly, the FTC is concerned with the impact of Phishing, and they feel authentication is an effective technological weapon against it. This is a sign that they intend to push ISPs to penalize non-authenticated emails. On a related note, check out this interview with Yahoo: Will Yahoo block messages that aren’t authenticated?

For years, ISPs have been a little vague about how they’re going to handle authentication. Will it be used to block email? Does every legit email marketer need to authenticate their messages? Do ESPs need to offer it to all our clients?

Network World Senior Editor Carolyn Duffy Marsan interviewed Mark Risher, anti-abuse product manager for Yahoo Mail, and asked some blunt questions, like:

1. What benefits does DKIM provide?
2. A year from now, will you be stopping a lot of mail at the front gate because of DKIM?
3. Will you send non-authenticated email through more filtering?

Risher also shared the following:“We have seen aggressive uptake of DomainKeys. More than 40% of our inbound traffic to Yahoo Mail is using DomainKeys. That’s more than 1 billion messages a day with the open source version. DKIM is its successor. …Within 18 months, all of the top financial institutions will use DKIM.”

FYI, MailChimp offers both DKIM and Domain Keys (along with SPF and SenderID) for free. Just check a box, and bam—you’re authenticated.

According to George Bilbrey, AOL, Gmail, and Yahoo have implemented DKIM email authentication.

For those of you who don’t know, authentication is a way to prevent email forgeries, and it can improve your deliverability. The AOTA says Authentication has hit its “tipping point.”

Since 2004, when email authentication started to really pick up steam, ISPs have been testing (and changing) their support for authentication. Some use one method for inbound, and another for outbound. Some support all methods of authentication. Some have abandoned it, or are in limbo. It can be confusing.

So we compiled a chart of which ISPs are using which authentication methods over here.

Of course, we’ve also made authentication “MailChimp Easy:” Our customers can authenticate their email campaigns with one simple click, and we cover all the major authentication standards (DKIM, Domain Keys, SenderID, and SPF).

“The adoption of e-mail and domain authentication has reached its tipping point, exceeding 50% in several key metrics, according to the Authentication and Online Trust Alliance. The report found that 51% of the Fortune 500’s consumer-facing brands, 52% of the Fortune 500’s consumer-facing financial service brands and 54% of the top 300 brands in the Internet retailer segment are all using some form of e-mail authentication.”

You can read more about Authentication and how it affects consumer trust over at DMNews.

If you’re a MailChimp customer, you can authenticate all your email campaigns, just like the Fortune 500 brands do. It’ll make your emails look more trustworthy, and it’ll sometimes help you get through corporate email firewalls. And you can do this with one simple click. Here’s how to activate it (it’s free for all MailChimp customers).