Gmail FBL update


Last week Gmail started contacting ESPs that signed up for their new FBL with more information on how to set up mailings to receive FBL emails.
One of the struggles some ESPs are having is the requirement for DKIM signing. Many of the bigger ESPs have clients that sign with their own domains. Gmail is telling these ESPs to insert a second DKIM signature to join the FBL.
There are a couple reasons this is not as simple or as doable as Gmail seems to think, and the challenges are technical as well as organizational.
The technical challenges are pretty simple. As of now, not all the bulk MTAs support multiple signatures. I’ve heard that multiple signatures are being tested by these MTA vendors, but they’re not in wide use. This makes it challenging for these ESPs to just turn on multiple signatures. For ESPs that are using open source software, there’s often a lot of customization in their signing infrastructure. Even if they have the capability to dual sign, if they’re not currently using that there is testing needed before turning it on.
None of the technical challenges are show stoppers, but they are certainly show delayers.
The organizational challenges are much more difficult to deal with. These are cases where the ESP customer doesn’t want the ESP to sign. The obvious situation is with large banks. They want everything in their infrastructure and headers pointing at the bank, not at their ESP. They don’t want to have that second signature in their email for multiple reasons. I can’t actually see an ESP effectively convincing the various stakeholders, including the marketing, security and legal staff, that allowing the ESP to inset a second signature is good practice. I’m not even sure it is good practice in those cases, except to get stats from Gmail.
Hopefully, Gmail will take feedback from the ESPs and change their FBL parameters to allow ESPs to get information about their customers who sign with their own domain.

About the author


This site uses Akismet to reduce spam. Learn how your comment data is processed.

  • This is the worst scenario that I could expect from Google guys. I’m very disappointed… Why don’t use a simple mechanism like return path?
    Lov your blog, Laura. Thanks

  • This raises an interesting question. As Yahoo’s FBL also operates via DKIM, what do they do with emails that have multiple DKIM signatures? Do they send a spam complaint to every signed DKIM domain?
    If they don’t, and a customer of an ESP wants to sign their emails with their own DKIM signature, then the ESP has no way of receiving those spam complaints.

  • Yahoo lets ESPs give unlimited d= domains for the FBL. Gmail has limited the number of d= for a FBL.

  • For a detailed look at the FBL and to clarify some misconceptions I recommend reading my recent interview with the Gmail team here:
    I thought I would comment and add the link as it is likely of interest to your readers.
    A quick question: Which commercial MTA does not support Dual DKIM? All the vendors I spoke to said they do…

  • Hi, Andrew,
    I’m going by what ESPs and senders have told me. At the time of the original post dual DKIM signatures was in beta in power MTA. My understanding is they have since pushed that into production. But a lot of ESPs are running older versions and upgrading is painful when you’re looking at hundreds of MTAs. This isn’t unusual in a large corporate environment.

By laura

Recent Posts


Follow Us