Will Yahoo block messages that aren’t authenticated?
February 12, 2008 – 11:01 am
Here’s an interesting article about email authentication over at NetworkWorld: Will Yahoo block messages that aren’t signed?
For years, ISPs have been a little vague about how they’re going to handle authentication. Will it be used to block email? Does every legit email marketer need to authenticate their messages? Do ESPs need to offer it to all our clients?
Network World Senior Editor Carolyn Duffy Marsan interviewed Mark Risher, anti-abuse product manager for Yahoo Mail, and asked some blunt questions, like:
- What benefits does DKIM provide?
- A year from now, will you be stopping a lot of mail at the front gate because of DKIM?
- Will you send non-authenticated email through more filtering?
Risher also shared the following:“We have seen aggressive uptake of DomainKeys. More than 40% of our inbound traffic to Yahoo Mail is using DomainKeys. That’s more than 1 billion messages a day with the open source version. DKIM is its successor. …Within 18 months, all of the top financial institutions will use DKIM.”
FYI, MailChimp offers both DKIM and Domain Keys (along with SPF and SenderID) for free. Just check a box, and bam—you’re authenticated.
7 Responses to “Will Yahoo block messages that aren’t authenticated?”
With the preponderance of evidence (and clearly the trends) suggesting that authenticated emails means increased delivery rates, why isn’t this an opt-out option in MailChimp – or even better done automatically on every campaign from MC?
By Ryan Thrash on Feb 12, 2008
Great question, Ryan. It’s because the first time we rolled out authentication a couple years ago, we made it mandatory, and our customers gave us a beat-down like you wouldn’t believe. People seem to like choice. Also, some email readers display the “from” and “Sent on behalf of” fields differently, which makes some senders uncomfortable. Finally, there are some edge cases where someone’s server might have authentication that conflicts with authentication sent from an outside service. Until they square things away on their server, they’d want this turned off for their campaigns. I think this will all one day become moot, and authentication will just be “always on” like you recommend.
By Ben on Feb 12, 2008
Opt-out is still a choice … you get to proactively choose to do something destructive, but do the right thing for the majority (and allow those that are corner cases to address their needs too).
This way the folks like me that would totally forget to check that box when they’re hurriedly trying to send a campaign would still get the benefit of continuing to expect that best practices are defaults, and not an opt-in feature.
Alternatively, an account preference/setting would solve this too. “Always Authenticate my campaign…”
By Ryan Thrash on Feb 14, 2008
Thanks Ryan, I’ll forward your comments on to the team.
By Ben on Feb 14, 2008
Hi Ryan, Authentication is now pre-checked, and opt-out. Thanks for your input!
By Ben on May 23, 2008