Tweet This

Beyond the Acronyms: Need-to-Knows about Email Authentication and Data Protection

Beyond the Acronyms: Need-to-Knows about Email Authentication and Data Protection

Acronyms run rampant in the world of IT, and email is no exception. Here are some key toplines to keep in mind as we swim in the alphabet soup of DKIM, DMARC and GDPR, plus reminders of tools to help you see your way clear.

DKIM – DomainKeys Identified Mail

DKIM compliance is rapidly becoming a "must have" for LISTSERV sites because large ISPs are beginning to clamp down on bulk mailers who don't use it. LISTSERV 16.5 incorporates DKIM support natively, and that support is fairly simple to set up. Sites running earlier versions of LISTSERV that support Yahoo's DomainKeys system and have DomainKeys support enabled really do need to upgrade to LISTSERV 16.5 and DKIM, particularly since it's a transparent upgrade – DKIM uses the same LISTSERV settings as DomainKeys did.

The only difference for upgrading sites may be that DKIM requires 1024-bit signing keys, whereas DomainKeys could get by with 512-bit or 768-bit keys. Before upgrading to 16.5, you need to ascertain your LISTSERV site's DKIM key length. If the key pair being used is already 1024-bit, there is no need to regenerate it. If the key pair is shorter and you are using those shorter keys with DomainKeys, you'll need to update the public key in the DKIM TXT record in DNS and update the private key in the LISTSERV default.dkim file before upgrading.

Deliverability Tools in LISTSERV

If deliverability suddenly becomes a problem, use the deliverability tools in LISTSERV to help solve that problem. For maximum deliverability, all LISTSERV sites should have an MX record and an SPF record in DNS and should also implement DKIM and DMARC. You can run the Deliverability Assessment report in the web interface to determine what you may need to do to optimize deliverability.

To access the Deliverability Assessment report in the LISTSERV web interface, click on Server Administration > Site Configuration > Deliverability Assessment. Here's a screen shot of the interface, showing a sample deliverability assessment:

DMARC – Domain-Based Message Authentication, Reporting & Conformance and Other Tools for DHS BOD 18-01

Bulk email needs to be properly authenticated to meet data security and deliverability needs. It is essential for every site, but for U.S. public agencies, there are also specific deadlines to meet, for instance:

"Within one year (October 16, 2018) of BOD issuance, set a DMARC policy of "reject" for all second-level domains and mail-sending hosts."

So states the U.S. Department of Homeland Security's Binding Operational Directive 18-01, "Enhance Email and Web Security," and there's been much progress with the deadline right around the corner. But more work is needed for agencies to achieve compliance and no longer be vulnerable to spoofing and poor email deliverability.

The research firm Agari Data reports that, as of July 15, 2018, "19 percent of executive branch domains still have no DMARC record and 26 percent have not progressed past the monitoring policy (p=none), leaving almost half of executive branch domains vulnerable to domain name spoofing."

To properly comply with BOD 18-01, L-Soft recommends that all affected agencies upgrade to LISTSERV 16.5, the latest release version, now. This is a free upgrade for agencies with a current LISTSERV maintenance contract.

LISTSERV provides government IT professionals with a seamless DMARC solution to implement required authentication policies.

The LISTSERV web interface can now also enable HTTP Strict Transport Security, which directs browsers to only connect to the web interface using secure HTTPS connections. Unencrypted HTTP connections are automatically replaced with HTTPS connections at the browser level, preventing the transmission of unencrypted data to the server. HSTS is required by US BOD 18-01.

GDPR – The EU General Data Protection Regulation

Four months out, the GDPR may not have led to the level of dramatic fines and lawsuits that had been predicted, but it is certainly being enforced. One early impact is that some organizations have simply determined that it's not worth the risks to engage EU customers. Here is a case in point.

Another outcome of the GDPR is the spawning of California's Consumer Privacy Act, merely a month after the GDPR took effect. Though the penalties are significantly lower, this legislation, which takes effect in January 2020, puts accountability of companies at the forefront. And it has put the controversial dialogue around a national privacy law for the United States into a brighter spotlight.

Of course, the EU GDPR affects more than just email, and all organizations must be able to provide on demand a report listing every instance of a customer's personal data held by that organization. L-Soft has developed a Microsoft PowerShell script for Windows, Linux and MacOS to assist you in providing this data from LISTSERV. This comprehensive reporting script scans all list archives, changelogs and subscriptions, producing a report that lists every instance of an individual's personal data on the LISTSERV server. In addition to the GDPR reporting tool, the LISTSERV web interface also allows for easy insertion of a per-list privacy policy on the list home page.

LISTSERV helps you comply with the explicit consent requirement of the EU GDPR because it's built on double opt-in. Compliance is less of a chore for you because, with LISTSERV, people can subscribe with consent and can remove themselves from email lists by unsubscribing.

Remember, any organization – regardless of location – with subscribers in the EU must comply with the GDPR.

More Information

Compliance with recent regulations related to data protection, cybersecurity and privacy is an essential component of email list management today. See how LISTSERV 16.5 can help at:

Download LISTSERV 16.5 and be better equipped to meet compliance requirements at:

Get more information on LISTSERV 16.5 and compliance tools by contacting L-Soft sales at:

Subscribe to LISTSERV at Work.

© L-Soft 2018. All Rights Reserved.