DOCSLIB.ORG

Delivering Results to the Inbox Sailthru’S 2020 Playbook on Deliverability, Why It’S Imperative and How It Drives Business Results Introduction to Deliverability

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

Delivering Results to the Inbox Sailthru’s 2020 Playbook on Deliverability, Why It’s Imperative and How It Drives Business Results Introduction to Deliverability Every day, people receive more than 293 billion Deliverability is the unsung hero of email marketing, emails, a staggering number that only represents ultimately ensuring a company’s emails reach their the tip of the iceberg. Why? The actual number intended recipients. It’s determined by a host of of emails sent is closer to 5.9 quadrillion, with the factors, including the engagement of your subscribers overwhelming majority blocked outright or delivered and the quality of your lists. All together, these factors to the spam folder. result in your sender reputation score, which is used to determine how the ISPs treat your email stream. Something many people don’t realize is that to the Deliverability is also a background player, so far in the major Internet Service Providers (ISPs) — Gmail, shadows that many people don’t think about it, until Yahoo!, Hotmail, Comcast and AOL — “spam” there’s a major issue. doesn’t refer to marketing messages people may find annoying, but rather malicious email filled with That’s why Sailthru’s deliverability team created this scams and viruses. In order to protect their networks guide. Read on to learn more about how deliverability and their customers, the ISPs cast a wide net. If a works on the back-end and how it impacts revenue, message is deemed to be spam by the ISP’s filters, it’s your sender reputation and how to maintain a good dead on arrival, never to see the light of the inbox, as one, and best practices for list management, email protecting users’ inboxes is the top priority of any ISP. content and more. That’s why strong deliverability is essential for any email marketer. Contents Glossary of Terms pg 3 Why Preference Centers Are Paramount pg 9 The Complex Path to the Inbox pg 4 Permission Practices: The Good, the Bad and the Gray Area pg 11 How Deliverability Drives Revenue pg 4 Email Headers and Return-Paths pg 14 “Sending Email People Love” and What That Means for Your Reputation pg 6 Email Legislations Around the World pg 14 Looking at List Management pg 8 Getting Started pg 16 Is Your Content Optimized for About Sailthru pg 18 Deliverability? pg 9 2 Glossary of Terms To understand deliverability is to begin with a vocabulary lesson. There are a ton of terms, many of which are acronyms, such as ISP and ESP. Here’s a breakdown: Bounce: When an email is Domain Name System (DNS): This email as spam or junk, helping them undeliverable, it bounces, which can system maps a human-friendly identify issues early. fall into two categories: domain name into a server IP address, almost like a telephone Inbox Placement Rate: When mail • Soft Bounce: These occur book. An MX type DNS record is accepted into an ISP’s network, when the ISP is blocking your specifies where mail destined for this figure refers to how many email due to reputation issues a particular domain name should messages are delivered to the or because of something be sent. A TXT type DNS is used to inbox. temporary, like a full inbox or contextualize information about the a down server. If you see a domain for authentication purposes. Internet Protocol (IP): A number major spike in soft bounces at assigned to any device that’s any ISP, you should address it Domain-Based Message connected to the Internet, your IP immediately. Users who have Authentication, Reporting & address is how the ISPs identify you soft bounced are still valid and Conformance (DMARC): DMARC and your server. should be included in your next allows senders to see how their send. domains are being used to send Internet Service Provider (ISP): email and tell the world how to Think Gmail, Hotmail, AOL, Yahoo!, • Hard Bounce: When you send handle illegitimate messages they Verizon, Comcast and AT&T. a message to a non-existent or appear to have sent. Sitting on top invalid email address — think of SPF and DKIM, DMARC is used Sender Reputation: This is literally a typos or a deactivated account to eliminate fraud and can protect score tied to you as an email sender, — it will hard bounce. This is senders and subscribers from dictating the majority of email a permanent failure, and a phishing and spoofing. filtering. We’ll cover this more in metric that factors into sender depth on page 6. reputation, so these users should DomainKeys Identified Mail be removed from your list. (DKIM): This is used as a form of Sender Policy Framework (SPF): authentication to digitally sign a Identifying whether a sending Delivered: A message is considered message, ensuring the sender has server has permission to send mail delivered when the ISP has permission to use the domain and from a particular domain, SPF is successfully accepted the message. that the message wasn’t tampered used to authenticate the Return- This does not equate to the with in transit. Path From address, which normally message being delivered to the only appears in message headers. inbox, however. Email Service Provider (ESP): Think Sailthru. Subdomain: This is an extension Domain: Referring to the locations of a brand’s web domain, usually of servers and devices connected Feedback Loop: For the ISPs that email.brand.com. Typically used to the Internet, domain names can offer this service, feedback loops for a brand’s marketing emails, represent various IP addresses, such allow senders to receive a report subdomains are often seen in the as sailthru.com. every time someone marks their “from” address. 3 The Complex Path to the Inbox Now that you’ve had that vocabulary lesson, we can get which DNS is used to identify the recipient’s address. into the mechanics of how deliverability works. Next, mail filters check SPF and DKIM authentication, Once you press send on your ESP’s platform, the the email’s header and content, blacklists, and sender/ campaign email goes into a queue to be delivered IP/domain reputation. Those checks determine whether to the ISPs. They then accept the mail as fast as mail should be accepted by their network and delivered possible, on a “first come, first serve” basis. This to the end user’s inbox or junk folder. depends on the domain name in the “To” field, for Though it may only take a few seconds, every email takes a complex journey to the inbox. Here's what it looks like. ISP Internet block block ESP TLS? spam Gateway - IP Blacklisted? - Sending too fast? Mail Filter - Bad repution? - Check SPF/DKIM authentication Mail Server - Proper DNS? - Check DMARC - Sign with DKIM - Check heuristic content filter Campaign - Throttle by ISP - Check bayesian filter inbox Generation - Check IP reputation - Check domain reputation How Deliverability Drives Revenue Email is the most lucrative marketing channel, hands According to Return Path’s 2018 Deliverability down. According to the 2018 Response Rate Report Benchmark Report, the average Inbox Placement Rate from the Association of National Advertisers and the is 85%. That means if you send an email to 100,000 Data & Marketing Association, email averages a 145% subscribers, you can reasonably expect 15,000 of ROI, far higher than social media, display ads, paid those messages to be marked as spam or disappear search and direct mail. But of course, that’s contingent into the void. on people actually receiving your email, which is why Last year, our sister brand Campaign Monitor analyzed deliverability is so important. billions of emails in order to determine a series of 4 benchmarks for different industries and even days of the 1,912 potential customers, that means 339 sales. If your week. The average clickthrough rate is 3.02% for media average order value is $150, you just made $50,850. brands and 2.25% for retailers. So of the 85,000 people Now say you get your Inbox Placement Rate up a single who received your email, 1,912 are potential customers. percentage point. Using the same math, you have 23 Two years of Barilliance data found that email more potential customers, four more sales and $600 conversion rate is on the rise, with 17.75% of clicked- more in revenue. That doesn’t sound like much, but through emails resulting in a purchase last year. Of your remember, that’s just one email. MONDAY TUESDAY WEDNESDAY THRUSDAY FRIDAY SATURDAY SUNDAY M T W Th F S Su Advertising & Marketing Agencies 2.70% 2.69% 2.67% 2.67% 2.65% 2.66% 2.47% Agriculture, Forestry, Fishing & Hunting 2.72% 3.07% 3.16% 3.72% 3.25% 5.59% 2.43% Automotive & Aerospace 1.47% 2.18% 2.07% 2.70% 2.22% 1.86% 2.20% Construction, Contracting, & Manufacturing 2.23% 2.71% 2.68% 2.93% 2.83% 2.81% 3.11% Consumer Packaged Goods 1.63% 1.95% 1.78% 2.00% 1.92% 1.93% 1.33% Education 2.68% 2.73% 3.05% 2.76% 2.81% 2.80% 2.49% Engineering, Architecture & Design 2.36% 3.01% 2.64% 2.82% 2.91% 2.67% 2.47% Financial Services 2.41% 2.60% 2.73% 2.71% 2.75% 2.83% 2.57% Food & Beverage 2.06% 1.33% 2.23% 1.73% 2.03% 1.37% 2.06% Government 1.96% 2.75% 3.50% 3.24% 3.14% 2.79% 2.56% Healthcare Services 2.57% 2.55% 2.64% 2.77% 2.91% 2.91% 2.32% IT / Tech / Software Services 2.55% 2.69% 2.71% 2.71% 2.72% 2.77% 2.76% Logistics & Wholesale 2.11% 2.84% 2.56% 2.64% 2.50% 3.85% 2.45% Media, Entertainment, & Publishing 3.01% 3.17% 3.06% 3.07% 2.94% 2.98% 2.79% Nonprofit 2.35% 2.70% 2.69% 2.62% 2.66% 2.70% 2.67% Other 2.44% 2.74% 2.46% 2.45% 2.63% 2.58% 2.48% Professional Services 1.72% 2.38% 2.47% 2.36% 2.47% 2.39% 1.85% Real Estate Agents & Brokers 2.05% 2.46% 2.07% 2.78% 1.40% 1.67% 2.84% Real Estate, Design, & Construction Activities 4.51% 2.82% 2.97% 3.49% 2.90% 2.79% 2.84% Retail 2.20% 2.20% 2.37% 2.26% 2.31% 2.17% 2.14% Travel & Hospitality, & Leisure 1.85% 2.22% 2.20% 2.18% 2.10% 2.15% 1.87% Unknown 2.99% 2.87% 2.77% 2.74% 2.79% 2.83% 2.82% All Industries (average) 2.66% 2.73% 2.71% 2.70% 2.70% 2.71% 2.59% Analyzing billions of emails, Campaign Monitor compiled these benchmarks for the average clickthrough rate by industry and day of the week.
Recommended publications
  • DMARC — Defeating E-Mail Abuse

    DMARC — Defeating E-Mail Abuse

    CERT-EU Security Whitepaper 17-001 DMARC — Defeating E-Mail Abuse Christos Koutroumpas ver. 1.3 February 9, 2017 TLP: WHITE 1 Preface E-mail is one of the most valuable and broadly used means of communication and most orga- nizations strongly depend on it. The Simple Mail Transport Protocol (SMTP) – the Internet’s underlying email protocol – was adopted in the eighties and is still in use after 35 years. When it was designed, the need for security was not so obvious, and therefore security was not incor- porated in the design of this protocol. As a result, the protocol is susceptible to a wide range of attacks. Spear-phishing campaigns in particular can be more successful by spoofing (altering) the originator e-mail address to imper- sonate a trusted or trustworthy organization or person. This can lead to luring the recipient into giving away credentials or infecting his/her computer by executing malware delivered through the e-mail. While raising user awareness on how to avoid e-mail fraud is recommended, the Verizon Data Breach Investigations Report indicates that more needs to be done. The DBIR report reveals that 30% of all phishing e-mail messages were opened by the recipients and with 12% clicked on the content and executed malicious code. The median time for the first user of a phishing campaign to open the malicious email is 1 minute, 40 seconds. The median time to the first click on the attachment was 3 minutes, 45 seconds. These statistics highlight the risk for an organization on the receiving end of spear-phishing e-mails.
  • Spam, Spammers, and Spam Control a White Paper by Ferris Research March 2009

    Spam, Spammers, and Spam Control a White Paper by Ferris Research March 2009

    Spam, Spammers, and Spam Control A White Paper by Ferris Research March 2009. Report #810 Ferris Research, Inc. One San Antonio Place San Francisco, Calif. 94133, USA Phone: +1 (650) 452-6215 Fax: +1 (408) 228-8067 www.ferris.com Table of Contents Spam, Spammers, and Spam Control................................................3 Defining Spam.................................................................................3 Spammer Tactics .............................................................................3 Sending Mechanisms.................................................................4 Spammer Tricks.........................................................................4 Techniques for Identifying Spam ....................................................5 Connection Analysis..................................................................5 Behavioral Analysis...................................................................6 Content Scanning.......................................................................6 Controlling Spam: How and Where ................................................7 The Key Role of Reputation Services .......................................7 Conclusion: An Arms Race.............................................................8 Trend Micro Interview........................................................................9 Ferris Analyzer Information Service. Report #810. March 2009. © 2009 Ferris Research, Inc. All rights reserved. This document may be copied or freely reproduced provided you
  • Presentations Made by Senders

    Presentations Made by Senders

    SES ���� ��� � �� � � � � � � � ������������� DomainKeys ��������� SPF ��������������������� ���������� ����������������� ������������������������������������������������ Contents Introduction 3 Deployment: For Email Receivers 6 Audience 3 Two Sides of the Coin 6 How to Read this White Paper 3 Recording Trusted Senders Who Passed Authentication 6 A Vision for Spam-Free Email 4 Whitelisting Incoming Forwarders 6 The Problem of Abuse 4 What To Do About Forgeries 6 The Underlying Concept 4 Deployment: For ISPs and Enterprises 7 Drivers; or, Who’s Buying It 4 Complementary considerations for ISPs 7 Vision Walkthrough 5 Deployment: For MTA vendors 8 About Sender Authentication 8 Which specification? 8 An Example 8 Conformance testing 8 History 8 Perform SRS and prepend headers when forwarding 8 How IP-based Authentication Works 9 Add ESMTP support for Submitter 8 The SPF record 9 Record authentication and policy results in the headers 8 How SPF Classic Works 9 Join the developers mailing list 8 How Sender ID works 9 Deployment: For MUA vendors 9 How Cryptographic Techniques Work 0 Displaying Authentication-Results 9 Using Multiple Approaches Automatic switching to port 587 9 Reputation Systems Deployment: For ESPs 20 Deployment: For Email Senders 2 Don’t look like a phisher! 20 First, prepare. 2 Delegation 20 Audit Your Outbound Mailstreams 2 Publish Appropriately 20 Construct the record 2 Deployment: For Spammers 2 Think briefly about PRA and Mail-From contexts. 3 Two Types of Spammers 2 Test the record, part 3 Publish SPF and sign with DomainKeys. 2 Put the record in DNS 3 Stop forging random domains. 2 Test the record, part 2 4 Buy your own domains. 2 Keep Track of Violations 4 Reuse an expired domain.
  • Combatting Spam Using Mimedefang, Spamassassin and Perl

    Combatting Spam Using Mimedefang, Spamassassin and Perl

    Combating Spam Using SpamAssassin, MIMEDefang and Perl Copyright 2003 David F. Skoll Roaring Penguin Software Inc. (Booth #23) Administrivia Please turn off or silence cell phones, pagers, Blackberry devices, etc... After the tutorial, please be sure to fill out an evaluation form and return it to the USENIX folks. 2 Overview After this tutorial, you will: Understand how central mail filtering works. Know how to use MIMEDefang to filter mail. Be able to integrate SpamAssassin into your mail filter. Know how to implement mail filtering policies with MIMEDefang and Perl. Know how to fight common spammer tactics. 3 Outline Introduction to Mail Filtering Sendmail's Milter API MIMEDefang Introduction, Architecture Writing MIMEDefang Filters SpamAssassin Integration Advanced Filter Writing Fighting Common Spammer Tactics Advanced Topics Policy Suggestions 4 Assumptions I assume that you: Are familiar with Sendmail configuration. You don't need to be a sendmail.cf guru, but should know the basics. Are familiar with Perl. Again, you don't need to be able to write an AI program in a Perl one- liner, but should be able to read simple Perl scripts. Are running the latest version of Sendmail 8.12 on a modern UNIX or UNIX-like system. 5 Why Filter Mail? The old reason: to stop viruses. The new reason: to stop spam and inappropriate content. Blocking viruses is easy. Block .exe and similar files, and test against signature databases. Blocking spam is hard, but becoming increasingly important. Organizations can even face lawsuits over inappropriate content. 6 Mail filtering is required for many reasons. In addition to the reasons given on the slide, you might need to filter outgoing mail as well to prevent virus propagation, dissemination of sensitive information, etc.
  • Account Administrator's Guide

    Account Administrator's Guide

    ePrism Email Security Account Administrator’s Guide - V10.4 4225 Executive Sq, Ste 1600 Give us a call: Send us an email: For more info, visit us at: La Jolla, CA 92037-1487 1-800-782-3762 [email protected] www.edgewave.com © 2001—2016 EdgeWave. All rights reserved. The EdgeWave logo is a trademark of EdgeWave Inc. All other trademarks and registered trademarks are hereby acknowledged. Microsoft and Windows are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. Other product and company names mentioned herein may be the trademarks of their respective owners. The Email Security software and its documentation are copyrighted materials. Law prohibits making unauthorized copies. No part of this software or documentation may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into another language without prior permission of EdgeWave. 10.4 Contents Chapter 1 Overview 1 Overview of Services 1 Email Filtering (EMF) 2 Archive 3 Continuity 3 Encryption 4 Data Loss Protection (DLP) 4 Personal Health Information 4 Personal Financial Information 5 Document Conventions 6 Other Conventions 6 Supported Browsers 7 Reporting Spam to EdgeWave 7 Contacting Us 7 Additional Resources 7 Chapter 2 Portal Overview 8 Navigation Tree 9 Work Area 10 Navigation Icons 10 Getting Started 11 Logging into the portal for the first time 11 Logging into the portal after registration 12 Changing Your Personal Information 12 Configuring Accounts 12 Chapter 3 EdgeWave Administrator
  • Set up Mail Server Documentation 1.0

    Set up Mail Server Documentation 1.0

    Set Up Mail Server Documentation 1.0 Nosy 2014 01 23 Contents 1 1 1.1......................................................1 1.2......................................................2 2 11 3 13 3.1...................................................... 13 3.2...................................................... 13 3.3...................................................... 13 4 15 5 17 5.1...................................................... 17 5.2...................................................... 17 5.3...................................................... 17 5.4...................................................... 18 6 19 6.1...................................................... 19 6.2...................................................... 28 6.3...................................................... 32 6.4 Webmail................................................. 36 6.5...................................................... 37 6.6...................................................... 38 7 39 7.1...................................................... 39 7.2 SQL.................................................... 41 8 43 8.1...................................................... 43 8.2 strategy.................................................. 43 8.3...................................................... 44 8.4...................................................... 45 8.5...................................................... 45 8.6 Telnet................................................... 46 8.7 Can postfix receive?..........................................
  • Email Sender Authentication Development and Deployment

    Email Sender Authentication Development and Deployment

    EMAIL SENDER AUTHENTICATION DEVELOPMENT AND DEPLOYMENT (PROJECT CHEESEPLATE) Volume I Technical and Management Proposal pobox.com IC Group, Inc. [email protected] v1.01 20041217 Full Proposal Control Number EB8A Email Sender Authentication OFFICIAL TRANSMITTAL LETTER IC Group, Inc., a New York State corporation, doing business as pobox.com, respectfully submits a proposal in response to solicitation BAA04-17 for Cyber Security Research and Development. It is submitted under Category 3, Technical Topic Area 7, Technologies to Defend Against Identity Theft, for consideration as a Type II Prototype Technology. Solicitation Title: BAA 04-17 Topic Title: Technologies to Defend Against Identity Theft Type Title: Type II (Prototype Technologies) Full Proposal Control Number: EB8A Proposal Title: Email Sender Authentication A companion proposal, Reputation System Clearinghouse (1RGT), is also being submitted under the same category and type. We request that these two proposals be read together. This proposal should be read first. This proposal was authored by Meng Weng Wong, Founder and Chief Technology Officer for Special Projects. He can be contacted at [email protected]. Meng Weng Wong IC Group, Inc. 1100 Vine St Ste C8 Philadelphia, PA 19107 December 15th 2004 EIN: 113236046 Central Contractor Registration: 3EKUCT Email Sender Authentication 2 EXECUTIVE SUMMARY Pobox.com aims to fight phishing by adding sender authentication “Phishing” is a class of high-tech scam that functionality to the Internet email system. First we will build a library uses fraudulent e-mail to deceive consum- ers into visiting fake replicas of familiar to implement a useful set of recently devised anti-forgery specifica- Web sites and disclosing their credit card tions, including ip-based approaches such as SPF and crypto-based numbers, bank account information, Social approaches such as DomainKeys.
  • How to Make Sure Your Emails Land in Your Prospects' Inboxes

    How to Make Sure Your Emails Land in Your Prospects' Inboxes

    How to Make Sure Your Emails Land in Your Prospects’ Inboxes How to Make Sure Your Emails Land in Your Prospects’ Inboxes | 1 Table of Contents Why Aren’t My Emails Getting Through? 3 Authentication 5 Permissions 7 Reputation 9 Sender Reputation 9 Cleanliness & Monitoring 10 List Source 10 New Domain Address Warming 11 Review Bounces 14 Monitoring Blacklists 15 Follow the Rules - CAN-SPAM, CASL, GDPR & CCPA 16 Engagement 17 Know Your Audience - Relevance, Frequency & Content Review 17 Unsubscribe Links 18 Conclusion 19 How to Make Sure Your Emails Land in Your Prospects’ Inboxes | 2 Why would my emails never make it to their destination? As we move further into the era of technology, email has become the primary source of professional communication. As a result, bad actors are doing whatever it takes to get you to view their emails. How many members of the Nigerian royal family have contacted you to transfer their fortune to your bank account? In response to more frequent attempts to phish, hack, and send spam, Internet Service Providers (ISPs) are doing everything they can to protect their customers from potentially unsolicited email, ! including blocking bulk email sends from new domains and internet protocol (IP) addresses. It’s important to remember that ISPs are always looking to protect their users (and investors). Because you’re sending emails to reach out to your prospects, these new measures have a direct impact on your ability to have your legitimate emails delivered to the inbox. How to Make Sure Your Emails Land in Your Prospects’ Inboxes | 3 Ultimately it is the practices of your company, and your engagement strategy, that determines whether or not your messages get through.
  • Email Authentication Faqs V3

    Email Authentication Faqs V3

    Email Authentication GUIDE Frequently Asked QUES T ION S T OGETHER STRONGER EMAIL AUTHENTICATION Marketers that use email for communication and transactional purposes should adopt and use identification and authentication protocols.” This document will explain what authentication is – includ- ing some recommendations on what you should do as an email marketer to implement these guidelines within your organization. * This Guide should not be considered as legal advice. It is being provided for informational purposes only. Please review your email program with your legal counsel to ensure that your program is meeting appropriate legal requirements. THIS COMPLIANCE GUIDE COVERS: Basics of Email Authentication Technologies Basic FAQs on the DMA’s Email Authentication Guidelines Implementation: Complementary Types of Email Authentication Systems Beyond Authentication: Email Reputation Email Authentication Resources for Marketers 1. What Do the DMA’s Email Authentication Guidelines Require? The DMA’s guidelines require marketers to choose and implement authentication technolo- gies in their email systems. It is up to your company to decide what kind of authentication protocol to use, though all are recommended based on current-day trends. The DMA does not require nor endorse the use of any specific protocol, as there are several interoperable, inexpensive, and easy to implement solutions available today. 2. Why does the DMA Require Members to Authenticate Their Email Systems? The DMA requires its members to authenticate their email systems primarily because mailbox providers (aka ISPs, MSPs or receivers) are increasingly requiring authentication. This strongly aligns with a growing trend in the email deliverability industry that’s leaning more towards domain-based reputation (as opposed to IP-based reputation a couple of years ago).
  • WHITE PAPER Email Deliverability Review

    WHITE PAPER Email Deliverability Review

    WHITE PAPER Email DELIVeraBility REView dmawe are the White Paper Email Deliverability Review Published by Deliverability Hub of the Email Marketing Council Sponsored by 1 COPYRIGHT: THE DIRECT MARKETING ASSOCIATION (UK) LTD 2012 WHITE PAPER Email DELIVeraBility REView Contents About this document ...............................................................................................................................3 About the authors ...................................................................................................................................4 Sponsor’s perspective .............................................................................................................................5 Executive summary .................................................................................................................................6 1. Major factors that impact on deliverability ..............................................................................................7 1.1 Sender reputation .............................................................................................................................7 1.2 Spam filtering ...................................................................................................................................7 1.3 Blacklist operators ............................................................................................................................8 1.4 Smart Inboxes ..................................................................................................................................9
  • Guide Deliverability.Pdf

    Guide Deliverability.Pdf

    email delivery for IT professionals INTRODUCTION................................................................................................................................................ 3 HOSTING AND HARDWARE ............................................................................................................................... 4 IP/DNS ............................................................................................................................................................. 5 DNS Naming................................................................................................................................................ 5 I already have a domain.......................................................................................................................... 5 I'm sending on behalf of someone else................................................................................................... 5 I'm sending on behalf of several companies............................................................................................ 6 IP Ranges .................................................................................................................................................... 6 Test IPs ....................................................................................................................................................... 6 Registrars...................................................................................................................................................
  • Adoption of Email Anti-Spoofing Schemes: a Large Scale Analysis

    Adoption of Email Anti-Spoofing Schemes: a Large Scale Analysis

    This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/TNSM.2021.3065422, IEEE Transactions on Network and Service Management IEEE TRANSACTIONS ON NETWORK AND SERVICE MANAGEMENT 1 Adoption of Email Anti-Spoofing Schemes: A Large Scale Analysis Sourena Maroofi, Maciej Korczynski,´ Arnold Hölzel, Andrzej Duda, Member, IEEE Abstract—Sending forged emails by taking advantage of a real Microsoft login page to steal user credentials [2]. In this domain spoofing is a common technique used by attackers. paper, we investigate the second type of email spoofing. The lack of appropriate email anti-spoofing schemes or their The Simple Mail Transfer Protocol (SMTP) for email dis- misconfiguration may lead to successful phishing attacks or spam dissemination. In this paper, we evaluate the extent of tribution does not provide support for preventing spoofing [3] the SPF and DMARC deployment in two large-scale campaigns so mail systems need to rely on security extensions such as measuring their global adoption rate with a scan of 236 million the Sender Policy Framework (SPF) [4], the DomainKeys domains and high-profile domains of 139 countries. We propose Identified Mail (DKIM) [5], and Domain-based Message Au- a new algorithm for identifying defensively registered domains thentication, Reporting, and Conformance (DMARC) [6] to and enumerating the domains with misconfigured SPF rules by emulating the SPF check_function. We define for the first time authenticate the sender and decide what to do with suspicious new threat models involving subdomain spoofing and present emails.