Author Archives: stephenmxtoolbox

Roadrunner Emails are being targeted by Spammers

We has recently seen an uptick in complaints from Roadrunner Email users. It appears that many inbox users are receiving emails that appear to be from MxToolbox.com or use links back to mxtoolbox.com. The issue is appears to be that Spammers are using an Unsubscribe link that points to mxtoolbox.com. We are not sending these emails. We suspect that this is either a failure of DMARC email processing at RoadRunner or, more likely, an Inbox Provider Insider Scam.

How to recognize Spam, Fraud and Phishing attempts

We highly recommend everyone read our post on Recognizing Fraud and Phishing Emails, but here are a few key points:

Spam and Phishing Characteristics

  • There is a financial incentive or free product
  • There is an overwhelming sense of urgency
  • The origin is a company with which you have no connection
  • The subject line is strange or hyperbolic
  • You googled the company and that’s not the business they are in

If you think it’s spam or phishing?

  • Don’t open it unless you must 
  • Don’t click on any links
  • Don’t unsubscribe 
  • Mark it as Junk with your Email Provider

How DMARC affects email acceptance

DMARC policies instruct an Inbox Provider (think gmail.com, yahoo.com or rr.com) how to process email that fails to meet DMARC compliance tests. These tests include:

  • Determining if the sending IP address is designated by the sent from Domain – SPF Compliance
  • Determining if the send included a valid cryptographic signature in the email header – DKIM Compliance

If an email is DMARC compliant, then it may be sent from a legitimate sender. If not, then it could be considered spam. A “Reject” DMARC policy, like the one MxToolbox uses instructs Inbox Providers to reject any email that fails DMARC compliance tests. If an Inbox Provider is passing email from a non-compliant source despite a reject policy, this is a problem for their users.

What Inbox Providers should do

Inbox Providers generally pay attention to the DMARC policies of sent externally. They do this for two reasons:

  • Admitting non-DMARC compliant email increases the risks of spam email making it to their users. Blocking spam before it makes it the user is both a good security measure for users and a good selling point for the provider.
  • Admitting non-DMARC compliant email increases the costs of email storage. Each spam email is small, but take as a whole, they make up more than 50% of email traffic. Doubling storage is expensive if you don’t have to.

However, some Inbox Providers may only be looking at external email, and not email sent from other Inboxes in their network. This is a mistake that we call an Inbox Provider Insider Scam.

What Roadrunner users should do

We encourage any user receiving spam that appears to be from us to let us know! Contact Us on our site and include examples so that we can track down the issue.

You can also report the spam to Roadrunner, with the actual spam email so your admins can block the messages. Demand better inbox protection from your Provider.

Google to Fully Support BIMI

This week, Google finally announced the roll-out of BIMI across all Gmail inboxes. This is great news for email delivery and email security. BIMI will give recipients more confidence in the email they receive and force senders to adopt new technologies to make email more secure.

What is BIMI?

BIMI or Brand Indicators for Message Identification, is a DNS-based email technology that allows a company to post a logo for use by inbox providers. Inbox providers, like, Google, Yahoo! and Outlook/Office365.com, can show this logo to their customers next to certified messages from that company. If the email is not compliant with DMARC, then the logo does not show. Since it’s certified by being DMARC-compliant, your customers will know that the message is really from you and you will get your logo out in front of more customers and prospects!

How do I get BIMI?

BIMI requires DMARC. Before you can get your logo to appear in Google’s inbox, you first need to get your email fully DMARC compliant and then move to strict DMARC policies. Becoming DMARC compliant isn’t easy: you need to understand who is sending email on your behalf, have them properly configured with both SPF and DKIM and regularly monitor DMARC delivery reports to understand your DMARC compliance.

Once you have your verified sources of email fully DMARC compliant, you can start moving toward stricter “Quarantine” or “Reject” policies with your DMARC configuration. Once you set DMARC policy to “100% Reject” for non-compliant email, BIMI-compliant inbox providers will start appending your logo to email from your domain.

MxToolbox is your Expert for DMARC and BIMI

To maintain the highest levels of email deliverability using DMARC, businesses like yours need a proven Email Delivery management system like MxToolbox Delivery Center.  Delivery Center provides you with valuable insight into your email delivery posture and the ongoing maintenance necessary to maintain peak performance:

  • Manage SPF, DKIM, and DMARC (and BIMI) to improve compliance and reduce the threat of fraud and phishing using your domain.
  • Review daily volume and SPF, DKIM, and DMARC compliance rates to ensure the best email deliverability.
  • Implement Feedback Loops to gain unique information on how your recipients view your emails and when they mark you as spam.
  • Gradually move your DMARC policy to Reject to enable better inbox placement opportunities and reduce the risk of Phishing and Fraud using your domain.
  • Manage the on-going requirements of maintaining high levels of email deliverability

The Economics of Blacklists

Blacklists have been around for over two decades, meaning that blacklists (blocklists or deny lists) existed before most humans were on the Internet. The goal of blacklists is to remove Spam email from the Internet, however, the implementations and algorithms vary dramatically. A few of examples:

  • Spamhaus ZEN CBL reports the IP address of sources of email that have been infected with Viruses or Malware. Even if your email was not used for spam, your computer could be.
  • NoSolicitado reports sources of Spanish language spam. There are many other language-based blocklists.
  • CASA CBL reports source of spam received by the China Anti-Spam Alliance.
  • FABELSOURCES reports entire networks that are the source of spam. There are several similar lists, including UCLPROTECTL2 and L3.
  • Open-Relays Verifying Engine Database List (ORVEDB) lists IP numbers of hosts that the Open-Relays Verifying Engine (ORVE) verified that are Open-Relays machines. Open relays are basically a purposeful or accidental email server misconfiguration that promotes spamming.
  • The Abusix Domain Blacklist contains domain names that have been identified being used in spam, phishing, or malware. Note: There are very few actual domain blacklists so the MxToolbox SuperTool also checks the IP address in the A record for the domain to see if the server has been compromised.

The Topic of Coin – How do Blacklists Make Money?

Early on Blocklists were free subscriptions for anyone to use to help reduce spam email to their servers. Since the lists were small, these were setup to be shared via FTP and then as the lists grew bigger via Realtime DNS. Many smaller blacklists are still free to query.

Eventually, security companies started to develop their own proprietary Blocklists or Deny Lists and integrate these into network appliances like firewalls, routers or email gateways. The primary economic model for blacklists is to sell their data to security-focused companies and automatically maintain the lists through remote syncing data feeds. Security services then update their hardware and software email filtering to include these lists. Often, weighing each blacklist differently but sometimes using them as a binary filter – if the sending IP is listed, deny the email.

Do blacklists charge for delisting?

MxToolbox recommends that you should never, ever pay to be delisted. All legitimate blocklists have a free method of delisting, that while sometimes slow, is still free. Fix the problem that caused you to be listed and wait it out. Delisting usually takes a week or so depending on the blocklist.

There are both for-profit and non-profit blacklists. For-profit blacklists make money by selling their lists to security companies or security minded companies for use in their products. For example, MxToolbox purchases subscriptions to some blacklists to enable our customers to lookup their blacklist status in the SuperTool.

Non-profit blacklists offer the option to donate to support them. This should never be conditional on the delisting of the IP address.

Some blacklists may offer an expedited delisting option for a fee. Sometimes this might seem like an enticing option, but, remember, MxToolbox does not recommend paying for delisting. It is your decision to pay, however, we have a few considerations:

  • Have you fixed the issue causing you to be classed as spam? If you have not fixed the issue causing you to be listed, you will be re-listed almost immediately. Paying doesn’t fix your systems or cause you to be whitelisted.
  • Do you do own the network? If you don’t own the entire network, in the case of a network or ASN listing, then you can’t stop your network or ASN neighbors from getting the entire network re-listed. It’s best to contact the network owner, ISP, datacenter provider, etc.
  • Has being blacklisted affected your email deliverability? If not, then you can wait it out. If so, then how many emails were affected? Is a small email delivery problem worth the expense?
  • Are you ready to be treated like a spammer? Blocklists with expedited pay setups sometimes assume that anyone willing to pay is a spammer. Spammers make all their money from email, so a block is potentially fatal. Legitimate businesses have other methods of customer communication. Paying could get you additional scrutiny in the future.
  • Is your IP address on multiple blacklists? If you are listed on multiple blacklists, do you want to pay multiple times or wait it out? Can you even pay to delist from all of the blocklists? Multiple listings means a serious problem, so we recommend taking care of the issue and waiting for delisting.

How do you prevent being blacklisted?

There is no one simple way to prevent blacklisting. Owning your own email servers requires constant adjustment and maintenance to prevent your systems from being used for spam or perceived as spam. Outbound email filters can help, but many companies, large and small are abandoning the idea of hosting their own email and adopting 3rd party email senders to improve email delivery. Google Workspace, Microsoft Office365, Yahoo!, Mailgun, Constant Contact, MailChimps, etc. all offer reduced risk of blacklisting by spreading email out over a large network of sending IP addresses and providing outbound email filtering.

New Technologies – DMARC, DKIM, SPF

Email delivery technologies are rapidly changing and the key to good email deliverability is actively managing your online reputation. Blacklisting is just one piece of the puzzle. SPF, DKIM and DMARC are now the most important factors at getting your email to the inbox. These technologies help identify you as the owner of the email and enable you to elicit feedback from Inbox Providers about problems with your email.

To maintain the highest levels of email deliverability using DMARC, businesses like yours need a proven Email Delivery management system like MxToolbox Delivery Center.  Delivery Center provides you with valuable insight into your email delivery posture and the ongoing maintenance necessary to maintain peak performance:

  • Manage SPF, DKIM, and DMARC (and BIMI) to improve compliance and reduce the threat of fraud and phishing using your domain.
  • Review daily volume and SPF, DKIM, and DMARC compliance rates to ensure the best email deliverability.
  • Implement Feedback Loops to gain unique information on how your recipients view your emails and when they mark you as spam.
  • Gradually move your DMARC policy to Reject to enable better inbox placement opportunities and reduce the risk of Phishing and Fraud using your domain.
  • Manage the on-going requirements of maintaining high levels of email deliverability

Recent Spikes on UCEPROTECT Level 3

Recently, we noticed an increase of in the number of ASNs (full blocks of IP addresses owned by individual Internet Providers) listed by UCEPROTECT on their Level 3, aka Draconic, blacklist. The purpose of this particular UCEPROTECT blacklist is to block ASNs that allow spam to be sent from a large number of IP addresses in the network, often these are ASNs setup for spam or providers that do not adequately police their customers. However, this includes many popular services so many legitimate businesses have also been affected.

MxToolbox Stance

  1. We provide Blacklist lookups for information purposes only. DO NOT make decisions exclusively based upon a listing on the Blacklists we check. MxToolbox is not blocking you, the Inbox Provider is blocking your email because your IP address or domain is listed on a blacklist that they are using to make email delivery decisions. We give you the opportunity to see who is listing your IP address and do not endorse any blacklist. Feel free to ignore a blacklist if you think it is not relevant.
  2. NEVER PAY to be delisted. Legitimate blacklists, including UCEPROTECT, have free ways to be delisted. In this case, the entire ASN should be automatically delisted when the UCEPROTECT SPAMSCORE for that ASN drops below a certain level in a 7 day moving average. You can learn more about how UCEPROTECT lists ASNs here.
  3. MxToolbox regularly reevaluates the list of blacklists we check. Our criteria requires the blacklist to be used to make email delivery decisions. We have noted that some companies are dropping UCEPROTECT from their decision criteria due to the recent activity. We will watch this issue but will also continue to show UCEPROTECT listings as long as they are being used for email delivery decisions.

What you can do if you are blacklisted

We know that being on a blacklist is affecting your business. Be patient! Blacklists are not out there to attack your legitimate email, they are there to protect everyone from spam and phishing attempts. They make money by being relevant to email delivery decisions and sometimes they get over zealous.

Take the opportunity to evaluate your email sending configuration, blacklists are not the only reason your email is failing to make the inbox.

  • Are you still hosting your own email? This could be an opportunity to investigate Inbox Providers that have improved spam filtering and email sending capabilities. It is easier to have all of your email blocked by a blacklisting event if you are sending from a single IP address or small block.
  • Are you using multiple 3rd party email providers? You should evaluate their performance and make sure each of them is in your SPF record and no one else.
  • Adopt DMARC. DMARC compliant email is now a requirement to get into the inbox at Google, Yahoo! and Outlook.com/Office365. If much of your email is non-compliant, you may be blocked entirely. Adopt DMARC to get information on your outbound email to become DMARC compliant or be left behind by your competitors who are.
  • Use a DMARC delivery tool. Inbox Providers give you information on your email senders, including spammers pretending to be you. You need a tool that can aggregate and analyze your email delivery posture using DMARC to improve your email configuration and block the spammers. MxToolbox Delivery Center was designed to make email delivery simpler by highlighting improvements to your email deliverability.

Is Email Secure?

Yes and No. Email is a highly valuable tool that has evolved to be more secure, but there are still ways to exploit email for nefarious purposes. Email users should be careful with how they use email and the emails they respond to. Let’s look at email security in more detail.

A Little History

Electronic mail originated on the early experimental Arpanet, the precursor to the Internet. At that point, all the interconnected servers were within high-security facilities. Since the security was on the outside, researchers did not consider protocol security; everything was sent in clear text – HTTP for browsing documents, FTP for sharing data files, and SMTP for electronic communications. When the Arpanet opened up to universities and then to businesses and private users, those same protocols were still transmitting data and passwords in clear text. Unfortunately, clear text communications are susceptible to man-in-the-middle attacks – corrupted computers or routers between the two computers in communication.

The early Internet was not secure, so new technologies were developed to improve security:

  • HTTPS to secure online transactions involving credit cards
  • SFTP to secure file transfers (now replace by HTTPS in many cases)
  • TLS to encrypt email communications between email servers

With the adoption of TLS, Transport Layer Security, email was secured from potential man-in-the-middle attacks. However, there are other ways to exploit email.

Alternate Technologies

There were other technologies that attempted to “secure” email communications, all had various degrees of success, but none of them have really gone mainstream.

  • PGP, or Pretty Good Privacy, used a Public-Private encryption key system to encrypt and decrypt email. Email was completely secure in transit, and from administrators, but unfortunately, PGP was bulky to use. TLS solved the problem of securing communication between servers without the user needing to do anything.
  • “Secure” Email Servers are web servers where communication could be secured behind a password protected web login. It was not really email but a way to communicate in an email-like fashion. You often see these secure communications websites with Legal and Medical professions, but they suffer from bulky interfaces and the inconvenience of going somewhere other than your normal email applications to view the communication.
  • Sender Verification Services respond to an unsolicited email with an email demanding the sender verify their identity. The goal here is to reduce the potential for spam and phishing attempts by creating a hurdle for senders to jump. The inbox provider then only passes on “verified” email to the user. This technique essentially removes any automated email, including newsletters, as marketing teams are unable to monitor the verification email. The downside is that a legitimate sender may not register so you miss important email.

The Threat of Spam and Phishing

Email is the #1 preferred method for perpetrating online scams. The marginal cost of sending an email is negligible and the rewards for a successful scam can be thousands or millions of dollars. According to Cisco, approximately 84% of all email is spam, much of which is phishing scams and much also escaping spam filters. By that measure, email is not “secure”.

“Securing” Email

Improving email security is not a single technology or vendor but involves changing business processes, adopting new standards and continuously adapting to the ever-evolving landscape of email scams. Some recommendations:

  • Stop hosting your own email – Inbox providers like Gmail, Office365, Yahoo!, etc. have dedicated teams to managing and blocking spam and phishing. Most businesses would benefit by leveraging these external experts and outsourcing email inbox services.
  • Turn on 2-factor authentication – Securing email communication, both sending and receiving, means securing access to email accounts. 2-Factor Authentication helps make email more secure.
  • Invest in Spam and Phishing Awareness Training – Email scams exploit human weakness through social engineering to gain access to your email, bank accounts and secure data. Training your team to recognize these scams will improve your email security.
  • Leverage DMARC and supporting technologies – SPF, DKIM, DMARC and BIMI work hand-in-hand to 1) declare who can send email on behalf of a domain, 2) digitally sign email from that domain, 3) report compliance to the sending domain, and 4) apply a corporate logo to compliant email. When a domain leverages these technologies, it is secured against being used in spam and phishing attempts and gives the recipients peace-of-mind that the email is genuine.

To maintain the highest levels of email deliverability using DMARC, businesses like yours need a proven Email Delivery management system like MxToolbox Delivery Center.  Delivery Center provides you with valuable insight into your email delivery posture and the ongoing maintenance necessary to maintain peak performance:

  • Manage SPF, DKIM, and DMARC (and BIMI) to improve compliance and reduce the threat of fraud and phishing using your domain.
  • Review daily volume and SPF, DKIM, and DMARC compliance rates to ensure the best email deliverability.
  • Implement Feedback Loops to gain unique information on how your recipients view your emails and when they mark you as spam.
  • Gradually move your DMARC policy to Reject to enable better inbox placement opportunities.
  • Manage the on-going requirements of maintaining high levels of email deliverability

On-Premise Email Security Best Practices

If your company strategy requires on-premise email management, then there are some best practices you can adopt:

  • Use Inbound Email filtering gateways – Out of the box inbound filtering either software or hardware will block most threats using threat detection algorithms. Basic gateways block blacklisted senders. More advanced options allow you to write your own acceptance policies.
  • Create Advanced Acceptance Policies – Your business is unique. Threats come in many forms. Maybe you want to filter all incoming image files or executables or maybe eliminate objectionable terms associated with risks. Sophisticated algorithms might help protect your business.
  • Accept only DMARC compliant email – One great idea that Google has pioneered is prioritizing DMARC compliant email. If you do the same, you dramatically reduce the potential for fraud and phishing emails making it to your users.
  • Setup Outbound Email filters – You do not want to become a source of spam, so setting up filters to control outbound email will reduce the risk of being blacklisted or of sending spam emails within your network.
  • Setup Advanced Outbound Policies – Advanced policies could include forcing the legal team to encrypt all outbound email or prevent emailing large files, executables, etc. Leveraging advanced policies will help make using email more secure.
  • Setup DMARC for all outbound email sources – Adopting DMARC for all your outbound email sources will help you protect your sending reputation and reduce the risk of your domain names being used in spam.
  • Invest in Spam and Phishing Awareness Training – As mentioned above, when employees are trained to recognize spam and phishing attempts, they are less likely to click on dubious links in spam and phishing attempts or click on and install malware.

While email was not initially designed with security in mind, new technologies are improving the security posture of email. Adopting these as they arise makes your business more secure and protects your users, clients and partners.

Inbox Provider Insider Junk Scams

Inbox Providers work hard to stop email fraud and phishing scams from outside. Google, Yahoo! and Office365.com all utilize a mix of algorithms that include Blacklists, SPF, DKIM and DMARC compliance, Spam scoring and Relevance scoring to make inbox placement decisions. However, scammers have found an interesting loophole, by sending the spam from the Inbox Providers servers.

How does an Insider Scam work?

The trick to sending spammy email from within an Inbox Provider’s network is first to compromise an existing email box on the provider’s servers. This can be surprisingly easy! Google, Yahoo! and Office365.com have Millions of users. Corrupt one email box and a spammer can easily send email to every user on every domain that uses the Inbox Provider’s network. For example:

  • An email from a corrupted Gmail account never leaves the Gmail network when sent to Gmail Inboxes so the email may skip other Gmail spam safeguards like content scanning and Junk/Spam folder analysis.
  • An email sent from a Gmail account passes Blacklist, SPF, DKIM and DMARC for every domain using Gmail to send email, including emails sent outside the Gmail network, giving these emails a level of trust. A corrupted Gmail account therefore has the clout of Gmail behind it.

Inbox Providers have traditionally looked at Spam and Phishing as an external threat. With the transition of email from on-premise to cloud-based solutions, internal threats with compromised accounts will force Inbox Providers to change and adopt Internal Spam and Phishing analysis algorithms.

What can you do to protect your users?

You email users need to be aware that incoming email cannot be 100% trusted, even when using a reputable Inbox Provider. Invest in Fraud and Phishing training for your staff will raise awareness and help break some of the apathy with regard to security. Read up on more ways to recognize and combat Fraud and Phishing in our previous blog entry.

What can you do to protect your outbound email?

If you are not monitoring the quality of your outbound email, you are at risk for accidentally sending Fraud and Phishing emails from your Inbox Provider and other email sources. Every business should be monitoring Blacklisting, and SPF, DKIM and DMARC compliance from all email sources. With DMARC reporting, you receive feedback on how much of your email is passing SPF, DKIM and DMARC compliance to know how likely your email will make it to the Inbox of your recipients. MxToolbox Delivery Center provides all the information you need on email from your domain.

However, DMARC reporting and Strict DMARC policies will not prevent an Inbox Provider Insider attack using your domain name. For that, you need to use another feature of MxToolbox Delivery Center, Feedback Loops. Feedback Loops provide direct feedback from email recipients at different Inbox Providers on how each recipient views the email they received from you – Did it look like Spam, Phishing or Unsolicited Email? Did they unsubscribe?

Soon, Inbox Providers will implement algorithms to protect their users, scammers will find new ways to exploit your users and your domain for their own gain. In the meantime, beware the Inbox Provider Insider scams.

What’s in my Inbox? Recent Spam and Phishing attempts

Until social engineering fails as an exploit or it becomes unprofitable to scam companies and individuals via email, there will be Spam and Phishing. Spam and Phishing now accounts for more than 50% of global email traffic and has a diverse portfolio of subjects, origins, support websites and exploit software. Rather than getting overly technical, lets discuss the Junk in our own Inbox.

What’s Junk in My Inbox?

My Spam

I get some really boring spam. Home Warranties, Insurance, Credit and Retirement planning offers are the majority of my trash, but I get some interesting consumer spam around Wild Seafood and Diet Chocolate. Why seafood and diet chocolate? I have no idea. I only moderately like seafood and hate low-end chocolate. The rest make tremendous sense – all of them have a significant financial impact.

Keys to Recognizing Spam and Phishing

  • There is a financial incentive
  • There is an overwhelming sense of urgency
  • There is a need to login or check on your account – immediately
  • The origin is a company with which you have no connection
  • The subject line is strange or hyperbolic
  • Something is offered free

If you think it’s spam or phishing?

  • Don’t open it – Legitimate emails track open rates, and so do spammers. Fraudsters know who is a decent mark if you open it.
  • Don’t click on any links – In addition to showing the spammer that you are game, they’ll now have the opportunity to try to get you to download malware, provide login details or give them your credit card.
  • Don’t unsubscribe – You just told them that your email address is valid. Spammers will use it in other attempts. They are constantly refining their pitch and you just told them one of them failed.

Things you can do…

  • If you suspect this is a legitimate communication from a website you actually use – You can go directly to the website. Don’t click the email link, instead, Google the domain or go directly to the .com.
  • If you think it is a scam – Google the subject line or the sender. If it’s a scam other people may have questions about it and many security companies keep lists of spam subject lines.
  • If you must open it – You can Google some of the content or URLs in the content. That will give you information on the potential for scam. You can also use MxToolbox’s Spam Analyzer as a gauge to test the spaminess of the email.
  • Mark it as Junk – Every Inbox Provider has a method to mark an email as Junk or Spam. This feeds into their algorithms to detect new Junk and Spam. Marking it gives your Inbox Provider additional information in their pursuit of a Spam-free inbox.

Does email content affect your email delivery?

Absolutely! Google, Outlook.com/Office365 and Yahoo! have different algorithms for picking up on Spam, Phishing and Fraud emails and content is a key factor in their decisions to place an email in the user’s inbox.

What factors do the algorithms use?

While each Inbox Provider uses a different algorithm for weighting incoming email, there are several factors that they all have in common:

  • Checking the sending IP address for Blacklisting
  • Checking the sending Domain’s SPF record for the sending IP address
  • Checking the DKIM signature in the email header against the signature in the Domain’s DKIM record
  • Passing DMARC compliance checks
  • Checking the content for blacklisted Domain names
  • Checking the “Spamminess” of the subject line and content

Obviously, there are many more concerns than content. However, content is now a deciding factor that could still place your email in Junk or Spam folders, even if you pass all the technical hurdles.

To maintain the highest levels of email deliverability using DMARC, businesses like yours need a proven Email Delivery management system like MxToolbox Delivery Center.  Delivery Center provides you with valuable insight into your email delivery posture and the ongoing maintenance necessary to maintain peak performance:

  • Manage SPF, DKIM, and DMARC (and BIMI) to improve compliance and reduce the threat of fraud and phishing using your domain.
  • Review daily volume and SPF, DKIM, and DMARC compliance rates to ensure the best email deliverability.
  • Implement Feedback Loops to gain unique information on how your recipients view your emails and when they mark you as spam.
  • Gradually move your DMARC policy to Reject to enable better inbox placement opportunities.
  • Manage the on-going requirements of maintaining high levels of email deliverability

What do Inbox Providers look for in the content?

Again, Inbox Providers maintain different proprietary algorithms for analyzing the quality of incoming email content. However, we do have some suggested best practices to help you reach the inbox.

  • Keep subject lines relevant to the content and less sensationalized – We know the goal is to improve open rates, but if your subject line is too sensational or feels like click-bait, it will may mean the email never reaches your target.
  • Refrain from subjects that are frequently used in spam – This may go without saying, but advertising adult pills, adult recreation, bitcoin, super cheap handbags, etc. will probably put your email directly in the spam folder.
  • Avoid talking about money too often – We know you need to put the price of an item in an email. That’s totally fine. However, avoid making the entire email an inventory price list or talking about large sums of money. A local retailer we know put the pricing of single items, 6-packs and 12-packs for over a dozen items in every weekly newsletter. The spam folder was their most common destination.
  • Avoid ALL CAPS – Proper language usage is expected. If many words are all capitalized, you are shouting and begging for attention, and to be placed in the Spam folder.
  • Avoid too much hyperbole or sensationalism – Talking about being the best occasionally will not kill your content, but lots of exclamation points are a sure fire way to make an email appear to be spam.
  • Avoid links to 3rd party sites – You should own the content on your website and within your email. Linking off to a website that is not the origin of the email can be a huge red flag.
  • Avoid attachments – Attachments can be dangerous ways to distribute malware and viruses. Regardless of your intent, an email campaign with attachments is a mistake that looks like spam.
  • Have an Unsubscribe feature – Anti-spam legislation requires an unsubscribe link, so you will be violating the law not to have one, but you also look spammy if you lack the feature.

MxToolbox Spam Analyzer will help you analyze your email for problematic content and give you insight into the potential for rejection

Are you sending meaningful content?

Staying connected to customers is important for your business to thrive. The email messages you send should follow the same marketing rules that have existed for years. Be sure to following marketing best practices before sending an email campaign:

  • Are you providing real value to your audience?
  • Does your content align with your brand’s voice?
  • Does your content offer a new, unique perspective?
  • Can you support your content with data and examples?

Ignoring these best practices can make a difference between high open rates, good click-through rates and immediate unsubscribes.

If email technology feels daunting, MxToolbox Managed Services will reduce your burden. Our highly experienced team provides a Managed Services option that will help keep your email delivery at the highest possible levels.

  • Setup your SPF, DKIM and DMARC records properly
  • Manage incremental DMARC policy changes to reduce phishing and protect your reputation
  • Monitor your 3rd party providers’ reputations so you know who is at risk
  • Be alerted to phishing outbreaks using your brand so you can notify customers and vendors
  • Keep up with emerging email delivery technologies like BIMI, ARC, Feedback Loops and more…
  • On-going maintenance as email threats, configurations and standards change

Google Leverages DMARC to Block Scams

“In these uncertain times…”

Okay, we had to say it. It’s all over the place. In our estimation, 8 months into COVID, you are still receiving 2-3 of these emails a week. And, you are not alone. Google announced in April that it blocked 18 million daily malware and phishing emails related to COVID-19 in a week’s span and the more than 240 million coronavirus-related daily spam messages currently being floated. And, Google is leveraging DMARC as the workhorse.

Protect your email with DMARC

DMARC helps an Inbox Provider, like Google, determine legitimate email from potential junk, spam, phishing or fraud. An email that is DMARC compliant most likely came from a legitimate source. Google and other Inbox Providers use DMARC to make acceptance and inbox placement decisions. So, DMARC compliance can help elevate your email and protect your business email against malicious attacks.

Without DMARC, your business email is highly vulnerable to online impersonators exploiting this pandemic. If you can be impersonated because you have not implemented DMARC, you are at risk. Adopt DMARC as soon as possible. It protects your outbound messages and improves your deliverability rates. With DMARC and BIMI, your customers will more likely view your email, which boosts your company’s brand reputation and brings both parties peace of mind.

MxToolbox’s Delivery Center helps you adopt DMARC

The MxToolbox Delivery Center is your comprehensive service for understanding email sent on your company’s behalf. It provides you expert monitoring with answers to the following questions:

  • Who sends email purporting to be from your domain?
  • What is the reputation of your senders’ IPs?
  • What is the geolocation of your senders and what are their blacklist reputations?
  • How are your DMARC, SPF, and DKIM setups performing?
  • Which senders are failing SPF?
  • Which senders are failing DKIM?
  • When to implement stricter DMARC policies?
  • What ongoing maintenance is needed to improve your email deliverability?

Our Delivery Center offers everything you need to confirm the proper configuration and ongoing maintenance of your email delivery settings. Let MxToolbox’s email experts do the work for you.

DKIM Signature Tags, A Primer

DKIM is a form of email authentication that allows an organization to claim responsibility for a message by signing it in a way that can be validated by the recipient. DKIM Authentication is an important part of DMARC compliance and obtaining the best email deliverability possible for your domain.

DKIM tags are located within the actual DKIM-Signature header data. A tag is typically a single letter followed by an equal sign (=). The value of each DKIM tag denotes a specific piece of intel about the email sender, the message itself, and its public key location.

There are several tags available to an email sender using DKIM, with some being required and some being optional. If a required tag is omitted in the DKIM signature, a verification error with the mailbox provider will occur. Of note, tags included in the DKIM signature that do not have a value assessed are treated as having an empty value. However, tags not included in the DKIM signature are treated as having the default value.

Required DKIM Tags

Below are the required tags of a DKIM-Signature header. Any DKIM signatures missing these tags will produce an error during the verification process.

  • v= version of DKIM standard being used. The value should always be set to 1.  
  • a= cryptographic algorithm used to generate the signature. The value should be rsa-sha256.
  • d= domain used with the selector record (s=) to locate the public key. The value is a domain name owned by the sender.
  • s= selector record name used with the domain to locate the public key in DNS. The value is a name or number created by the sender.
  • h= list of headers that will be used in the signing algorithm to create the hash found in the b= tag. The order of the headers in the h= tag is the order in which they were presented during DKIM signing; therefore, it is also the order in which they should be presented during verification. The value is a list of header fields that will not change or be removed.
  • bh= computed hash of the message body. The value is a string of characters representing the hash determined by the hash algorithm.
  • b= cryptographic signature of the headers listed in the h= tag. This hash is also called the DKIM signature.

Optional DKIM Tags

Recommended

Below are the optional tags that are typically recommended in a DKIM-Signature header. DKIM signatures missing these tags will not produce an error during verification, but they are recommended as a means to help identify spam.

Note: Spammers do not normally set time values. Empty or incorrect time values, such as an expiration time dated before the email timestamp, will cause some mailbox providers to reject the message.

  • t= DKIM signature timestamp. It is meant to indicate the time the message is sent. The format is the number of seconds from 00:00:00 on January 1, 1970 (UTC).
  • x= DKIM signature expiration time in the same format as above. The value of this tag must be greater than the value of the timestamp tag if both are used in the DKIM signature. DKIM signatures could be considered invalid if the verification time at the verifier is past the expiration date, so be sure not to set the expiration date too soon.

Not Required

Below are the optional tags that are not required in the DKIM signature.

  • c= canonicalization algorithm that defines to a mailbox provider what level of modifications may be present as the email is in transit to the mailbox provider. Modifications can include whitespace or line wrapping. Some email servers make minor modifications to the email during transit, which can invalidate the signature.
  • i= identity of the user or agent. The value is an email address containing the domain or subdomain as defined in the d= tag.

Not Recommended

Below are the optional tags that are not recommended in any DKIM signature.

  • l= number of characters from the message body that were used to compute the body hash (bh=). If this value is not present, it is assumed the entire message body was used. This tag can be difficult to control and could lead to verification errors.
  • z= list of the message’s original headers and may differ from the headers listed in the h= tag. This tag may be used by some mailbox providers in the process of diagnosing a verification error. Its value is not well defined.

MxToolbox Delivery Center helps you with DKIM Compliance

To maintain the highest levels of email deliverability using DKIM, businesses like yours need a proven Email Delivery management system like MxToolbox Delivery Center.  Delivery Center provides you with valuable insight into your email delivery posture and the ongoing maintenance necessary to maintain peak performance:

  • Manage SPF, DKIM, and DMARC (and BIMI) to improve compliance and reduce the threat of fraud and phishing using your domain.
  • Review daily volume and SPF, DKIM, and DMARC compliance rates to ensure the best email deliverability.
  • Implement Feedback Loops to gain unique information on how your recipients view your emails and when they mark you as spam.
  • Gradually move your DMARC policy to Reject to enable better inbox placement opportunities.
  • Manage the on-going requirements of maintaining high levels of email deliverability