Email Sender Verification

To ensure that email to your constituents at AOL, Hotmail, and Yahoo! is delivered to the inbox, your organization needs to comply with two sender verification standards: Sender ID and DomainKeys. These standards allow the ISPs to identify email publishers, evaluate their mail reputation, and make delivery decisions. If your email passes sender verification, it has a much higher probability of being delivered to the inbox, rather than rejected or diverted to the bulk or junk mail folder.

Compliance with these email standards is a joint responsibility of Convio and our customers. We have enhanced our application to support the standards, but since both Sender ID and DomainKeys rely on the DNS system to determine sender identity, customers must also take action to support compliance. Your organization needs to modify its DNS records to include additional TXT records required by the Sender ID and DomainKeys standards.

• Detailed Setup Guide - I am interested in learning all about this, or my DNS is complex. What do I need to know in order to work with my DNS Provider to implement these standards?
  
  
• Quick Setup Guide - My DNS is very simple and I don't need all of the details. Just tell me what I need to do.
  
  
• GetActive Implications - We are on the GetActive Platform. Does this affect us?

Detailed Setup Guide

What are the pertinent email sender verification standards my organization needs to implement?

Different ISPs utilize different sender verification standards, so clients need to adopt two different standards: Sender ID/SPF and Yahoo! DomainKeys.

Sender ID/SPF requires that clients modify their DNS with a TXT record that specifies the IP addresses of mail servers that are authorized to send email in that domain’s name. Hotmail and MSN.com utilize Sender ID to evaluate incoming email, and some versions of Microsoft Outlook flag email that fails Sender ID as suspicious. AOL and gmail utilize SPF to evaluate incoming email.

DomainKeys is a competing standard developed by Yahoo!. It requires that clients modify their DNS with a TXT record including a public key encryption signature. Although not as widely adopted as Sender ID/SPF, it is nonetheless very important to Convio clients, since Yahoo! is the second largest ISP in terms of prevalence on client lists. DomainKeys offers stronger and more precise authentication than Sender ID/SPF, because it authenticates individual email messages rather than mail servers.

How do I implement each of these standards?

Please provide your DNS provider the instruction documents linked below:

Instructions to implement DomainKeys.

Instructions to implement SPF and Sender ID.

How can I check our setup once it is published?

Please use the Convio Client DNS Checking Tool - the tool covers not only the above simple configuration but also more complex DNS setups.

What happens if I don't implement these standards?

Due to the critical importance of sender verification for good email delivery, the Convio product (both Email Campaigns and Quick Email) now has a built-in ability to monitor whether the domain names your organization uses comply with these standards. If you choose not to implement either standard, the Email Campaigns and Quick Email tool will start reminding you that you need to implement these standards every time you send an email job. These reminder messages include links to implementation instructions.

In addition, if your organization has not implemented DomainKeys by April 30th, the Convio software will implement it for you in order to ensure that your organization gets good delivery at Yahoo. As a result, there will be some changes in how your "From" line is displayed at Yahoo.  Your “From Name” will remain unchanged, but your  “From Email Address” will be changed, as in the following example:

From: “Defenders of Wildlife” <defenders@mail.defenders.org>
->
From “Defenders of Wildlife” <c+dow@trusted-sender.convio.net>

Note that these changes will only occur for recipients with Yahoo! email addresses, not recipients at any other ISP or domain.  The change in your "From Email Address" will stop automatically when our product detects that your DNS records support DomainKeys.  Note also that your organization’s “From” address will be inserted into a Reply-To header, so that you still get constituent's responses.

At this time, Convio will not be applying DomainKey signatures to email destined for other ISPs such as Google Gmail, which is the only other major US-based ISP that uses DomainKeys, since there is as yet no client value in doing so. Unlike Yahoo!, Gmail is not currently providing added delivery benefits to email senders that comply with DomainKeys.

How long do we have to get this done?

You should implement both standards by April 30, 2008. After that date, the Convio software will automatically implement DomainKeys using a Convio.net “From” address until your organization enhances its DNS records with DomainKeys.

Is it OK to deploy the DNS changes in advance?

Yes, please do.

Our organization is small and run by volunteers, who use their AOL, Yahoo or other ISP accounts as “From” addresses in Convio - what do we do?

You will need to obtain email addresses associated with your organization’s domain name for use as the “From” address. All email sent from the Convio system with a “From” address at an ISP will fail sender verification, and may experience severe email delivery problems. These ISPs have all published SPF records that explicitly state that Convio (and your organization) are NOT authorized to send from their domains (example). To come into compliance with sender verification standards, your email “From” address needs to include your domain name.

In the case of affiliates of national organizations, one solution is to issue each chapter an alias on your corporate email system that you can configure to forward replies to an affiliate’s AOL or Gmail accounts. The chapter alias address will need to be used as the “From” address with Convio messaging. This approach also has the benefit that the "From" address will not change due to staff turnover.

Quick Setup Guide

For those readers who are familiar with DNS, have a really simple setup, and wish to know what to tell their DNS provider, just ask them to add the following two records to the DNS zone file for each domain you use in "From" addresses for Convio Email:

@                     86400     IN     TXT     "v=spf1 +mx +include:outboundmail.convio.net ?all"

convio1._domainkey    86400     IN     TXT     "t=y; k=rsa; p=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKKtPPXbNdv+hPWGVXoEShvMYnnHYpUqIo7umzoFT+CYynqq9j7WpiTOHqabxteN4igg8ztEZoB6z69JPD5OSN0CAwEAAQ=="

Note that the above record is a single line and should have no line breaks, but it may have been wrapped by your browser -- the public key is a single string and there is no whitespace in any of the content following the "p=" field designator.

How can I check our setup once it is published?

Please use the Convio Client DNS Checking Tool - the tool covers not only the above simple configuration but also more complex DNS setups.

What happens if I don't implement these standards?

Due to the critical importance of sender verification for good email delivery, the Convio product (both Email Campaigns and Quick Email) now has a built-in ability to monitor whether the domain names your organization uses comply with these standards. If you choose not to implement either standard, the Email Campaigns and Quick Email tool will start reminding you that you need to implement these standards every time you send an email job. These reminder messages include links to implementation instructions.

In addition, if your organization has not implemented DomainKeys by April 30, 2008, the Convio software will implement it for you in order to ensure that your organization gets good delivery at Yahoo. As a result, there will be some changes in how your "From" line is displayed at Yahoo.  Your “From Name” will remain unchanged, but your  “From Email Address” will be changed, as in the following example:

From: “Defenders of Wildlife” <defenders@mail.defenders.org>
->
From “Defenders of Wildlife” <c+dow@trusted-sender.convio.net>

Note that these changes will only occur for recipients with Yahoo! email addresses, not recipients at any other ISP or domain.  The change in your "From Email Address" will stop automatically when our product detects that your DNS records support DomainKeys.  Note also that your organization’s “From” address will be inserted into a Reply-To header, so that you still get constituent's responses.

How long do we have to get this done?

You should implement both standards by April 30, 2008. After that date, the Convio software will automatically implement DomainKeys using a Convio.net “From” address until your organization enhances its DNS records with DomainKeys.

We are on the GetActive platform, does this affect us?

GetActive clients should implement Sender ID/SPF as soon as possible, if they have not already done so. The GetActive platform does not support signing outbound email, so it is not necessary to implement DomainKeys immediately, and no changes will be made in GetActive “From” addresses. GetActive platform clients who will be migrating to Convio are advised to go ahead and implement the Convio DomainKeys record anyway, and to modify their SPF record by adding the Convio "include" in addition to the GetActive one -- doing so will not cause any harm, and then you won't risk forgetting it for the migration.