Wednesday, January 12, 2011

Authenticate your Google Apps email - and help finish email spam

The web is overwhelmed by splogs and garbage sites full of noiseware (emphases mine) ...

Why We Desperately Need a New (and Better) Google

... Content creation is big business, and there are big players involved. For example, Associated Content, which produces 10,000 new articles per month, was purchased by Yahoo! for $100 million, in 2010. Demand Media has 8,000 writers who produce 180,000 new articles each month. It generated more than $200 million in revenue in 2009 and planning an initial public offering valued at about $1.5 billion. This content is what ends up as the landfill in the garbage websites that you find all over the web. And these are the first links that show up in your Google search results.

Google is falling, because it's trapped by its own business model.

It looks bad, just as bad as email spam was just three years ago. Today, though, email spam is dying.  The cure was clear by the late 90s, but it's taken ten years to really work. The answer was differential filtering based on the managed reputation of an authenticated sending service. Today we call that Domain Keys Identified Mail or DKIM. DKIM doesn't identify the sender, it identifies the sending service. The sending service then assumes responsibility for the sender (they know who the sender is). If the service doesn't police its users, it gets a bad reputation -- and starts being filtered aggressively.

Gmail accounts have used DKIM for a while, but Google Apps email has made do with SPF -- an inferior solution. Google has only now rolled DKIM out to Google Apps users. If you use Google APps you should enable this (it's not automatic yet). Without it the email you send will be increasingly "second class" and more likely to be filtered out.

It took about two minutes  activate DKIM for our free Google Apps family domain. We were able to use the automated method because that domain is managed through Google's Registrar partner - eNom. It sounds like it might be trickier to activate for domains managed by my favorite registrar/hosting service - DreamHost though I expect it will eventually be automatic everywhere.

We beat email spam. It wasn't that hard, though the fix did take a long time implement. It's clear we could do the same thing with garbageware sites. That fix, however, may require a company other than Google ...

1 comment:

Mary said...

I presume that doing this means that that messages from my domain must be sent using the Google mail client.

For example, I currently have enabled as a send-from address in my off-line MS Outlook client. Such messages would surely fail, or at least be identified as span, if I enabled DKIM?