// sender s guide to sender id

1. // Sender�s Guide to Sender ID - based on our understanding and experience we recognize this is evolving and there is a lot to learn� - based on our understanding and experience we recognize this is evolving and there is a lot to learn�

2. 2

3. 3 Sender Perspective

4. 4 Receiver Status observations: both Mail From and PRA are being checked� they are recommending that you publish Simon is Speaking!!! Simon Say�s Do It!! i can�t warrant what they are doing� recommendations are to publish�observations: both Mail From and PRA are being checked� they are recommending that you publish Simon is Speaking!!! Simon Say�s Do It!! i can�t warrant what they are doing� recommendations are to publish�

5. 5 5 Recommendations for Senders Call to Action Key Decisions Making it Easy Testing, Testing, Testing�. Next Steps

6. 6 1) Call To Action Implement Sender ID MAIL FROM and PRA Receivers are Checking� Begin the Journey� Who Else Has Implemented Sender ID? 218K Domains (spfv1) 100% of ESPC (spv1) 5.4% of Fortune 1000 (spfv1) Get Educated http://www.microsoft.com/senderid http://spf.pobox.com/whitepaper.pdf http://www.port25.com/auth

7. 7 2) Key Decisions What Mail Gateways will be Used to Send E-mail? Consider All Scenarios / Paths Reduce Number of Paths where Possible Sending IP Address & Domain Name Strategy? Segment streams of mail by IP address & sub domain Always use your trademarked master domain Message Header Strategy? Make MAIL FROM and PRA domains consistent Don�t confuse �adhering to spec� and �best practice� What �all� Policy? �-all� for non-mailing domains �?all� for mailing domains One Record or Two? One record (�v=spf1�) if MAIL FROM & PRA are the same Two records if they are different (add �spf2.0/pra� record)

8. 8 3) Making It Easy On Yourself�. Use �include� to point to externally managed spf records Use �redirect� to point to internally managed spf records EXAMPLE 1: �v=spfv1 a:acme.com include:_spf.acme.esp.com ?all� EXAMPLE: �v=spfv1 redirect:_spf.acme.com� For Receivers�. Minimize DNS queries generated by your SPF record Use SUBMITTER optimization

9. 9 4) Testing, Testing, Testing� Use Multiple Tools Wizards, Web Checkers, Mail Reflectors http://www.port25.com/auth Test All Delivery Paths Upon Rollout On an On-Going basis Monitor Delivery SMTP Response Codes / Bounce Reports Seed Mailbox Delivery Rates Forgery Detection Before They Happen: Check Messages at Outbound MTA After They Happen: Using �exists� with DNS log monitoring

10. 10 5) Next Steps Maintain/Improve Sender ID Deployment Fixing Issues Keeping Current with Changes Implement DomainKeys Yahoo is Now Checking (as of this week) http://antispam.yahoo.com/domainkeys Evaluate Your MTA Infrastructure & Build Plan to Test Include Authentication in Your Plan for 2005 Set Budgets, Staffing & Project Plans Accordingly

11. 11 Conclusion E-mail Authentication is a Process Not an Event

12. Questions?

13. Additional Slides(Details & Illustrations)

14. 14 Who Else Has Published SPF Records?

15. 15 Segmenting Streams of E-mail

16. 16 Segmenting Streams of E-mail

17. 17 MAIL FROM & From Header Strategy

18. 18 How Strict of an �all� Policy?

19. 19 Be Aware of DNS Queries Required by Receiver

20. 20 Submitter Optimization

21. 21 One Record or Two?

22. 22 SampleReflectorOutput

23. 23 Delivery Monitoring SMTP Response Codes / Bounce Reports Monitor SMTP Logs/Bounce Reports for Authentication Errors 550 5.7.1 XXX YYY ZZZ Generate an Alert PowerMTA �Real-Time Reputation Monitoring� Deliverability Rates Has there been a big change? Check with Receiving ISP�s� Execute Test Cases Regularly Add E-mail Reflector to Your Seed List e.g. check-auth@verifier.port25.com Daily or Weekly Checks

24. 24 �Forgery Prevention�

25. 25 �Forgery Detection�