Implementation of Yahoo DomainKeys Bill Pease, Chief Scientist Convio © 2007 Convio, Inc. What is Yahoo DomainKeys (YDK)? ■ An email authentication standard developed and promoted by Yahoo ■ Used to verify the identity of email senders so that Yahoo can: ▶ Provide its subscribers with a “safer” inbox by separating email authorized by a brand from phishing attacks spoofing a brand ▶ Improve its spam filtering systems by reliably identifying senders and using each sender’s mail reputation to make delivery decisions ■ For more information ▶ http://en.wikipedia.org/wiki/DomainKeys ▶ http://antispam.yahoo.com/phishing © 2007 Convio, Inc. 2 Why Implement DomainKeys? ■ Yahoo provides valuable delivery benefits to email publishers that support YDK: ▶ Higher probability of delivery to inbox, rather than diversion to bulk mail folder ▶ Feedback loop of subscribers that report a message as spam Automated removal of complainants reduces spam complaint rate at Yahoo Lower complaint rate results in fewer delivery barriers ■ Yahoo educates its subscribers to trust email from senders that are verified by YDK ▶ Adds trust icon to verified email © 2007 Convio, Inc. 3 What does YDK implementation involve? ■ Simple addition of a TXT record to the DNS zone for each domain your organization uses to send email from Convio ▶ Identify list of “From” email addresses used in Convio ▶ Add Convio’s public key TXT record to each domain and subdomain’s DNS ▶ See instructions at http://customer.convio.com/Domain_Keys ■ IF your DNS hosting provider does not support TXT records: ▶ Switch to a provider that does support established internet standards for sender verification dyndns.com UltraDNS.com ▶ DNS hosting is a separable commodity service – your organization does not need to switch its website host, email host, etc. © 2007 Convio, Inc. 4 What happens if an organization does not support YDK? ■ Convio will sign your email with its public key in order to obtain Yahoo delivery benefits for your organization ▶ This requires replacing your domain’s email address with a Convio domain email address – at Yahoo only ■ There will be some changes in how your email address is displayed at Yahoo ▶ Your “From Name” will remain unchanged, but your “From Email Address” will be changed: From: “Defenders of Wildlife” <defenders@mail.defenders.org> -> From “Defenders of Wildlife” <c+dow@trusted-sender.convio.net> Reply-To: Defenders of Wildlife” <defenders@mail.defenders.org> ▶ Yahoo will promote trust in the sender by adding its YDK security icon ▶ See appendix for screenshots © 2007 Convio, Inc. 5 FAQs - 1 ■ Won’t this eliminate my brand identity at Yahoo? ▶ No – the primary means by which brand identity is conveyed in the Yahoo UI (the sender’s From Name) remains unchanged. In fact, Yahoo will promote trust in the sender of any YDK compliant email ■ What about recipients that reply to email – won’t these go to Convio? ▶ No – email replies will continue to be directed to whatever Reply-To address a client has specified. Bounce messages will continue to be processed automatically by Convio. © 2007 Convio, Inc. 6 FAQs - 2 ■ My organization uses multiple email providers. Won’t designating Convio as an authorized sender in our DNS records damage the delivery of email sent by our other providers? ▶ No – Partial support for sender verification is better than no support at all. No significant recipient domains are punishing email publishers who only authorize some of their sending email domains in their DNS record, especially compared to publishers who fail to support sender verification entirely. ▶ Some recipient domains do provide additional delivery benefits to publishers that completely define the set of domains authorized to send in their name, because such domains make it possible to unambiguously separate authorized from unauthorized senders. © 2007 Convio, Inc. 7 Appendix Screenshots Illustrating Impact of Client Support for YDK on Email Display at Yahoo Yahoo Mail & Yahoo Classic Variations based on whether client supports YDK in its DNS © 2007 Convio, Inc. 8 Yahoo Mail Inbox (1a) IF Client supports YDK: No Change to Inbox Trust Promotion of Sender in Preview Trust promotion of sender in From line: Yahoo DomainKey icon added and explained as “This sender is DomainKeys verified” © 2007 Convio, Inc. 9 Yahoo Mail Inbox (1b) IF Client does not support YDK: No Change to Inbox Changes in Preview Pane In preview pane: • Trust promotion of sender with YDK icon • From line will be modified: “Defenders of Wildlife” <defenders@mail.defenders.org> -> “Defenders of Wildlife” <c+dow@trusted-sender.convio.net> © 2007 Convio, Inc. 10 Yahoo Mail Full Message View (2a) IF Client supports YDK: Trust Promotion of Sender Trust promotion of sender with YDK icon © 2007 Convio, Inc. 11 Yahoo Mail Full Message View (2b) IF Client does not support YDK: Trust Promotion of Sender Change to From Line Trust promotion of sender with YDK icon From line of message will be modified: “Defenders of Wildlife” <defenders@mail.defenders.org> -> “Defenders of Wildlife” <c+dow@trusted-sender.convio.net> © 2007 Convio, Inc. 12 Yahoo Classic (3a&b) IF Client supports YDK or IF Client does not support YDK: No Change to Inbox The sender field displays a client’s “From Name,” not from “Email Address.” There will be no change whether or not a client supports YDK. © 2007 Convio, Inc. 13 Yahoo Classic Message View (4a) IF Client supports YDK: Trust Promotion of Sender in Message View Trust promotion text is added below From field: From: “ASPCA” <website@aspca.org> -> From: “ASPCA” <website@aspca.org Yahoo! DomainKeys has confirmed that this message was sent by aspca.org. © 2007 Convio, Inc. 14 Yahoo Classic Message View (4b) IF Client does not support YDK: Change to From Line Trust Promotion of Sender Change to From line and addition of trust promotion text: From: “ASPCA” <website@aspca.org> -> From: “ASPCA” c+aspca@trusted-sender.convio.net Yahoo! DomainKeys has confirmed that this message was sent by convio.net. © 2007 Convio, Inc. 15