- Best Practices
Email has changed the world because of its openness, ubiquity and asynchronicity. Unfortunately, these traits also attract malicious users that are out to abuse the beauty of the SMTP protocol.
Did you know that 66% of all current email traffic is considered spam? (Source: Symantec)Undesired marketing offers, infected emails with attachments filled with viruses and phishing scam messages to lure people into revealing their private credentials are some of the threats that email infrastructure administrators have to constantly deal with. With all this noise, it’s difficult for the receivers to separate the good from the bad and creates difficulties for senders to get legitimate email delivered.
So how do you ensure your email actually reaches inboxes? It can be somewhat of an art and in this post, we cover some of the most important factors you need to consider when trying to get your email delivered including:
Having good mailing list hygiene
Authenticating your email properly
Building a strong email reputation
Sending good email content
It’s important to always keep your email list(s) up to date by:
Using double opt-in subscription
Monitoring email traffic
Removing the addresses that have unsubscribed, bounced or complained
Managing inactivity by quarantining or removing email addresses that haven’t shown any signs of life after 90 days
You’re required to ensure your audience actually wants to receive emails from you. The best way to do this is to implement a two-step email subscription mechanism called “double opt-in” and provide the conspicuous ability for your contacts to unsubscribe from future emails.
Double opt-in means that you’re validating the email entered on your website twice, first by having the email address entered by the user on the site and second, by asking the user to confirm their subscription to your email list. By sending a subscription confirmation email to the email address specified initially on the site, you’re confirming that the address they submitted is correct and the recipient actually wants to receive updates from you. It’s important to remember that only after the user clicks the link in the freshly received confirmation message should you add them to your email list. Another important aspect of double opt-in is that it should prevent you from hitting spam traps.
Spam traps are email addresses created for the sole purpose of catching illegitimate email. These traps catch senders that do not implement proper email validation and list cleaning. Most commonly, spam trap email addresses are found by running web-scraping software that automatically gathers email addresses from the web. The scraper is tricked into navigating to certain webpage where such addresses are in plain sight. The scraper, unaware of the trap, adds the email to its database of harvested addresses. When an Internet Service Provider (“ISP”) or blacklist maintainer notices an email sent to the spam trap address, they will blacklist the sender or downgrade the sender’s reputation.
Part of maintaining a healthy mailing list is keeping it current based on your email traffic. During the SMTP chat session or shortly afterward through a bounce notification, the recipient server will report bounces or bad email recipients back to the sender. In addition, many email services provide feedback loops that tell the sender when a recipient classifies the message as spam. These bounces and spam complaints are the strongest signals currently used by ISPs to judge the quality of your email. If you’re sending a lot of emails, they may be hard to avoid but it is very important that you remove those addresses from future mailings. This is easier said than done because the feedback is not standardized so it can be tricky to collect and classify this information at scale. This deserves an entire blog post on its own which we hope to publish soon.
Beyond monitoring for bad addresses and complaints, it’s a good idea to remove other addresses that aren’t interacting with your emails. ISPs take interaction (opens, clicks) as a good sign and it improves your reputation. The more your recipients interact with your emails, the better your deliverability.
As the fight against spam continues to evolve, the community has created a set of protocols to help ensure the identity of email senders, called SPF, DKIM, and DMARC.
Why is this needed you may ask? How many times have you received emails from a bank at which you have no account or a request for your login credentials? You immediately think something is phishy with the email (or at least that is what you should be thinking!)
These protocols work for both transactional (one to one) and marketing email (one to many or “bulk”). They ensure the authenticity of the sender’s domain and server. There are too many details to go into here, but the Wikipedia article on email authentication is a good place to read more about this.
You can think of proper email authentication as the “table stakes” of deliverability. Without proper authentication, you don’t stand a chance of getting past the filters of most major ISPs.
You can think of your email reputation just like a credit score. In the email world, your reputation is linked to the IP addresses and the domains you are sending from. The first step is to make certain that your IP address is clean and has not been recently used for malicious purposes. You can use tools like MX Toolbox or Senderscore.org to check the reputation of your IP address. Most filters perform checks to see if an email is originating from an IP address listed on one of the many blacklists. The most famous blacklists are the Spamhaus Black List (SBL for short), or DNSBL – the DNS blacklist. If you are using an email service provider that is sharing IPs across customers and one of them has been performing illegitimate use of the service, all senders on that IP may be blacklisted. So, it’s important that email service providers using shared IPs have robust outbound spam monitoring.
Even if you start with a clean IP address, most large ISPs will not trust it by default. You need to “warm-up” the IP address with a history of quality email traffic so that filters get trained to trust that traffic. As mentioned above, maintaining good list hygiene is essential to building a quality reputation.
Most sophisticated filters will also pair the IP address with the domain used to send the email when deciding whether to trust the traffic. The email authentication protocols above are used to verify these two things and prevent spoofing.
While the primary signals today are recipient engagement, most filters also check the content of the email. A large list of what can typically trigger alerts can be found on the SpamAssassin website. Keep in mind that this list is only an indication of spam flags. Different filters use different algorithms to detect spammy content.
Some other things to avoid are below:
High image to text ratios and hosting images on other domains other than the sending domain.
Not supplying a plain-text-alternative version of the email.
Including non-alphanumeric characters in succession in your emails and misleading titles.
Using an anonymous or new domain name as the sending domain.
To help with deliverability, you should always include information about who is sending the email, a valid reply-to address and an unsubscribe link in the body of the email. The unsubscribe link lets users click if they do not want to receive further emails from your business. It’s an important indication of high-quality email and a sign to spam filters that your message is legitimate.
While these are the most important practices to follow for good deliverability, there is still a bit of black magic to it. Good monitoring and acting quickly are probably the most important things to remember. You can also read Mailgun’s Best Email Practices Email Guide for more tips on reaching optimal email deliverability or use our Managed Services program for direct access to our deliverability experts.
Last updated on September 16, 2019