© 2007 Convio, Inc. Implementation of Yahoo DomainKeys Bill Pease, Chief Scientist Convio.

© 2007 Convio, Inc.

Implementation of Yahoo DomainKeys

Bill Pease, Chief ScientistConvio

2© 2007 Convio, Inc.

What is Yahoo DomainKeys (YDK)?

■ An email authentication standard developed and promoted by Yahoo

■ Used to verify the identity of email senders so that Yahoo can:▶ Provide its subscribers with a “safer” inbox by

separating email authorized by a brand from phishing attacks spoofing a brand

▶ Improve its spam filtering systems by reliably identifying senders and using each sender’s mail reputation to make delivery decisions

■ For more information▶ http://en.wikipedia.org/wiki/DomainKeys▶ http://antispam.yahoo.com/phishing

3© 2007 Convio, Inc.

Why Implement DomainKeys?

■ Yahoo provides valuable delivery benefits to email publishers that support YDK:▶ Higher probability of delivery to inbox, rather than

diversion to bulk mail folder▶ Feedback loop of subscribers that report a message

as spam Automated removal of complainants reduces spam

complaint rate at Yahoo Lower complaint rate results in fewer delivery barriers

■ Yahoo educates its subscribers to trust email from senders that are verified by YDK▶ Adds trust icon to verified email

4© 2007 Convio, Inc.

What does YDK implementation involve?■ Simple addition of a TXT record to the DNS zone for each

domain your organization uses to send email from Convio▶ Identify list of “From” email addresses used in Convio▶ Add Convio’s public key TXT record to each domain and sub-

domain’s DNS▶ See instructions at http://customer.convio.com/Domain_Keys

■ IF your DNS hosting provider does not support TXT records:▶ Switch to a provider that does support established internet

standards for sender verification dyndns.com UltraDNS.com

▶ DNS hosting is a separable commodity service – your organization does not need to switch its website host, email host, etc.

5© 2007 Convio, Inc.

What happens if an organization does not support YDK?

■ Convio will sign your email with its public key in order to obtain Yahoo delivery benefits for your organization▶ This requires replacing your domain’s email address with a

Convio domain email address – at Yahoo only■ There will be some changes in how your email address is

displayed at Yahoo▶ Your “From Name” will remain unchanged, but your “From

Email Address” will be changed:

From: “Defenders of Wildlife” <[email protected]>->From “Defenders of Wildlife” <[email protected]>Reply-To: Defenders of Wildlife” <[email protected]>

▶ Yahoo will promote trust in the sender by adding its YDK security icon

▶ See appendix for screenshots

6© 2007 Convio, Inc.

FAQs - 1

■ Won’t this eliminate my brand identity at Yahoo?▶ No – the primary means by which brand identity is

conveyed in the Yahoo UI (the sender’s From Name) remains unchanged. In fact, Yahoo will promote trust in the sender of any YDK compliant email

■ What about recipients that reply to email – won’t these go to Convio?▶ No – email replies will continue to be directed to

whatever Reply-To address a client has specified. Bounce messages will continue to be processed automatically by Convio.

7© 2007 Convio, Inc.

FAQs - 2

■ My organization uses multiple email providers. Won’t designating Convio as an authorized sender in our DNS records damage the delivery of email sent by our other providers? ▶ No – Partial support for sender verification is better than no

support at all. No significant recipient domains are punishing email publishers who only authorize some of their sending email domains in their DNS record, especially compared to publishers who fail to support sender verification entirely.

▶ Some recipient domains do provide additional delivery benefits to publishers that completely define the set of domains authorized to send in their name, because such domains make it possible to unambiguously separate authorized from unauthorized senders.

8© 2007 Convio, Inc.

Appendix

Screenshots IllustratingImpact of Client Support for YDK on Email Display at Yahoo

Yahoo Mail & Yahoo ClassicVariations based on whether client supports YDK in its DNS

9© 2007 Convio, Inc.

Trust promotion of sender in From line:Yahoo DomainKey icon added and explained as“This sender is DomainKeys verified”

Yahoo Mail Inbox (1a) IF Client supports YDK: No Change to InboxTrust Promotion of Sender in Preview

10© 2007 Convio, Inc.

In preview pane:• Trust promotion of sender with YDK icon• From line will be modified:

“Defenders of Wildlife” <[email protected]>->“Defenders of Wildlife” <[email protected]>

Yahoo Mail Inbox (1b)IF Client does not support YDK: No Change to InboxChanges in Preview Pane

11© 2007 Convio, Inc.

Yahoo Mail Full Message View (2a) IF Client supports YDK:Trust Promotion of Sender

Trust promotion of sender with YDK icon

12© 2007 Convio, Inc.

From line of message will be modified:“Defenders of Wildlife” <[email protected]>->“Defenders of Wildlife” <[email protected]>

Yahoo Mail Full Message View (2b) IF Client does not support YDK:Trust Promotion of SenderChange to From Line

Trust promotion of sender with YDK icon

13© 2007 Convio, Inc.

The sender field displays a client’s “From Name,” not from “Email Address.” There will be no change whether or not a client supports YDK.

Yahoo Classic (3a&b)IF Client supports YDK or IF Client does not support YDK:No Change to Inbox

14© 2007 Convio, Inc.

Trust promotion text is added below From field:From: “ASPCA” <[email protected]>->From: “ASPCA” <[email protected] Yahoo! DomainKeys has confirmed that this message was sent by aspca.org.

Yahoo Classic Message View (4a)IF Client supports YDK:Trust Promotion of Sender in Message View

15© 2007 Convio, Inc.

Change to From line and addition of trust promotion text:From: “ASPCA” <[email protected]>->From: “ASPCA” [email protected]! DomainKeys has confirmed that this message was sent by convio.net.

Yahoo Classic Message View (4b)IF Client does not support YDK:Change to From LineTrust Promotion of Sender