IP Address Isolation

Friday, June 03, 2011

There are a few steps to setting up IP address isolation.

Delegate Authority

If you don't have control of the sender domain it's best to have authority delegated for a subdomain of your choosing e.g. email.domain.com. For this example the records the domain administrator would need to action are as follows. The marketing team will no doubt have input to the actual subdomain, but email is a common choice.

Domain|Type|Answer
email.domain.com|SOA|ns1.email.domain.com abuse@email.domain.com
email.domain.com|NS|ns1.email.domain.com
email.domain.com|NS|ns2.email.domain.com
ns1.email.domain.com |A|123.108.147.10
ns2.email.domain.com|A|123.108.148.10 

MX, A and TXT

There are separate MX records for in and out bound addresses:

email.domain.com|MX|smtp1.email.domain.com. [Preference = 10]
email.domain.com|MX|smtp10.email.domain.com. [Preference = 20]
smtp1.email.domain.com|A|123.108.144.5
smtp10.email.domain.com|A|123.108.149.134

The SPF record authorizes the hosts that are allowed to use this domain name so that a receiving host may check authorization, thereby preventing domain spoofing:

email.domain.com|TXT|"v=spf1 ip4:123.108.149.0/24 ~all"

The SPF record should be created for the domain in the From address. Here's a handy tool to create new records:

http://www.microsoft.com/mscorp/safety/content/technologies/senderid/wizard/

The subdomain will also be used for tracking, online version and preference centre, so A records also should be created:

links.email.domain.com|A|123.108.151.102

Additional Questions

Questions to ask regarding previous email marketing activity

  • What was the email volume per campaign?
  • What was the campaign frequency?
  • What was the date of the last campaign?
  • What was the sender IP address of previous campaigns?
  • What was the unsubscribe URL for previous campaigns
  • Can we have a sample from a previously deployed campaign - or new creative if available?
  • What was the bounce rate of previous campaigns?
  • What was the bounce policy?
  • Moving forward will we host a preference centre/unsubscribe page or will this be external? If external check that it isn't password protected as this is contrary to CAN-SPAM.

Finally a breakdown of recipient domains will highlight any mitigating steps to take with specific ISP's.

Domain Key

Domain Keys are an authentication mechanism to verify mail claiming to come from a given domain. Domain Keys use SHA256/SHA2 - Secure Hash Algorythm. SHA2 is designed to be infeasible to produce a message (e.g. a password) from a given digest (e.g. a hashed password).

 

This entry was written by glenm, posted on Friday, June 03, 2011 Bookmark the permalink. Follow any comments here with the RSS feed for this post. You can post a comment.

Post a comment

here