What is Yahoo DomainKeys (YDK)?

advertisement
Implementation of Yahoo
DomainKeys
Bill Pease, Chief Scientist
Convio
© 2007 Convio, Inc.
What is Yahoo DomainKeys (YDK)?
■ An email authentication standard developed and
promoted by Yahoo
■ Used to verify the identity of email senders so
that Yahoo can:
▶ Provide its subscribers with a “safer” inbox by
separating email authorized by a brand from phishing
attacks spoofing a brand
▶ Improve its spam filtering systems by reliably
identifying senders and using each sender’s mail
reputation to make delivery decisions
■ For more information
▶ http://en.wikipedia.org/wiki/DomainKeys
▶ http://antispam.yahoo.com/phishing
© 2007 Convio, Inc.
2
Why Implement DomainKeys?
■ Yahoo provides valuable delivery benefits to
email publishers that support YDK:
▶ Higher probability of delivery to inbox, rather than
diversion to bulk mail folder
▶ Feedback loop of subscribers that report a message
as spam
 Automated removal of complainants reduces spam
complaint rate at Yahoo
 Lower complaint rate results in fewer delivery barriers
■ Yahoo educates its subscribers to trust email
from senders that are verified by YDK
▶ Adds trust icon to verified email
© 2007 Convio, Inc.
3
What does YDK implementation involve?
■ Simple addition of a TXT record to the DNS zone for each
domain your organization uses to send email from Convio
▶ Identify list of “From” email addresses used in Convio
▶ Add Convio’s public key TXT record to each domain and subdomain’s DNS
▶ See instructions at http://customer.convio.com/Domain_Keys
■ IF your DNS hosting provider does not support TXT
records:
▶ Switch to a provider that does support established internet
standards for sender verification


dyndns.com
UltraDNS.com
▶ DNS hosting is a separable commodity service – your
organization does not need to switch its website host, email
host, etc.
© 2007 Convio, Inc.
4
What happens if an organization does not
support YDK?
■ Convio will sign your email with its public key in order to
obtain Yahoo delivery benefits for your organization
▶ This requires replacing your domain’s email address with a
Convio domain email address – at Yahoo only
■ There will be some changes in how your email address is
displayed at Yahoo
▶ Your “From Name” will remain unchanged, but your “From
Email Address” will be changed:
From: “Defenders of Wildlife” <defenders@mail.defenders.org>
->
From “Defenders of Wildlife” <c+dow@trusted-sender.convio.net>
Reply-To: Defenders of Wildlife” <defenders@mail.defenders.org>
▶ Yahoo will promote trust in the sender by adding its YDK
security icon
▶ See appendix for screenshots
© 2007 Convio, Inc.
5
FAQs - 1
■ Won’t this eliminate my brand identity at Yahoo?
▶ No – the primary means by which brand identity is
conveyed in the Yahoo UI (the sender’s From Name)
remains unchanged. In fact, Yahoo will promote trust
in the sender of any YDK compliant email
■ What about recipients that reply to email – won’t
these go to Convio?
▶ No – email replies will continue to be directed to
whatever Reply-To address a client has specified.
Bounce messages will continue to be processed
automatically by Convio.
© 2007 Convio, Inc.
6
FAQs - 2
■ My organization uses multiple email providers. Won’t
designating Convio as an authorized sender in our DNS
records damage the delivery of email sent by our other
providers?
▶ No – Partial support for sender verification is better than no
support at all. No significant recipient domains are punishing
email publishers who only authorize some of their sending email
domains in their DNS record, especially compared to publishers
who fail to support sender verification entirely.
▶ Some recipient domains do provide additional delivery benefits
to publishers that completely define the set of domains
authorized to send in their name, because such domains make
it possible to unambiguously separate authorized from
unauthorized senders.
© 2007 Convio, Inc.
7
Appendix
Screenshots Illustrating
Impact of Client Support for YDK on
Email Display at Yahoo
Yahoo Mail & Yahoo Classic
Variations based on whether client supports YDK in its DNS
© 2007 Convio, Inc.
8
Yahoo Mail Inbox (1a)
IF Client supports YDK:
No Change to Inbox
Trust Promotion of Sender in Preview
Trust promotion of sender in From line:
Yahoo DomainKey icon added and explained as
“This sender is DomainKeys verified”
© 2007 Convio, Inc.
9
Yahoo Mail Inbox (1b)
IF Client does not support YDK:
No Change to Inbox
Changes in Preview Pane
In preview pane:
• Trust promotion of sender with YDK icon
• From line will be modified:
“Defenders of Wildlife” <defenders@mail.defenders.org>
->
“Defenders of Wildlife” <c+dow@trusted-sender.convio.net>
© 2007 Convio, Inc.
10
Yahoo Mail Full Message View (2a)
IF Client supports YDK:
Trust Promotion of Sender
Trust promotion of sender with YDK icon
© 2007 Convio, Inc.
11
Yahoo Mail Full Message View (2b)
IF Client does not support YDK:
Trust Promotion of Sender
Change to From Line
Trust promotion of sender with YDK icon
From line of message will be modified:
“Defenders of Wildlife” <defenders@mail.defenders.org>
->
“Defenders of Wildlife” <c+dow@trusted-sender.convio.net>
© 2007 Convio, Inc.
12
Yahoo Classic (3a&b)
IF Client supports YDK or IF Client does not support YDK:
No Change to Inbox
The sender field displays a client’s “From Name,” not from “Email
Address.” There will be no change whether or not a client supports
YDK.
© 2007 Convio, Inc.
13
Yahoo Classic Message View (4a)
IF Client supports YDK:
Trust Promotion of Sender in Message View
Trust promotion text is added below From field:
From: “ASPCA” <website@aspca.org>
->
From: “ASPCA” <website@aspca.org
Yahoo! DomainKeys has confirmed that this message was sent by aspca.org.
© 2007 Convio, Inc.
14
Yahoo Classic Message View (4b)
IF Client does not support YDK:
Change to From Line
Trust Promotion of Sender
Change to From line and addition of trust promotion text:
From: “ASPCA” <website@aspca.org>
->
From: “ASPCA” c+aspca@trusted-sender.convio.net
Yahoo! DomainKeys has confirmed that this message was sent by convio.net.
© 2007 Convio, Inc.
15
Download