Monthly Archives: February 2023

DKIM is no longer optional

DKIM has been around for more than a decade but was not widely used until the DMARC standard added DKIM alignment and authentication as one of it’s passing criteria. Even now, many of our customers are telling us that DKIM is difficult to implement and they view is as less important than a proper SPF configuration. However, a new trend is making DKIM an absolute email delivery requirement.

What is DKIM?

DKIM is a technology that allows email senders to cryptographically sign their outbound email. This signature can then be verified by the recipient as proof that the email was legitimately from the domain signing it and that the message was not altered during transit to the recipient system. You can learn more about DKIM on our blog.

How does DKIM work with DMARC?

For an email to be DMARC compliant (and therefore more likely to be accepted and make it to the Inbox), an email must either pass SPF checks or DKIM alignment and authentication checks. This allowed for some edge cases, for example: an email could fail SPF because the sending IP address was new or because Marketing adopted a new 3rd party email sender that was not in the SPF record, but if DKIM was properly implemented, it would still be DMARC compliant. Similarly, if DKIM was missing or if a forwarder had broken the DKIM signatures, then the email could be DMARC compliant if it passed SPF checks. When DMARC was still in the adoption phase, these allowances for edge cases made sense and are still part of the standard.

How did DKIM become necessary?

While the DMARC standard specifies a minimum threshold for compliance, Inbox Providers and businesses can set higher thresholds to protect their users. Our Experts are now seeing Inbox Providers and many large businesses require DKIM compliance as part of their inbound email vetting processes. Basically, if your email does not pass both SPF and DKIM compliance checks, you may not make the inbox.

Get DKIM compliant as soon as possible! The only downside is the cost of initial setup but the long-term (and potentially immediate) benefit of DKIM compliance means that you are more likely to get delivered and make the inbox.

How can MxToolbox help?

Our Experts are here to get you SPF, DKIM and DMARC compliant and help you manage the on-going maintenance that keeps your email delivery in peak form. MxToolbox Delivery Center has tools to get you DMARC compliant, test Inbox Placement and react to Recipient Complaints. Or leverage our expert team with Managed Email Services.

The Days of Unsolicited Email are Over

What is Unsolicited Email?

Sending email to any email address with which your company does not have a direct relationship is considered Unsolicited. Unsolicited email has also been called “spam” but we prefer to reserve that term for email that has a malicious component. Legitimate businesses may send an unsolicited email without it being nefarious. To get an email address legitimately, your company, domain, marketing team must have direct contact with the owner of the address.

Who is still sending Unsolicited Email?

Amazingly, many legitimate businesses are still sending unsolicited emails and some of them are quite dependent on it. While marketing best practice is to only use email addresses that have been double opted into receiving email, it is still very easy to purchase lists from events, 3rd parties, list scrapers and “related businesses”. One favored tactic is to bury the right to give the “company or its partners” the right to use an email address in the Terms and Conditions of the website or application. Most of the time, this is a legal way of ensuring that it is acceptable to send email using an email marketing service on behalf of the domain, but it can also be legal padding for reselling the email address.

It is very tempting for small or startup businesses to purchase “seed lists” to get started on their email. This is now highly risky for your brand.

What is killing it?

Inbox Providers, like Google, Yahoo and Outlook/Office365 are in a constant battle to not only eliminate malicious emails like spam, phishing attempts and malware from the inbox, but also improve email relevance.

Email is relevant when:

  1. The recipient opted to receive email from the sending domain.
  2. The user does not mark the email as spam or more it to the spam folder.
  3. The user opens the email (typically because the subject line or sending domain is interesting).
  4. The user clicks on a link in the email (typically because the content of the email is interesting).
  5. The user moves the email from the Spam Folder to the Inbox.

Inbox Providers are now aggregating statistics for email sending domains across all their hosted inboxes. This means behavior in one inbox affects your email delivery to other inboxes at the same Inbox Provider. Inbox Providers cannot measure #1, but they can, and do, measure the other parameters. High rates of being marked as spam, low open rates and low click-through rates are huge indicators that the email is unsolicited. Over time, domains that send large amounts of irrelevant, unsolicited email will be dumped in the spam folder. This type of Domain Burnout can be fatal for a domain.

How can MxToolbox help?

If you have burned out your sending domain, we can help you setup a new domain, but realize, unless you change your email practices, this will happen again. DMARC, and a DMARC management tool like MxToolbox Delivery Center will help your sending domain achieve the best possible email delivery. In addition, our Inbox Placement feature will tell you if your campaigns are being dumped into the spam folder or making it to the Inbox and which Inbox Provider you are having trouble sending to.