Email 101: How Authentication Works and Why It Matters

Fingerprint login authorization and cyber security concept. Blue integrated circuit with locks on background. Control access and authentication online.

Identity theft, hacking, spoofing, phishing, and other malicious activities are widespread problems across the Internet – especially email. 

Why? Because the way in which an email is sent (Simple Mail Transfer Protocol aka SMTP) from one computer to another, actually allows for a computer to identify any domain as its sending domain and “from” address. This vulnerability is one way in which email is exploited – hence why sending laws and authentication protocols were introduced.

Initially, authentication methods were few and simple; however, as technology advanced, so did the methodologies and the protection they provided. By utilizing the sender’s DNS (Domain Name System) as the base for authenticating a sender’s credentials, receivers can verify the incoming mail is truly being sent and authorized by the company the sender is identifying as.

Authentication results are used by Internet Service Providers (ISPs) as one of the many factors in their algorithms to determine acceptance and placement. If authentication methods are not used or do not pass, while the ISPs may still accept the mail the lack of authentication could impact placement – meaning your emails could end up in the junk folder.

Over the last decade, there have been three main methods that have emerged that are now considered best practices. Below, we outline what they are, how they work, and the benefits.


Sender Policy Framework (SPF)

What is it?
SPF simply is a permission check. More formally, SPF is an authentication policy that specifies the Internet Protocol (IP) and mail servers authorized to send on behalf of a domain.

Technical details about SPF are:

  • SPF is posted in a TXT record of a domain’s DNS.
  • A failed SPF policy does not guarantee an email will be blocked or bulked, which is why the addition of DKIM and DMARC is important (more on these soon!)
  • An SPF policy is not limited to permitting a single IP, but can specify one IP, multiple IPs, an IP range(s), a domain, or a list of domains.
  • If a domain is used, the SPF policy for the listed domain will be used as the basis for authentication.
  • Zeta Global creates SPF policies with the domain of our sending servers, providing the flexibility to add or change IPs without having to update the SPF policies already in use.

 How does it work?
When an email is received, the receiving server takes the sending domain, either from the envelope-from address (also known as the return-path) or HELO command, and looks up the authorized IP(s) allowed to send on its behalf in the SPF record. The authorized IPs are then compared to the sending IP identified during the connection. The result (pass/fail, listed/not listed) is written into the header and then incorporated into the filtering decisions that determine if acceptance is granted and, if so, placement. In some instances, SPF can create false positives due to how the message path changes. For example, forwarded emails, as mentioned above, will be sourced from the IP the forwarding customer is using instead of the originating IP of the sender, which will result in a failed SPF authentication test.


Domain Keys Identified Mail (DKIM)

What Is DKIM?
DKIM essentially is an identity check. DKIM provides the recipient a way to validate the domain’s identity that is taking responsibility for the message.

Additional technical details about DKIM are:

  • DKIM is posted in a TXT record of the domain’s DNS.
  • DKIM relies on the content to remain intact between when authentication is signed and when it is received and validated.
  • A failed DKIM policy does not guarantee an email will be blocked or bulked.
  • DKIM uses two keys, public and private, that must match to authenticate a domain’s identity.
  • Cryptographic authentication is used to match these keys.
  • The private key (or hash) is written into the header of an email when it is assembled and mailed and the public key posted in the responsible party’s DNS.
  • DKIM recommended length, at minimum, is 1024 bit – Zeta Global requires at least 1024 bit.

How does it work?
When an email is received, the receiving server takes the domain specified in the DKIM signature (d) and looks up the public key in the DNS. If the public key matches the private key written into the DKIM signature (b), then the domain is authenticated and DKIM passes. If the keys do not match, DKIM fails, but does not necessarily cause the message to be rejected. In most cases, the result will be incorporated into the overall filtering decision for acceptance and placement.


Domain-based Message Authentication, Reporting & Conformance (DMARC)

What is DMARC?
In most cases, the subject line, “From” name, and “From” address are relied on to indicate to a recipient who is an email from and what it is about. DMARC was established to address disguised emails by adding another level of authentication that checks that the identity shown to the customer is the same identity shown to the receiving server.

The transparency check ensures the customer is seeing the same domain that is being authenticated through SPF and DKIM. The DMARC policy gives instructions on what to do with a message that fails to pass authentication AND domain alignment. Instead of relying on ISPs’ filters to determine acceptance and placement, DMARC gives the domain owner direct control over what happens to mail coming from unauthorized sources.

Another benefit of DMARC is that it gives the option to receive reports detailing which messages passed or failed and where in the authentication process the message failed (SPF, DKIM, and/or domain alignment tests), which can help to identify phishing attempts and infrastructure vulnerabilities.

Additional technical details about DMARC are: 

  • DMARC is posted in a TXT record of a domain’s DNS.
  • DMARC builds upon SPF and DKIM authentication credentials and results.
  • The use of SPF AND DKIM are recommended even though only one authentication method is required.
  • DMARC can be set up to monitor only, without affecting delivery.
  • DMARC can follow a strict policy where only exact domain matches pass or a more relaxed set of policies that gives flexibility to the sending domains used.
  • DMARC protection can be used on any organizational domain or subdomain regardless of whether it’s used in sending email or not.

How does it work?
Once an email goes through SPF and DKIM authentication checks, the receiving server checks for a DMARC policy associated with the From Address domain. If one exists, identifier (domain) alignment tests are performed to confirm the identity shared with the customer matches the identity shared with the receiving server. In other words, if a sender claims to be from @zetaglobal.com to the customer, but states that they are @nonsender.com to the receiving server, the identifier alignment test will fail.

If DMARC is published on the organizational level, the policy will cover all subdomains unless a unique subdomain policy is set to override it. The organizational level is beneficial as it gives the sender the ability to set up one policy without having to create a unique DMARC policy for all domains that are mailing or could be spoofed.

DMARC requires that only one authentication method pass WITH proper alignment. For example, even if DKIM fails to pass the authentication check, as long as SPF passes authentication and the identifier alignment test, then DMARC too will pass. When DMARC does fail, the policy will dictate what will happen with the message, whether it be to send the email to quarantine, reject it, or allow it to move on.

Summary
By combining all three authentication protocols, receiving servers can now check that an IP is authorized to mail, confirm the sender is who they say they are, and is transparent about their identity to the customer.

 Authentication can be a very technical and difficult topic to sort through and understand. If you have any questions or want to learn more about how Zeta Global can help improve your email program, reach out today.     

Internet Traffic Trends for Week of March 30th, 2020

Traffic to grocery, entertainment, and news sites explodes

Internet Traffic Trends

Entertainment

As governments continue to enact mandatory quarantines, stuck-at-home consumers are increasing their demand for digital entertainment.

Week over week, Zeta has seen a…

  • 25% INCREASE in pageviews for digital entertainment websites.
  • 33% DECREASE in demand for out-of-home entertainment. 
Media Consumption Trends: Style
Media Consumption Trends: Style

 

Media Consumption Trends: Tech
Media Consumption Trends: Tech

 

Media Consumption Trends: Games
Media Consumption Trends: Games

 

News

As the coronavirus continues to spread, consumers are showing increasing interest in news-related content. 

Week over week, Zeta has seen an…

  • 18% INCREASE in pageviews to news-related media sites. 

 

Media Consumption Trends: News
Media Consumption Trends: News

 

Grocery

Forced to stay at home, consumers are stocking up on both perishable and non-perishable groceries.

Week over week, Zeta has seen a…

  • 12% INCREASE in visits to grocery stores at a time when foot traffic to other kinds of retailers is tanking.  

 

Sports

The loss of professional and collegiate sports continues to influence traffic to sports-related websites.

Week over week, Zeta has seen a…

  • 27% DECREASE in pageviews for publishers of sports-related content. 
Media Consumption Trends: Sports
Media Consumption Trends: Sports

 

Display

Many companies are shifting their spend and their media from branding to direct response campaigns in an attempt to boost near-term fiscal performance. Consequently, companies are also reducing the reach of their media and its frequency of exposure to consumers. 

Week over week, Zeta has seen a…

  • 7% DECREASE in display-related impressions.

 

Video

Engagement with digital video content across channels is increasing as a result of people staying at home due to the coronavirus. In response to this, advertisers are shifting spend from broadcast video to more targetable digital video.

Week over week, Zeta has seen a…

  • 3% INCREASE in video-related impressions.

 

Zeta’s Main Takeaway

The coronavirus crisis is having a major impact on both internet traffic and digital advertising. As your company looks to navigate the current climate, it will be imperative to:

  1. Embrace new ad technologies that allow for more cost-effective audience engagement. 
  2. Persevere with awareness initiatives so consumers don’t lose sight of how your brand can meet their needs. 
  3. Capitalize on opportunities to gain mindshare and market share (in other words, when competitors throttle back on advertising, your business should throttle up).

Zeta Global hopes the following insights can help guide you to make wiser decisions over the weeks and months ahead. In the meantime, stay safe, stay healthy, and be well.

***Data powered by Disqus – The largest, most trusted, audience development platform in the world with 78% of the top 1000 most commented on sites from across the web using Disqus to engage with their audiences. The Disqus platform is used by over 4 million sites generating billions of comments and 20 billion pageviews per month.  Disqus is a wholly owned property of Zeta Global. 

 

Source: Disqus

How Can Consumer Packaged Goods Brands Support Consumers During These Uncertain Times?

Consumers are scared, they’re confused, and (believe it or not) they’re looking to consumer-packaged goods (CPG) brands for help during this time of crisis—traffic to CPG-brand websites is up 400% and some brands are seeing their search volume increase by as much as 2000%.

Consumer Packaged Goods Brands Support Consumers

Why the sudden surge in digital popularity? 

In times of crisis, consumers turn to the consumer-packaged goods they know and trust (in the midst of uncertainty, people desperately crave a little familiarity and stability). Few industries are as well positioned to meet this need as the consumer-packaged goods industry.   

That means brands like Clorox, Lysol, and Campbell’s are not merely positioned to survive during the coronavirus pandemic, but they’re actually positioned to thrive.  

Research from Zeta shows that consumers are visiting CPG-brand websites in droves to do a number of things: 

  • Purchase products for home delivery 
  • Research product performance 
  • Obtain product usage advice 
  • Check product inventories
     

Consumers are looking at Clorox.com to learn what they can do to stop the spread of Coronavirus.  

Consumers are looking to Lysol.com to figure out how they can better disinfect their homes.  

Consumers are looking to Gerber.com for updates on baby food shortages.    

For the brands driving America’s favorite consumer-packaged goods, now is the time to invest in clear, open, honest, and consistent communication with consumers. 

 

Don’t lean back. Lean in. 

The coronavirus pandemic has put a surprising amount of strain on the consumer-packaged goods industry. There are stock issues, supply chain bottlenecks, and escalating demands and expectations from shoppers all across the country. As brands stare down the barrel of these  challenges, retreating from proactive consumer communication will be the natural reactionbut that doesn’t mean it’s the right reaction.  

Now is NOT the time for CPG brands to pull back on things like communication, promotion, and demand generation. On the contrary, now is the time to ramp up all those efforts—consumers want to hear from the brands behind their favorite products.  

CPG brands should use this time to bolster existing consumer relationships and establish new ones by… 

  • Developing new, education-based creative 
  • Capitalizing on all the channels and touchpoints today’s consumers engage with 
  • Highlighting the versatility and multiple use cases for long-trusted household products (e.g. Clorox Bleach) 
  • Updating, in real-time, when, where, and how consumers can purchase their favorite products online or in-store 

 

Be personal and contextual where appropriate   

In the quest to better resonate with consumers in their time of need, CPG brands would be wise to add layers of personalization and context to their communication efforts (where appropriate, of course). Personal, tailoremessaging delivered in the moments that matter makes consumers feel like a brand cares for them—an emotional sentiment that establishes brand differentiation and cultivates even stronger loyalty from shoppers.  

That loyalty brings benefits in both the short and long term—when things return to normal, the CPG brands that make the most effort to engage with customers today, will be the brands that are best positioned and prepared to capitalize tomorrow.  

 

Never miss a growth opportunity 

Tcapitalize on every growth opportunity, the marketers behind America’s favorite CPG brands must be ready to loudly and publicly express their unwavering support for consumers in their deepest, darkest moment of need.  

At Zeta Globalwere here to help guide you and your CPG marketing strategy during the turbulence created by the coronavirusGet in touch with us today to learn how you can obtain clear, actionable insights that will make your brand more effective in its communications.  

  

 

​FinServ Marketers, It’s Time to Dive Into the Digital Evolution

Modern Glass Architecture

For Financial Services marketers, retention and growth remain top priorities for 2020. This means servicing existing customers based on their current needs and protecting their assets, while looking for unique opportunities to acquire customers and additional accounts.

Trying to tackle these goals in such a competitive and fast-changing landscape is no small feat. With the market being as disruptive as it is, brands must truly understand consumers before trying to capture their attention and present relevant, in-the-moment offers.

Marketers can uncover such intent—as well as new opportunities for brand engagement—through data-driven insights. 

AN EVOLVING, CUSTOMER-CENTRIC LANDSCAPE
Businesses will continue to adapt to the evolving, “customer-centric” landscape in 2020. This adaptation requires agility, and digital transformation. Specifically, it requires businesses to leverage emerging, innovative technology platforms that are transparent, easy-to-understand, and capable of supporting customers across their experiences.

The more organizations embrace flexible platforms that allow for real-time customer messaging and decisioning, the better they’ll be able to integrate their customer’s experiences with their brands. In turn, this will allow brands to reinforce consumer trust, while staying focused on speed, convenience, and data-driven insights.  

Ultimately, the businesses that do the best job adapting—the brands with an innovative vision for the long-term—will be the ones to watch.

HOW MARKETERS CAN EVOLVE
In a period of incessant change, where is a brand to start?  How can businesses and their marketing teams maximize consumer data, unlock actionable insights, and power personalization at scale? For Zeta clients, we recommend taking the steps below to spring forward in your mission for retention and growth in 2020. 

  • Capture Opportunities: Know when the consumer is in market​ with a firm understanding of their immediate needs
    Leverage Zeta’s real-time deterministic identity data combined with our results-driven AI, to uncover intent and churn signals from 200M+ identities in the US and over 2B+ identities globally.​ You’ll never miss a growth opportunity again with that amount of data at your fingertips.
  • Personalize Opportunities​: Engage the consumer individually, with confidence
    The key to effective personalization? Knowing who to target and what kind of experience to tailor to them. Zeta enables marketers to deliver such individualized interactions across every channel at scale.​
  • Optimize and Measure Performance​: Understand what to do next in real-time​
    Use deterministic attribution to measure all your marketing investments, while continuously improving performance with Zeta’s industry-leading, always-on feedback loop.​


Ready to hit your retention and growth goals this year? Get in touch with Zeta today.

Email 101: How to Improve Deliverability

email deliverability

Deliverability is key to a high-performing email campaign and overall good email program.  It’s the practice of uncovering all the different aspects that determine if your email reaches your audience’s inbox. It’s a big deal, so we take deliverability seriously here at Zeta and strive to achieve deliverability success for all our customers.

Deliverability touches nearly all aspects of an email program: content, reputation, customer engagement, scheduling, list hygiene, privacy and the ability to deliver mail successfully. The inbox has become a very personal space for email recipients and it is now the ISP (Internet Service Provider) AND the subscriber who ultimately determine whether mail will be delivered to the inbox.

In this whitepaper, you’ll learn:

  • What the Internet Service Provider (ISP) landscape looks like today
  • How to improve email deliverability
  • Best practices to enhance customer email engagement
  • And much more!

Download below to learn more about inbox placement for your email marketing efforts.

What Does Empowering Women in the Workplace Actually Mean? 

Zeta Global launched our Women’s Leadership Initiative in 2019 to create an inspired and confident workforce. Together with our male counterparts, we value a culture of equal opportunity and empowerment.  

Empowering Women in the Workplace

Author: Juliet Schuler, SVP International, Global Head of Client Success 

During Women’s History Month, we reflect on all of the obstacles females have had to overcome throughout history to give us the opportunities we have today – both in the workplace and out.

As we continue to march forward, we must continue to reflect on the work we need to do everyday, ensuring that we are mentoring the next generation to  shatter glass ceilings and raise equality standards. It is well known that the more we empower top talent, the more we can power inspiration and confidence in the workplace, establishing a workforce that does great things together. 

But how do we define “empowerment”?  While “empowerment” has become a mainstay buzzword in the workplace, what does it actually mean to give female colleagues the power or authority to do something, or give them more control over their own life or the situation they are in? 

Here are actionable ways in which you can take to make female peers feel heard, confident, help grow their careers, and empower them to take risks and actions every day in the workforce:  

Nurture an open, positive and collaborative work environment.
Everyone, at every level of seniority, has different and valuable experiences to contribute.  Encourage collaboration and idea generation across teams and actively ask for people’s points of view to inform decision making. Be open to new ideas and different approaches and recognize them.  Simply recognizing contributions and new ways of thinking can go a long way towards establishing an open environment. Try saying things like, “that’s a good idea,” “yes, let’s do that,”or “I hadn’t thought about it that way, I agree that’s a better approach.”  This does not mean you cannot give feedback when things are not right; in fact, this is essential to developing talent. Recognizing your own mistakes fosters an environment of accountability and ownership for both the successes and failures.

Define what success looks like and set clear expectations.
Being clear about desired outcomes empowers each individual to achieve end goals uniquely; through this direction, they will also learn a lot more through their journeys. Be sure to include key milestones based upon seniority, established trust, and credibility.  Giving transparent, honest and constructive feedback along the way is crucially important, highlighting both the positives as well as areas of improvement.

Listen with intent to understand.
Asking questions is one of the most effective ways to offer guidance without being prescriptive. It also gives you a deeper understanding of different perspectives-  why decisions are made and the approaches taken. Try asking questions like “what are your thoughts on…” or “help me understand why you see it that way, or talk me through your approach.”  Giving a simple playback of what you heard is a helpful way of ensuring you understood correctly.

Nurture talent and celebrate successes.
Recognition and encouragement drives confidence and repeatable desirable behavior. Celebrate all successes – not just the big wins but also everyday progress and achievements. Also most will look to develop skill sets that come naturally to them, when you guide talent to areas that are not in their comfort zone but you see potential, it allows them to stretch their skills in ways they never saw as possible.

Create a dynamic spirit.
At Zeta, we believe in employees treating the business as if it is their own; this creates a real sense of “doing the right thing”.  This mindset empowers employees to constantly think with a fresh perspective and reinvent themselves. We foster a deep entrepreneurial spirit and encourage teams to come up with new ideas, if there is a business case, we’ll test it.  Making things happen together, that’s rewarding.

The Perfect Match: Identity Resolution & Omnichannel Personalization

Identity Resolution (IDR) is the act of associating digital IDs across different devices and tying them back to one unique identity. This allows brands to clearly understand consumer activity so the right message is delivered to the right person at the right time — and can also scale to lookalike audiences.

identity resolution

Zeta Global is a leader in identity resolution capabilities, including omnichannel personalization and lookalike modeling. Reach out to us to learn more.

In an era where each person is projected to own an average of 6.9 connected devices this year, marketers have increasing number of opportunities for reaching and engaging with their customers.

Multiple devices and channels mean that every customer journey is complex and unique; today’s shoppers see an ad on their mobile device, research products on their desktop, visit a physical store to see the product in person, and finally order it on their voice-activated device. With so many touchpoints, devices and channels, how can marketers ensure that they’re having the right conversations with the right customers? Such insights require working with a partner who has mastered identity resolution.

WHAT IS IDENTITY RESOLUTION?
Identity Resolution (IDR) is the act of associating all these digital IDs across the different devices and tying them back to one unique identity. This allows brands to clearly understand consumer activity so the right message is delivered to the right person at the right time.

HOW DOES IT WORK?
Let’s start at the beginning.

1. Onboard your data: Data onboarding is the process of getting all of your data tied to directly identifiable offline information associated with a single digital ID, and the key is being able to do this swiftly, easily, and accurately.

2. Clean your data: Once you have all of your data uploaded, it’s vital to “clean it.” Data hygiene is the process of cleaning the attributes tied to these digital IDs; as the saying goes, garbage in, garbage out.

3. Match digital IDs with attributes to other digital IDs: After you’ve eliminated duplicate records and rid yourself of outdated information, it’s time to match the digital ID with this enriched set of attributes to the other digital IDs associated with that consumer, a core component of Identity Resolution.

What Identity Resolution does is create a graph of different IDs, both directly identifiable ones, such as physical address, email, telephone number and non-directly identifiable IDs, such as mobile advertising IDs and cookie IDs.

4. Personalize Consumer Experiences: The activity associated with each ID can now be used to better personalize messaging and measure the effectiveness of your marketing.

5. Lookalike Modeling: Targeting only the identifiable consumers that can be matched to digital IDs is a smaller pool – but using this high fidelity information for better insights to target everyone that are “lookalikes” widens opportunity for marketers to amplify their acquisition campaigns and better engage the right user — all in accordance with privacy-by-design.

THE BENEFITS
The benefits of IDR are crucial to marketers’ success.

It helps eliminate marketing waste. By tying all activity back to one individual instead of 5 different IDs, we are improving the messaging frequency when engaging the same person hence eliminating wasted ad spend.

It enables accurate, consistent messaging. Tying all activity back to one individual allows marketers to get a 360-degree view of their customer – knowing their full purchase history, intent, and interests. Knowledge is power – with the right information at their fingertips, marketers are equipped to personalize messaging that will resonate – at the right time, on the right device and channel, and with the right content.

It helps amplify opportunity to reach a wider audience through lookalikes. It enables marketers to receive better insights to target a wider audience and better engage the right user.

It creates better attribution and reporting. It enables you to create detailed customer profiles that deliver deeper insights and reporting for future campaigns.