The Awesomeness of Plus Addressing

Microsoft recently announced their plan to support plus addressing in Office365 accounts, so we thought we would discuss how useful this technology is. Hotmail and Gmail have had this feature for several years, but with the addition to Office365, the majority of business inbox providers now support it.

What is Plus Addressing?

Plus addressing is a way to leverage your existing email inbox to create multiple email addresses that point back to your email box. For example, if your email is “me@example.com”, then email to “me+a@example.com” or “me+b@example.com” will also go to your inbox. “a” or “b” are considered a +tag.

How can I use it?

Plus tag addressing is highly useful, especially to those of us in highly technical environments. A few things you can do with it:

  • Create a +tag for your test accounts and segregate each days testing by the date
  • Create a +tag for different newsletters and filter based on the tag
  • Create a +tag for registrations and follow the distribution/sale of this tag to different “associated” websites

The permutations of +tags are truly infinite, allowing you greater control over your inbox and emails you receive.

Follow our Blog for more useful email delivery tips.

Problems with MxToolbox? Clear your Cookies

Every day, MxToolbox adds new functionality to the website. Sometimes, this puts our users and customers in strange states with their sessions and cookies.

Why Cookies?

Everyone loves cookies, tasty little crumbs of information that hang around in your browser (and sometimes your keyboard). Okay, not everyone loves cookies, but they serve a development purpose and MxToolbox uses them as part of both our Free and Paid accounts.

If our new features get in weird cookie states, we recommend that our users delete their cache and cookies and re-login to the website.

Deleting Cookies

Different browsers have different methods for clearing cache and cookies. Here are a few common examples:

MxToolbox Experts and Tools are here to help with your email delivery. Occasionally deleting cookies and clearing cache will help you access the most recent tools we have.

Google Joins BIMI Pilot

Google recently announced that it will begin pilot support for BIMI, the protocol that allows companies to declare an image to display in the inbox alongside the company’s verified emails. Google had previously joined the BIMI Working Group to help define the BIMI standard.

View Posts

What does this mean?

With Google piloting BIMI logo display in their inboxes, it should not take long for them to fully adopt BIMI in the inbox. When Google fully implements BIMI in their inboxes, anyone who has adopted BIMI as part of their email delivery will suddenly have their logo displayed in the largest inbox provider in the world.

When is this rolling out?

Google is currently piloting BIMI logos that have been certified by two Mark Verifying Authorities, Entrust Datacard and DigiCert. The exact duration of the pilot and the adoption of new MVA’s is to be determined.

What can you do?

To take advantage of the pilot you must adopt BIMI. Adopting BIMI requires a few additional steps:

  1. Setup SPF, DKIM and DMARC.
  2. Manage your DMARC compliance for legitimate senders. MxToolbox Delivery Center helps businesses like yours adopt DMARC to improve email deliverability.
  3. Gradually move to 100% reject DMARC policy.
  4. Create a BIMI logo and get it certified with an MVA.
  5. Configure your BIMI record.
  6. See your logo in the inbox!

MxToolbox is here to help!

Delivery Center provides best-in-class insight into your email deliverability, email configuration and email senders, including BIMI.

Managed Services gives you access to our team of email delivery experts to minimize your timeline to maximum email deliverability and simplify your adoption of important email delivery standards.

Authenticating BIMI – Mark Verifying Authorities

As we have discussed before, adopting BIMI will significantly improve the deliverability and visibility of your email in your customers’ inboxes. Since BIMI requires a strong Reject DMARC policy to display a logo, your email delivery will be already close to the best possible. The BIMI logo, especially in the short-term, will give you a branding advantage over your competitors and heighten visibility with your potential customers. However, the question is –

How can you prevent a fraudster from using your BIMI Logo?

If anyone could publish any BIMI logo they liked, then fraudulent email could be sent, with some difficulty, that mimics your real email. For example, feclex.com is an open domain that looks similar to a popular parcel delivery company in the US with the right font. Setting up strict DMARC policies and BIMI on this domain takes time, skill and resources, but fraudsters tend to be adept at mimicry like this. If there were no way to verify the use of a corporate logo, fraudsters could setup fake domains that leverage well-known brands and domains. Enter Mark Verifying Authorities.

What is a Mark Verifying Authority (MVA)?

An MVA is similar to an SSL Certificate Authority, a trusted 3rd party that issues a certification of ownership of a BIMI logo. Known as a Verified Mark Certificate (VMC), the certificate is proof that a domain owner holds the rights to the logo image being used.

How do MVAs Verify Ownership?

MVA standards and practices are still in flux as the exact details of a VMC have yet to be ratified. However, the general requirements are:

  • Ownership or license to a registered trademark
  • Registered trademark must be registered in a competent jurisdiction
  • Proposed mark or logo must match the registered trademark
  • Owner or licensor of the trademark must also be the registrant (or licensee) of the associated domain name

How do I Implement a VMC?

VMC’s are not yet a requirement as BIMI is still in the roll-out stages, however, there are some things you can do to get ahead:

  1. If you have not already, now is the time to implement SPF, DKIM and DMARC and move to a strict Reject policy for non-compliant email. MxToolbox Delivery Center is designed to help you manage your email delivery.
  2. Research the Mark Verifying Authorities available and select one that works well with your business and begin the process of verifying your logo for BIMI.
  3. Add your VMC to the “a” tag of your BIMI record. This tag has been reserved for the signing authority.

MxToolbox is dedicated to helping our customers improve their email delivery. Continue to leverage our free BIMI Lookup tool as we add features relevant to VMCs and MVAs.

Delivery Center provides the best insight into your email delivery posture and MxToolbox Managed Services gives you direct access to our email experts to help you get started quickly.

Has your email been Spoofed?

Email spoofing can harm your corporate brand, decrease open rates for your legitimate email, cause legitimate email to be blocked, compromise website security and even create financial complications.  No company is totally immune from malicious email spoofing using their domain, but there are ways to protect yourself.  Spoofing comes in a few different forms:

  • Simple Domain Spoofing – a spammer sends email that looks like it is from your domain, but originates from a server that you do not control or not in your SPF record.
  • Hacked SPF Sender – A spammer hacks a legitimate sender, one listed in your SPF records, and sends email that appears to be from you.  
  • Hacked Internal Account – A hacker compromises an internal email box and sends email via legitimate sources.  
  • Similar Domain Spoofing – A spammer sets up a complete domain that has a similar name to yours.  For example, “example.com” versus “exarnple.com” or “exampIe.com”.

Recently some fraudsters were brazen enough to attempt to spoof email from MxToolbox.com.  This illustrates how our experts (and MxToolbox Delivery Center Product) protect us from fraud and phishing and how we can protect your company too.  

DNS Configuration

Good email delivery and protection from fraud and phishing attempts requires expert management of your DNS.  Four DNS protocols are particularly important:

  • SPF allows you to delegate outbound email to 3rd parties.
  • DKIM allows you to crytographically sign email to take ownership of the email you send.
  • DMARC provides two very useful features:
    • Allows you to designate email addresses to receive feedback on your email delivery.
    • Allows you to set an email delivery policy for how inbox providers handle email that isn’t DMARC compliant with either SPF or DKIM.
  • BIMI allows you to provide an icon that inbox providers may display if your email passes DMARC with a strict DMARC policy

Our spoofer used IP addresses outside of our SPF so failed SPF checks and DMARC compliance.  Additionally, our DMARC policy is set to reject, so inbox providers knew to discard these failed emails immediately.  Our expertly configured DNS helped us reduce the impact of this attack on our email delivery, our customers and the non-customers targeted.

You might think that DNS configuration is all you need to protect your email delivery, but there is more.

Visibility

SPF, DKIM and DMARC Passing Rates

While DNS configuration is the most important first step in email deliverability, you need constant visibility into your email delivery status in order to protect your brand.  MxToolbox Delivery Center provides important insight into your email delivery posture with real-time statistics on SPF, DKIM and DMARC pass and fail rates across all your email senders, legitimate and fraudulent.  

In this case, MxToolbox Experts quickly noticed a spike in email from illegitimate sources.  Delivery Center reported this spike by analyzing DMARC reports approximately 24-48 hours before we began to receive bounceback notices from targeted inbox providers.  With strict ‘Reject’ DMARC policies in effect, our Expert team could rely on most inbox providers dumping these emails without delivery, however, we needed to analyze the potential risk.

Bounce Analysis

MxToolbox Delivery Center integrates a Bounceback analysis tool that allows us to analyze bounceback email messages from dozens of inbox providers to determine the reason an email failed to make it to the intended recipient.

bouncebacktool.JPG

Bounceback messages can help you understand recent attacks and prevent new ones.  For example, a bounceback due to Reverse DNS failure, as above, is an indicator that your spammer was using a server outside of your network and not listed in your SPF as was our recent spammer.  Bounceback messages can also provide insight into other reasons for delivery failure, including blacklisting, malware/spam content and more.

Feedback Loops

The newest visibility feature of MxToolbox Delivery Center incorporates Feedback Loops.  Feedback Loops allow Inbox Providers to return information from inbox owners to the original senders, including much of the original message header.  Analyzing message content and headers returned via feedback loops gives you unique insight into how your email is being perceived by recipients.  Did the recipient report you as spam?  Was the email actually fraudulent?  Was the content yours but appeared spammy?  Feedback loops are very powerful and a necessary part of maintaining high quality email delivery.  

Get ahead with Delivery Center

To maintain the highest levels of email deliverability, businesses like yours need a proven Email Delivery management system like MxToolbox Delivery Center.  Delivery Center provides you with valuable insight into your email delivery posture and the on-going maintenance necessary to maintain peak performance:

  • Who is sending email purporting to be from your domain
  • What is the reputation of your senders’ IPs
  • Geolocation of your senders and What their blacklist reputations are
  • How your SPF, DKIM and DMARC setup is performing
  • What senders are failing DKIM
  • What senders are failing SPF verification
  • When to setup more restrictive policies for DMARC
  • What on-going maintenance you need to maintain and improve your email deliverability

 

Is your email going to Spam?

Many of our customers hear about us because their business partners tell them that a message failed to reach their inbox or was found in the spam or junk folders.  The typical cause:  a blacklisted sending IP address.  While monitoring for blacklisting is fundamental for preventing email going to spam, inbox providers are now using more technologies to prevent spam from reaching their users.  You need to step up your game!

MxToolbox is here to help

Inbox providers like Google, Outlook and Yahoo! now scan incoming messages for spammy content or words, phrases, domains, and financial requests that are frequently found in spam.  Our SpamAnalyzer tool allows you to get insight into the spammy nature of your content and make changes before you send an email to your customers.

How does it work?

Create you email in your standard mass emailing platform and send yourself a test email.  Locate the email and view the email source.  Copy the email source and paste it in our SpamAnalyzer tool.

Spam_analyzer_home

We run over 700 different types of analyses on your email and provide a detailed report on the tests.  Our report gives you the opportunity to improve your email setup and email content to give you a better chance to have your email land in inboxes and not in spam folders.

Other tools

MxToolbox focuses on providing tools and technologies to help our customers get their legitimate email to their customers, suppliers and partners.  If you are experiencing problems with email going to spam, we highly recommend a multi-step approach:

  • Check all your senders regularly for blacklisted IP addresses and domains (see Adaptive Blacklisting for our unique approach)
  • Make sure all your email senders are in your SPF record
  • Setup DKIM for all email senders
  • Setup DMARC to get feedback on your email
  • Enlist a DMARC analysis service (like MxToolbox Delivery Center) to get insight into the feedback you are receiving on SPF, DKIM and DMARC compliance and the emergence of fraud and phishing attacks using your brand
  • Analyze outgoing emails for signs of spam with SpamAnalyzer
  • Enroll in Feedback Loops to get direct customer feedback

Expert Support

MxToolbox is the expert in Email Delivery and we know that adopting email best practices can be difficult and time-consuming.  We offer a Managed Services approach to improve your email delivery allowing you to return to what you do best: your business.

A Case of Fraud and Phishing

Companies large and small are potential victims of fraud and phishing using their brands and domains.  If you leave your business unprotected, it is simple for hackers and fraudsters to leverage your domain and brand to email your customers scams.  Companies in banking, financial services and investment advice are at particular risk due to the potential for immediate financial loss.

MxToolbox Experts are here to help you prevent damage to your brand and improve your email deliverability.  Leveraging new email technologies, such as DKIM, DMARC, BIMI and others, our Managed Services team helps businesses worldwide with email deliverability and protect against fraud and phishing.

A recent Investment Advisory case study shows how MxToolbox can help:

  • Leveraging DMARC best practices to aid email deliverability
  • Improving SPF, DKIM and DMARC compliance rates
  • Implementing strict DMARC policies to prevent Fraud and Phishing
  • Dramatically Improving Email Open Rates

Read the Case Study

Case Study: Financial Services Company

MxToolbox has a decade plus history of improving email deliverability for our customers.  Occasionally, one of our customers provides insight into exactly how we helped and what it means to their business.

The recent results from a Financial Services company illustrates the way our Managed Services teams increase email delivery and open rates to generate business value.

Highlights include:

  • Implementing DNS best practices to aid email deliverability
  • Improving Email Delivery Rates
  • Dramatically Improving Email Open Rates

Read the Case Study

The End of a Blacklist – BSB

On Friday the 17th of April, the blacklists BSB and BSB Domain shutdown.  When a blacklist goes offline, it typically returns a positive blacklisting event for every IP address or Domain inquiry.  This is standard but can be a bit alarming for users.

What that means for you?

All of our Monitoring and Delivery Center customers suddenly had a notification of blacklisting on BSB or BSB Domain.  This is normal.  MxToolbox has removed BSB and BSB Domain from the list of blacklists we check.  All notifications that we previously sent of blacklisting by BSB and BSB Domain can be ignored safely.  If BSB and BSB Domain return to action, then we will evaluate adding them back into the list of blacklists we search.

The Importance of Email Delivery Management

Blacklisting is not the only reason why your email may be denied or tossed into a Spam or Junk folder.  Blacklist monitoring is the beginning of good email delivery management.  In addition to monitoring your email for blacklisting, you need to:

  • Monitor your DMARC, SPF and DKIM configurations for compliance with industry standards
  • Regularly monitor the blacklist reputations of all your senders; not just your own IP addresses, but every CRM, Marketing Automation, Order Management, Support Ticketing and other sending system.
  • Actively monitor and manage the DMARC compliance rates for your legitimate senders, eliminating non-compliant senders if needed.
  • Monitor DMARC compliance rates for Fraud and Phishing attacks using your brands

MxToolbox Delivery Center provides you with the capability to manage your Email Deliverability, reducing the chance that your email will be dumped to spam or junk.  Check out Delivery Centertoday, or Contact Sales for a Walkthrough of Delivery Center Managed Services.

 

Email still going to Spam and Junk?

There are many reasons an email can end up in a Spam or Junk folder.  While no system can promise 100% inbox delivery, there are things that our experts can help you with that dramatically improve email deliverability.  Let’s take a look at a few reasons why emails fail to arrive and what can and cannot be done to correct it.  

DMARC Compliance

First, if you aren’t monitoring email delivery, then you don’t know what your DMARC compliance rates are right now.  If you are say around 75%, that’s 25% of your email that fails to make it to the server, much less the inbox.  MxToolbox can help there.

Second, our DMARC compliance rates (and many of our Managed Services customers) are around 99.8%, some of the highest in the industry.  With the volume of email we send in a week, that’s still several thousand emails that fail compliance.

There are many causes of DMARC compliance issues.  Some you can control through better configuration (our specialty), some you cannot control. For example, if you have a large amount of forwarded email, SPF and DKIM will often break, making that email non-compliant.  The newly released ARC standard is starting to help reduce that breakage, however.

Blacklisting

Email sender blacklisting is still an issue.  If your email sending tools are blacklisted, then some of your email will be blacklisted.  It happens and reduces delivery rates. Again, if you aren’t monitoring it, you don’t know about it.  We know that some of our sending IPs were blacklisted in recent emails, which may send some email to spam or junk.  If you are monitoring blacklisting for all your senders, then you can identify problems with these senders and address them either by working with your sender to improve their blacklist status or finding a sender with a better reputation.  Our Adaptive Blacklisting give our customers insight into the blacklist reputation of all your senders.

The Appearance of Spam

Finally, some emails appear spammy to standardized spam rules that inbox providers apply.  This is something MxToolbox tests for before every email broadcast. You can test emails too, with Spam Analyzer.  

However, custom spam rules and customer behavior are something that no emailer can get around without feedback from users.  For example, Gmail applies custom spam rules based upon some image attachments and Outlook.com appears to automatically junk email from senders that you routinely delete without opening.  Fortunately, many inbox providers are leveraging feedback loops to provide insight to legitimate senders about their users’ behavior.

Conclusion

No email delivery tool can promise 100% inbox placement.  Email Delivery is a complicated balance leveraging existing and emerging technologies to help you business communicate your message.  Our Experts spend their days working with these technologies to help our customers improve their email delivery.  

If you have learned something from this, then maybe you can trust us to help you.