On 2/21/08, Stephen J. Turnbull wrote:
If you're in a hosted environment, you might think about asking your host to implement domain keys and/or PGP-signing your mail. (Mailman is (was?) not friendly to domain keys of non-owner posters, but in the case of an announcement list having the host sign the post should work fine.)
Using PGP is not going to help, but DomainKeys may. The administrator of the mail server in question could also sign up for the Yahoo! "feedback loop" mechanism (see <http://help.yahoo.com/l/us/yahoo/mail/postmaster/postmaster-30.html>).
I've recently started working at the University of Texas at Austin, and it looks like I'm going to be doing some of their postmaster work. I've been trying to get our mail servers signed up for various feedback loop mechanisms at major providers around the world, as well as subscribed to at least one or two "bonded sender" type programs. We're one of the largest public research Universities in the world with ~50,000 students and ~20,000 faculty and staff, and I can tell you from first hand experience that this is a painful process.
I filed our request with Yahoo!, but have not yet heard anything back. We're on the AOL feedback loop, and getting quite a lot of reports about our users, many of which are hitting the "report as spam" button for messages that were forwarded to them from their mail.utexas.edu account, which means that AOL thinks we're sending them spam, when in fact we're just forwarding mail for a given user, which just happens to be spam.
We're also on the feedback loop for TimeWarner/RoadRunner, discovered that Gmail doesn't have any such service, and the people at NetZero/UnitedOnline really have no clue -- they don't get the fact that UT actually is their own ISP, we are our own phone company, we are our own power company, we are basically our own city and we provide all of our own various services, for a mid-size city community of about 70,000 people.
Oh, and Windows Live (you can't call it Hotmail anymore) requires that you have a registered Windows Live ID before you can sign up for their equivalent "Smart Network Data Services" program.
One problem with trying to get on all the various feedback loop processes, and obtaining service from a bonded sender program, is that they all have different requirements. Some require SPF, some require Sender ID, some require DomainKeys, some require DKIM, some require that you sign up for service with ReturnPath/SenderScoreCertified, some require Habeas, some require GoodMail, and some require service with any of several other such services.
No one can do all of these things, and many people find it difficult enough to do just one or two. This is turning into a situation worse than TMDA, where the recipient site can't be bothered to do any real work themselves, so they force everyone else to do their work for them.
-- Brad Knowles <brad@shub-internet.org> LinkedIn Profile: <http://tinyurl.com/y8kpxu>