DKIM implementation survey: prelim results

First off, I want to thank everyone who participated in the DKIM implementation survey. This week has been pretty hectic so far, so I haven’t had a chance to actually dig down into the data from the survey, but I thought I’d post some preliminary results.
The ESP survey had 45 respondents. 30% of those sent more than 15 million emails a month.
Of all the respondents: 40% are signing with Domain Keys, 51.1% are signing with DKIM.
Of all respondents: 79.5% are signing with Domain Keys and 78.8% are signing with DKIM to access services (whitelists or FBLs) provided by the ISPs.
50% of those not signing with Domain Keys are not doing so because customers have not requested it.  61% of those not signing with DKIM are not doing it because of technical difficulties with deployment.
The ISP survey had 16 respondents, with 37.5% handling less than 500,000 mailboxes and 18.8% handling more than 15 million mailboxes. 75% of respondents said they are not checking Domain Keys on inbound mail. 56% said they are not currently checking DKIM on inbound mail.
Only 10 ISPs answered the question if they plan to check either Domain Keys or DKIM.

  • 1 said they planned to check Domain Keys only
  • 3 said they plan to check DKIM only
  • 3 said they plan to check both
  • 3 said they plan to check neither

On a first pass it appears the ESPs are adopting domain authentication more aggressively than ISPs. It also appears one of the major driving factors in adoption was the Yahoo FBL being tied to DK/DKIM signed email.
Again, thank all of you for participating. I’ll have a more comprehensive analysis soon.

Related Posts

DKIM implementation survey

DKIM has been a hot topic of discussion on some of my mailing lists today. One of the open questions is what is holding up adoption of DKIM. I have my own theories, but thought I’d throw out some questions to see how ESPs and ISPs are currently using domain based reputation.
I have set up two surveys one for ESPs and one for ISPs. Responses are anonymous.
I’ll collect responses for a week and share the results.

Read More

AOL and DKIM

Yesterday, on an ESPC call, Mike Adkins of AOL announced upcoming changes to the AOL reputation system. As part of these changes, AOL will be checking DKIM on the inbound. Best estimates are that this will be deployed in the first half of 2009, possibly in Q1. This is something AOL has been hinting at for most of 2008.
As part of this, AOL has deployed an address where any sender can check the validity of a DKIM signature against the AOL DKIM implementation. To check a signature, send an email to any address at dkimtest.aol.com.
I have done a couple of tests, from a domain not signing with either DK or DKIM, from a domain signing with DK and from a domain signing with both DK and DKIM. In all cases, the mail is rejected by AOL. The specific rejection messages are different, however.
Unsighng domain: host dkimtest-d01.mx.aol.com[205.188.103.106] said: 554-ERROR: No DKIM header found 554 TRANSACTION FAILED (in reply to
end of DATA command)
DK signing domain: “205.188.103.106 failed after I sent the message.
Remote host said: 554-ERROR: No DKIM header found
554 TRANSACTION FAILED”
DK/DKIM signing domain: “We tried to delivery your message, but it was rejected by the recipient domain. We recommend contacting the other email provider for further information about the cause of this error. The error that the other server returned was: 554 554-PASS: DKIM authentication verified
554 TRANSACTION FAILED (state 18).”
As you can see, in all cases mail is rejected from that address. However, when there is a valid DKIM signature, the failure message is “554-PASS.”
As I have been recommending for months now, all senders should be planning to sign with DKIM early in 2009. AOL’s announcement that they will be using DKIM signatures as part of their reputation scoring system is just one more reason to do so.

Read More

Customer support surveys

I have seen a lot of companies attempt to send out customer support surveys by email, only to fail dismally. Generally, the intentions of the companies who do this are good, but the executions are appalling. Companies have found any number of ways to invite epic fail to call, including mailing to non-customers, mailing to the wrong person at a customer company and mailing to former customers.
Mailing to non-customers generally happens when companies sort abuse and support mail through the same ticketing system. Good customer support (tell us how we did) turns out to be rotten complaint support. The failure here is multifactorial, but revolves around not understanding the difference between customer support mail and abuse complaints. Abuse is not, usually, mail from your customers. More often mail to abuse is from non-customers. While it may seem like a good thing to follow up with abuse complaints to find out if the person is satisfied, generally someone who complains about spam does not want more mail from a company. The fix it to change the selection process for surveys. Survey customers not complainers.
The second failure is more common with enterprise vendors. Generally the vendor will have multiple contacts at company but send a single survey out to all contacts at the customer. Take an average website that provides statistics about web or email performance. A company establishes an account there, and then provides a logins for customer support people, a manager or two and maybe an outside consultant. These people are all using the same site, but are possibly using different parts of it. The consultant can give some feedback on the API and data access, but is not the right person to ask about pricing, packages or overall usefulness and value for money. Management can provide feedback on pricing and value for money but probably has never logged into the website, despite having a working account. Customer support can provide feedback on the user interface and overall usefulness of the site. Knowing who is who at the customer and who is the right contact for different surveys can be tricky, but it is always better a company to appear to be acting purposely.
Finally, some companies send out surveys to anyone who has ever registered for a website, or game or product no matter how long ago that registration was. They send mail to the person who registered for a website but has not logged in for 6 months, or 12 months or even longer. The recipient may have even taken positive action to close an account, such as discontinuing payments. And, yet, the company still mails them a customer satisfaction survey. If the recipient is not paying for the product, if the recipient is not logging into the website then they are no longer a customer. Sure, there are times to reconnect with old customers, and it can be done well. However, what I am talking about is the survey that is clearly designed to be answered by current users and customers.
The sad thing is, I have received customer satisfaction surveys in all of the above categories in the last 6 months.
If you as a sender, are going to use customer satisfaction surveys, do it in a thoughtful and purposeful manner. Do it in a way that brings value to your company and to the people you are surveying. If you do not, you risk higher complaint rates. Remember, people who are not your customer or who are a former customer are probably more likely to hit “this is spam” then to answer your survey. Like any mail you send, make sure you know who your audience is and have a mental model for how they will treat your mail. Do not just grab all available addresses and mail them. Do some analysis of your customer base before you mail and mail them surveys that apply to them. You will get fewer spam complaints and probably more and more accurate survey responses.

Read More