email security

There are several technologies improving email security and authentication. I have presented them in my previous post: 6 Technologies To Protect Your Brand in Email Marketing. But those technologies can only help of course, if ISPs (Internet Service Providers) support them as well. That's why we have tested 12 ISPs in a case study, which email security features they offer today. The analysis shows – there are lot of differences between the ISPs.

Email Security Features Evaluation

We tested 12 ISPs operating internationally. Therefore, test mails have been sent and evaluated through header analysis in the web-frontend. TLS and IPv6 were evaluated by our admin team. Our evaluation is a test based on random samples in order to provide a feeling of status-quo in November 2016.

Email Security Features ISP

Our test shows, that there’s a high acceptance of SPF and DKIM, which are enabling sender Authentication. However, only a third of the tested ISPs support DMARC, which is based on those. Reasons could be the additional effort for sending reports and concerns regarding data protection (especially in Germany). Certified senders alliance (CSA) has published an evaluation from legal perspective which shows, that DMARC is generally compliant with data protection laws. You can find the analysis here.

Deliverability case study shows high acceptance of SPF and DKIM enabling sender Authentication
Click to tweet

While TLS is offered by the majority of ISPs (since Snowden), IPv6 is not yet used for e-mail by most ISPs. However, implementing IPv6 could be beneficial for senders – many existing filters and blacklists are still based on IPv4 and could be skipped by using IPv6. Recommendation is also to implement list-unsubscribe by default. In Germany, most ISPs are member of CSA where implementation is mandatory anyways – but beside this, offering list-unsubscribe enables ISPs to implement an easy alternative to the harming SPAM button. In the end, it’s not only a Deliverability-topic, but also relevant for legal and service-related reasons.

Conclusion and next steps

The big US-American ISPs are supporting most of the features and are also actively pushing the topic. Supporting senders are honored with a higher reputation which is key for inbox placement.

Also the Russian ISPs are supporting a lot of features and share many insights on their informative postmaster statistics pages. In Germany, there’s three ISPs (mail.de, posteo.de and mailbox.org), pushing all available technology as well as being world-wide pioneer for the latest ones (e.g. DANE). Email security and data protection is the main business model for those being paid-address-providers. United Internet (“web.de”, “gmx.de”), Freenet and T-Online are offering own, internal products regarding Email Security and Authentication (“Trusted Dialog”, “E-Mail made in Germany”). So what should be your next step? Implement as much technologies as possible to be prepared for each market? Maybe that's the case, but it can be different per case. Please consult with us, get individual help and find out more around email deliverability.

More on Email Deliverability
Read more