250 likes | 608 Views
2. Who is Port25 Solutions, Inc.?. Leading Commercial Gateway/MTA ProviderPowerMTA
E N D
1. // Sender’s Guide to Sender ID - based on our understanding and experience
we recognize this is evolving and there is a lot to learn…
- based on our understanding and experience
we recognize this is evolving and there is a lot to learn…
2. 2
3. 3 Sender Perspective
4. 4 Receiver Status observations:
both Mail From and PRA are being checked…
they are recommending that you publish
Simon is Speaking!!!
Simon Say’s Do It!!
i can’t warrant what they are doing…
recommendations are to publish…observations:
both Mail From and PRA are being checked…
they are recommending that you publish
Simon is Speaking!!!
Simon Say’s Do It!!
i can’t warrant what they are doing…
recommendations are to publish…
5. 5 5 Recommendations for Senders Call to Action
Key Decisions
Making it Easy
Testing, Testing, Testing….
Next Steps
6. 6 1) Call To Action Implement Sender ID
MAIL FROM and PRA
Receivers are Checking…
Begin the Journey…
Who Else Has Implemented Sender ID?
218K Domains (spfv1)
100% of ESPC (spv1)
5.4% of Fortune 1000 (spfv1)
Get Educated
http://www.microsoft.com/senderid
http://spf.pobox.com/whitepaper.pdf
http://www.port25.com/auth
7. 7 2) Key Decisions What Mail Gateways will be Used to Send E-mail?
Consider All Scenarios / Paths
Reduce Number of Paths where Possible
Sending IP Address & Domain Name Strategy?
Segment streams of mail by IP address & sub domain
Always use your trademarked master domain
Message Header Strategy?
Make MAIL FROM and PRA domains consistent
Don’t confuse “adhering to spec” and “best practice”
What “all” Policy?
“-all” for non-mailing domains
“?all” for mailing domains
One Record or Two?
One record (“v=spf1”) if MAIL FROM & PRA are the same
Two records if they are different (add “spf2.0/pra” record)
8. 8 3) Making It Easy On Yourself….
Use “include” to point to externally managed spf records
Use “redirect” to point to internally managed spf records
EXAMPLE 1: “v=spfv1 a:acme.com include:_spf.acme.esp.com ?all”
EXAMPLE: “v=spfv1 redirect:_spf.acme.com”
For Receivers….
Minimize DNS queries generated by your SPF record
Use SUBMITTER optimization
9. 9 4) Testing, Testing, Testing… Use Multiple Tools
Wizards, Web Checkers, Mail Reflectors
http://www.port25.com/auth
Test All Delivery Paths
Upon Rollout
On an On-Going basis
Monitor Delivery
SMTP Response Codes / Bounce Reports
Seed Mailbox Delivery Rates
Forgery Detection
Before They Happen: Check Messages at Outbound MTA
After They Happen: Using “exists” with DNS log monitoring
10. 10 5) Next Steps Maintain/Improve Sender ID Deployment
Fixing Issues
Keeping Current with Changes
Implement DomainKeys
Yahoo is Now Checking (as of this week)
http://antispam.yahoo.com/domainkeys
Evaluate Your MTA Infrastructure & Build Plan to Test
Include Authentication in Your Plan for 2005
Set Budgets, Staffing & Project Plans Accordingly
11. 11 Conclusion E-mail Authentication is a Process Not an Event
12. Questions?
13. Additional Slides(Details & Illustrations)
14. 14 Who Else Has Published SPF Records?
15. 15 Segmenting Streams of E-mail
16. 16 Segmenting Streams of E-mail
17. 17 MAIL FROM & From Header Strategy
18. 18 How Strict of an “all” Policy?
19. 19 Be Aware of DNS Queries Required by Receiver
20. 20 Submitter Optimization
21. 21 One Record or Two?
22. 22 SampleReflectorOutput
23. 23 Delivery Monitoring SMTP Response Codes / Bounce Reports
Monitor SMTP Logs/Bounce Reports for Authentication Errors
550 5.7.1 XXX YYY ZZZ
Generate an Alert
PowerMTA “Real-Time Reputation Monitoring”
Deliverability Rates
Has there been a big change?
Check with Receiving ISP’s…
Execute Test Cases Regularly
Add E-mail Reflector to Your Seed List
e.g. check-auth@verifier.port25.com
Daily or Weekly Checks
24. 24 “Forgery Prevention”
25. 25 “Forgery Detection”