AOL and DKIM

Yesterday, on an ESPC call, Mike Adkins of AOL announced upcoming changes to the AOL reputation system. As part of these changes, AOL will be checking DKIM on the inbound. Best estimates are that this will be deployed in the first half of 2009, possibly in Q1. This is something AOL has been hinting at for most of 2008.
As part of this, AOL has deployed an address where any sender can check the validity of a DKIM signature against the AOL DKIM implementation. To check a signature, send an email to any address at dkimtest.aol.com.
I have done a couple of tests, from a domain not signing with either DK or DKIM, from a domain signing with DK and from a domain signing with both DK and DKIM. In all cases, the mail is rejected by AOL. The specific rejection messages are different, however.
Unsighng domain: host dkimtest-d01.mx.aol.com[205.188.103.106] said: 554-ERROR: No DKIM header found 554 TRANSACTION FAILED (in reply to
end of DATA command)
DK signing domain: “205.188.103.106 failed after I sent the message.
Remote host said: 554-ERROR: No DKIM header found
554 TRANSACTION FAILED”
DK/DKIM signing domain: “We tried to delivery your message, but it was rejected by the recipient domain. We recommend contacting the other email provider for further information about the cause of this error. The error that the other server returned was: 554 554-PASS: DKIM authentication verified
554 TRANSACTION FAILED (state 18).”
As you can see, in all cases mail is rejected from that address. However, when there is a valid DKIM signature, the failure message is “554-PASS.”
As I have been recommending for months now, all senders should be planning to sign with DKIM early in 2009. AOL’s announcement that they will be using DKIM signatures as part of their reputation scoring system is just one more reason to do so.

Related Posts

AOL Postmaster blog down

AOL has discontinued their blogging platform. This means the AOL postmaster blog is no longer active. I suspect the AOL postmaster team is exploring their options and trying to find a way to continue blogging.
If I hear anything one way or another, I will post it here.
Update: 11/3
AOL assures me they are migrating to a new platform and the blog will be back up.
I also managed to grab a copy of the IP Reputation post that AOL put up and I linked to last week.

Read More

News snapshot

  • The judge in e360 v. Spamhaus has denied Spamhaus’ motion for dismissal. However, the judge also ordered that the 16 new witnesses be stricken and capped damages at the original $11.7M. Mickey has the order.
  • Tuesday the FTC announced it had shut down a major spamming operation. I am not sure the results are visible yet, yesterday there were 2041 spams in one of my mailboxes yesterday versus 2635 a week ago.
  • The FBI announced today it had infiltrated and shut down a international carding ring. While not directly spam related the phishers and carders work together and some of them use spam.
  • Rumor has it that many mailers are seeing problems delivering to AOL the last few days. It seems that AOL is making adjustments to their filtering system. As when any ISP changes filter rules and weights, some of the people just skirting by see delivery problems. What people are hearing is that if they are seeing delivery problems at AOL they need to improve their reputation.
  • Last week Yahoo had another online workshop with the mail folks. They have published a transcript of the talk. I was at the talk and there were only a couple spam related questions.

donhburger: Why does Yahoo sell our email addresses to spammers?
YMailRyan: We absolutely don’t sell your addresses to spammers. No IFs, ANDs, or BUTs about it.
imintrouble: My mom keeps emailing em but I never get it and usually it ends up in my spam box. Why? How do I make this stop? She’s getting pissed that I’m not replying.
YMailTeam: Oh no! Be sure your Mom is on your contact list– this should help keep mom out of spam box and put her back into your inbox.
buergej: Just why do I keep receiving the same kind of spam from a series of what appear to be women day after day after day?
YMailCarl: Spam is, unfortunately a constant problem for anyone using email. The reason you are receiving these emails is because spammers have somehow gotten a hold of your email address and are mailing you their lovely messages. There are several things you can do to assist with this. First, continue to report these messages as “Spam” by clicking the button at the top of the email labled “Spam”. Note that you don’t need to actually look at the message to do this. When you report items as spam it lets Yahoo! know that messages originating from that person are likely spam. This not only helps you, but helps other Yahoo! users as well.
YMailCarl: Second, if the emails are from similar names, you can set up filters in your email account to block those names and send them to your trash or spam folder.
YMailCarl: Obviously these messages you are receiving are not from women trying to sell you products personally – the messages are typically generated by a script which will try to forge or “spoof” the originating address.
YMailCarl: We agree that Spam is a serious issue and have many resources dedicated to fighting this problem.
YMailCarl: You can find some additional information about fighting spam here: http://help.yahoo.com/l/us/yahoo/mail/original/abuse/index.html
donhburger: Why when I mark Emails as Spam do I continue to get emils from the same persons?
YMailMaryn: When you mark a message as “spam” from within your Inbox that moves the message to your Spam Folder. And all subsequent messages that are sent from that particular sender will not be delivered to your Inbox, but will be delivered to your Spam Folder.

Read More

AOL checking DKIM

Sources tell me that AOL announced on yesterday’s ESPC call that they are now, and have been for about a week, checking DKIM inbound. This fits with a conversation I had with one of the AOL delivery team a month or so back where they were asking me about what senders would be most concerned about when / if AOL started using DKIM.
The other announcement is that AOL, like Yahoo, would like to know how you categorize your outgoing mail stream as part of the whitelisting process.
Both of these changes indicate to me that AOL will be improving the granularity of their filtering scheme. DKIM signing will let them separate out different domains and different reputations across a single sending IP address. The categorization will allow AOL to evaluate sender statistics within the context of the specific type of email. Transactional mail can have different statistics from newsletters from marketing mail. Better granularity means that poor senders will be less able to hide behind good senders. I expect to hear some wailing and gnashing of teeth about this change, but as time goes on senders will clean up their stats and their policies and, as a consequence will see their delivery improve everywhere, not just AOL.

Read More