Category Archives: How to Make the Most of MxToolbox

It’s time to adopt MTA-STS

Inbox Providers like Google, Yahoo! and Outlook.com are in a constant arms race trying to protect their users from spammers, spoofers and irrelevant content. Since the late 90’s dozens of new technologies have been proposed and adopted, including: Blacklists, TLS Encryption, SPF, DKIM, DMARC, BIMI and, now, MTA-STS. With the continued progression of MTA-STS, it is now time for all domains to adopt the technology to secure inbound email and reduce the threat of spam.

What is MTA-STS?

MTA-STS is an update to TLS Encryption that allows an Inbox Provider to specify a list of secure servers to receive email and mandates a secure TLS connection to these servers. Insecure connections will not be accepted. This corrects a few of the short-comings of TLS alone: Expired TLS Security Certificates, Man-in-the-Middle Attacks and attacks that downgrade to no encryption.

How does MTA-STS Work?

When a sender wants to connect to an inbox provider or domain’s email servers to deliver email, they first query the MTA-STS DNS entry which contains the location of a policy file. The policy file is accessed via HTTPs and contains information about the correct servers to use, which must match the MX records exactly, the TLS encryption requirements, the MTA-STS policy mode and the maximum length to cache this information. Senders then encrypt communication with the servers and transmit the email.

Since the sender is required to verify the connection and it is encrypted to known servers, the sender has a slightly higher level of trust. Any sender that fails this mini test can be considered a threat.

What does MxToolbox recommend?

MxToolbox recommends that all companies setup MTA-STS for their receiving domains to inform senders that their email servers and providers accept secure message delivery using SMTP over TLS and also require that email should not be delivered using an insecure SMTP connection. When MTA-STS is enabled for your receiving domain, it requests external servers to send messages to your domain only when the SMTP connection is authenticated with a valid public certificate AND encrypted with TLS 1.2 or higher. This is a higher level of security for incoming email and should reduce spam to your domain.

In addition, you should ensure that all your domain’s email senders support MTA-STS. This includes your email server software, email marketing, and any other potential email senders: CRM, Order Management, Support, etc. Once you select a provider’s MTA-STS policy, messages sent from your domain to external servers will also comply with the standard and improve delivery.

Test Your MTA-SLS setup with MxToolbox

To help all our users get a head start with MTA-STS, we’ve created a free lookup tool as part of our SuperTool. Check your MTA-STS policy setup as well as any email sender!

The Flavors of Successfully Delivered Email

Email delivery is a complicated thing. There are multiple layers of technology protecting an inbox at modern inbox providers like Google, Yahoo! and Outlook.com. For example:

  • Blacklists are used to identify IP addresses that have spammed or otherwise should not be trusted
  • SPF identifies legitimate sending IP addresses for a domain
  • DKIM allows a domain to sign email to ensure the integrity of the email
  • DMARC enables a sending domain to get feedback from Inbox Providers on SPF and DKIM compliance
  • Inbox Providers maintain internal Unsubscribe Lists
  • Inbox Providers maintains internal Spam Lists
  • Inbox Providers run proprietary Spam Content Analyses
  • Inbox Providers monitor engagement with emails from a domain

Email Delivery Standards

Technically Delivered

In the email world, a message is considered successfully delivered when the recipient can access the email. The email could be delivered to any subfolder for example:

  • Junk
  • Spam
  • Quarantine
  • Bulk
  • Promotions
  • Customer configured Filter or Subfolder

While this does not seem optimal to the recipient or sender, the email is accessible, just not in the main Inbox.

Undelivered email is completely inaccessible to the recipient. An email could be undelivered for multiple reasons, depending on how the Inbox Provider’s algorithms work:

  • The sending IP was blacklisted so the system declared the email Spam and rejected it.
  • The Sending IP was not listed in the Sending Domain’s SPF record. This is either a misconfiguration or a sign of a deliberate spoofing attempt.
  • The DKIM signature does not align with the Sender’s signature.
  • The recipient mailbox is full
  • The recipient mailbox does not exists

Marketing Delivery Success

Marketers only see email delivery as getting the email to the recipient’s Inbox. That makes sense as their mission is only accomplished when the email is Opened, Read and relevant links Clicked.

Obviously, there’s a bit of a disconnect between how IT sees delivery and how Marketing sees delivery. Both are correct for their purposes. They are simply not speaking the same language.

MxToolbox Helps you Reach the Inbox!

MxToolbox has long developed tools and services around Mailbox Delivery. Our early Delivery Center service focused on the primary technologies supporting email delivery: Blacklisting, SPF, DKIM and DMARC. Our newest features of Delivery Center change this focus to help the Marketer reach the Inbox.

Complaints

Inbox Providers often have a list of complaints leveraged by their users against Senders. Some even allow access to these complaints, which often include email reported as spam, dead email inboxes, full inboxes and even unsubscribes done only through the Inbox Provider. Delivery Center now includes a feature to integrate and aggregate complaints and make them visible and actionable for you to improve your sending reputation with Inbox Providers. Lowering your complaints goes a long way toward making your email deliverable to the Inbox. Learn more about Complaints.

Inbox Placement

Ultimately, Marketing looks at metrics like Open Rates, Click-through Rates and Purchases to judge an email campaigns strength. However, these indicators lag something more important: Placement in the Inbox. Delivery Center now contains a tools that enables you to test the inbox placement of an email campaign both before sending it to your customers and simultaneously with the bulk emailing. Inbox Placement works across the large Inbox Providers like Google, Yahoo and Outlook.com. Learn more about Inbox Placement.

Two-Factor Authentication and Security

Security is important for any system you use, but doubly important for communications systems like email. Think about what you store in your inbox:

  • A history of all communications with important clients, friends and family
  • Irreplaceable documents
  • User ID for other accounts
  • Purchase histories at online retailers

There are probably many more things in there that you don’t want anyone else to access. It is therefore important that your email provider take precautions to safe guard your email.

Good Password Technique

Protecting valuable, private data requires good password discipline. MxToolbox has a few suggestions for passwords to improve security:

  • Do not make the password a “word” or derived from a word – The more random characters, the harder it will be for a password dictionary to crack it through guesswork
  • Do not reuse passwords – Unfortunately, site breaches and bad password file controls have exposed millions of passwords. If you reuse a password that was exposed, you are just asking for a hacker to gain access to your account.
  • Use a Random Password Generator – The more random a password, the harder it is to crack. MxToolbox has offered a free, untracked random password generator for several years.
  • Use a Password Vault – A password vault stores all of your passwords in an encrypted state that only requires a single password to access. It’s easier to remember a single, long password so a password vault takes the load of all those lengthy, random passwords for you.
  • Use Two-Factor Authentication where available

What is Two-Factor Authentication (2FA)?

Passwords are simply insufficient to protect important information. A simple password can be guessed, a password file could leak, etc. Many online companies are implementing Two-Factor Authentication to provide an additional layer of protection to sensitive information. Two-Factor Authentication, or 2FA requires a password and a code or token sent to a trusted device.

Two-Factor Authentication is common for Apple, Google and many other major website users. For example, an Apple user would see a warning on their iPhone about a sign-in to their iCloud account on an iPad or Apple computer and require using that code on the account. Google uses a similar approach through a Google Authenticator app on your phone or device. Other websites will send a text message with an authentication code that you input into the site to verify your login attempt. Regardless of the implementation, 2FA helps to ensure that the login attempt is valid by requiring access to a trusted device meaning that a hacker would have to have both the login and the device to gain access to the account.

MxToolbox Offers 2FA

MxToolbox has implemented Two-Factor Authentication across all our services. Email is the life blood of many organizations and we feel that it is important to protect our customers from potential breaches that might expose sensitive information. We highly recommend that every customer turn on 2FA for their account.

How to configure 2FA at MxToolbox

  1. Log in to your account.
  2. Click “username@mxtoolbox.com” in top right corner for dropdown menu.
  3. Click “Settings” option directly below username.
  4. Click “2 Step Verification” tab (fourth tab in header).
  5. After reading the explanation, choose either Software Token (recommended), Test Message, or Disabled and follow the instructions specific to your preference.
  6. If you see Status: Enabled to the far right of the Two-Factor Authentication (2FA) heading, you have completed MxToolbox’s 2FA process.

By utilizing 2FA, a potential compromise of just one of the two factors will not unlock your MxToolbox account. So, even if your password is stolen or your phone is lost, the chances of someone else having your second-factor information is highly unlikely. If you utilize 2FA correctly, websites and apps can be more confident of your identity and allow you secure access to accounts.

Problems with MxToolbox? Clear your Cookies

Every day, MxToolbox adds new functionality to the website. Sometimes, this puts our users and customers in strange states with their sessions and cookies.

Why Cookies?

Everyone loves cookies, tasty little crumbs of information that hang around in your browser (and sometimes your keyboard). Okay, not everyone loves cookies, but they serve a development purpose and MxToolbox uses them as part of both our Free and Paid accounts.

If our new features get in weird cookie states, we recommend that our users delete their cache and cookies and re-login to the website.

Deleting Cookies

Different browsers have different methods for clearing cache and cookies. Here are a few common examples:

MxToolbox Experts and Tools are here to help with your email delivery. Occasionally deleting cookies and clearing cache will help you access the most recent tools we have.

Email still going to Spam and Junk?

There are many reasons an email can end up in a Spam or Junk folder.  While no system can promise 100% inbox delivery, there are things that our experts can help you with that dramatically improve email deliverability.  Let’s take a look at a few reasons why emails fail to arrive and what can and cannot be done to correct it.  

DMARC Compliance

First, if you aren’t monitoring email delivery, then you don’t know what your DMARC compliance rates are right now.  If you are say around 75%, that’s 25% of your email that fails to make it to the server, much less the inbox.  MxToolbox can help there.

Second, our DMARC compliance rates (and many of our Managed Services customers) are around 99.8%, some of the highest in the industry.  With the volume of email we send in a week, that’s still several thousand emails that fail compliance.

There are many causes of DMARC compliance issues.  Some you can control through better configuration (our specialty), some you cannot control. For example, if you have a large amount of forwarded email, SPF and DKIM will often break, making that email non-compliant.  The newly released ARC standard is starting to help reduce that breakage, however.

Blacklisting

Email sender blacklisting is still an issue.  If your email sending tools are blacklisted, then some of your email will be blacklisted.  It happens and reduces delivery rates. Again, if you aren’t monitoring it, you don’t know about it.  We know that some of our sending IPs were blacklisted in recent emails, which may send some email to spam or junk.  If you are monitoring blacklisting for all your senders, then you can identify problems with these senders and address them either by working with your sender to improve their blacklist status or finding a sender with a better reputation.  Our Adaptive Blacklisting give our customers insight into the blacklist reputation of all your senders.

The Appearance of Spam

Finally, some emails appear spammy to standardized spam rules that inbox providers apply.  This is something MxToolbox tests for before every email broadcast. You can test emails too, with Spam Analyzer.  

However, custom spam rules and customer behavior are something that no emailer can get around without feedback from users.  For example, Gmail applies custom spam rules based upon some image attachments and Outlook.com appears to automatically junk email from senders that you routinely delete without opening.  Fortunately, many inbox providers are leveraging feedback loops to provide insight to legitimate senders about their users’ behavior.

Conclusion

No email delivery tool can promise 100% inbox placement.  Email Delivery is a complicated balance leveraging existing and emerging technologies to help you business communicate your message.  Our Experts spend their days working with these technologies to help our customers improve their email delivery.  

If you have learned something from this, then maybe you can trust us to help you. 

My Favorite Tools

If you are like many of our users, you have a favorite tool or set of tools that you run often.  Our customers have informed us that the “More” page is the most bookmarked page of MxToolbox.com and the one most likely for them to access to do work on a regular basis.

Introducing Favorites

In March, MxToolbox added a feature to our More/NetworkTools page that allows registered users to save a set of favorite tools.  Now, you can save a set of tools that you use frequently and access them through the “My Favorite Tools” tab.

FavoritesTab.JPG

Add a Favorite Tool by clicking the heart icon on any tool.

FavoritesTabIcon.JPG

And, boom, you have favorites.

FavoritesTabMade.JPG

Use Favorite Tools to save yourself time and effort when using MxToolbox.  Enjoy!

 

BIMI Lookup Tool

MxToolbox is excited to announce the unveiling of another free tool for your use: the new BIMI Lookup tool. This innovative tool enables you to test your Brand Indicator for Message Identification (BIMI) records, ensuring that your BIMI record is correct and adheres to the current standards.  A missing or incorrectly formatted BIMI record means your customers may not see your domain’s logo in their inboxes. 

What’s BIMI and Why’s It Such a Big Deal?

BIMI is an industry-wide standards effort to display brand logos next to the brand’s email messages in their customer’s inboxes as indicators of trust to help message recipients recognize and avoid fraudulent emails delivered to their inboxes. This new standard, which is currently in beta testing, is important to email senders and their customers alike. Businesses get a prime opportunity to add trust to the emails they send and increase the visibility and ROI of their email programs, while recipients also benefit from senders deploying DMARC and other BIMI authentication standards to reduce the success of phishing attacks.

BIMI builds off of DMARC, with some outlets calling it DMARC 2.0, and will only display if you have deployed DMARC. Several Oath brands (Yahoo!, AOL, etc.) are currently beta testing the BIMI standard with their mailbox users. Gmail will also be rolling out their own beta test of the BIMI protocol in 2020. With Gmail’s current 1.2 billion worldwide users able to see a company’s logo displayed within a year’s time, adopting the BIMI standard will be highly beneficial to your business email practices. As DMARC and BIMI work in tandem to improve message delivery, it becomes imperative your brand utilizes these pioneering email technologies and standards.

How MxToolbox’s BIMI Lookup Tool Works

The new BIMI Lookup tool allows you to check for any errors included in your BIMI record published content, syntax check content, DMARC record format, or image format content. By entering your company’s domain name and clicking the “BIMI Lookup” button, this diagnostic tool will parse the BIMI record for the supplied domain, display its BIMI record, and run a series of diagnostic checks against that specific record. The provided results will help you recognize any current issues in your BIMI record’s setup that may prevent your logo from being displayed in Yahoo!, AOL, and Gmail (early 2020) inboxes.

To learn more about BIMI and how it’ll benefit your business, please click here.

Ultimate Combo

MxToolbox’s free BIMI Lookup tool is a great way to ensure your BIMI record is setup correctly and displays your logo as intended. BIMI provides your business an opportunity to grow your brand and protect your customers. Implementing this standard and monitoring it with our new tool are positive steps in improving your business email delivery. Don’t let your messages be sent to the Junk folder anymore.

MxToolbox Updates: New Mobile/Tablet-Optimized SuperTool in Beta

MxToolbox will soon beta test a new and updated version of our SuperTool (Beta8). Some SuperTool users will receive access to this beta version, while others will continue to use the existing SuperTool.  Be on the lookout for the upcoming changes.

The SuperTool streamlines all of your MX record, DNS, blacklist, and SMTP diagnostics into one integrated tool. Everything you need to assess your business domain’s status is found with this free tool.

Our Beta8 rollout centers on increasing multi-device usage and ensuring a better, more enjoyable experience across all devices. Upgrades will be especially noticeable for users on both mobile and tablet options. From phone, tablet or laptop, the new and improved SuperTool will help retrieve all the information you seek with the aim of a better user experience than the current SuperTool.

If you receive the Beta8 version, congrats! Any feedback you could provide our team will be greatly appreciated. Please send your thoughts, concerns, and recommendations to: feedback@mxtoolbox.com.

 

A Little Blacklist History

History of Blacklists

Blacklist – in the context of technology, a list of items, such as usernames or IP addresses, that are denied access to a certain system protocol. When a blacklist is used for security purposes or access control, all entities are allowed access, minus those actually listed in the blacklist. Moreover, an email blacklist is a real-time database that utilizes criteria to determine if an IP is sending email it considers to be spam. There are many operable blacklists, and each has a unique way of accepting inbound mail and determining if messages are considered spam. Needless to say, blacklists directly impact the deliverability of your company’s emails.

Note: A Whitelist or whitelisting is NOT the opposite of a blacklist.  A whitelist is a connection or group of IP addresses that will always be accepted, typically bypassing many other security controls.  Do not ask for someone to whitelist you.

The first Domain Name System-based Blackhole List (DNSBL) was the Real-time Blackhole List (RBL) created in 1997 as a Border Gateway Protocol (BGP) list. Interestingly, the initial version of the RBL was not published using DNS, but rather a list of networks transmitted via BGP to routers owned by subscribers so that network operators could drop all TCP/IP traffic for machines used to send spam/host spam supporting services, such as a website. The term “blackhole list” is often interchanged with “blacklist” and “blocklist.”

Overview of Blacklists

Generally speaking, a DNSBL or RBL is an effort to stop email spamming. It is a blacklist of locations on the Internet believed to actively send email spam. The locations consist of IP addresses, which are typically  linked to spamming. Most mail server software can be configured to reject or flag messages that have been sent from a site listed on one or more of these lists.

Furthermore, a DNSBL is a software mechanism, rather than a specific list or policy. There are many DNSBLs in existence, which use a wide array of criteria for listing and delisting addresses. For example:

  • The IP addresses of zombie computers or other machines being used to send spam (some RBLs specialize in spam in different languages)
  • Internet service providers (ISPs) who willingly host spammers, or those which have sent spam to a honeypot system.
  • List of the IP addresses of email systems that openly relay mail (which could be used by spammers)
  • List of dynamic IP addresses at ISPs
  • List of domain names typically used in spam emails.

In order to operate a DNSBL three things are needed: a domain to host it under, a nameserver for that domain, and a list of addresses to publish.

In addition, based on data received about your IP address, there are three places for your email to end up. If your company is on a blacklist, outbound messages could end up in spam or not delivered. If in good standing, your business emails will be then go through secondary processing by the inbox provider.  Most will be delivered and show up in the inbox as intended. Most blacklist services set up their own specific methods, algorithms and honeypots and have websites that detail the reasons for listing along with delisting options.  Delisting may be requested or may be automatic in some cases (keep reading).  Note: Some less savory blacklists require a payment for delisting; Mxtoolbox does not approve of this type of business model.

What Is an IP or Domain Blacklist Problem?

Most businesses learn that their IP address is blacklisted when a customer reports missing an important email.  After multiple reports, someone usually contacts IT who looks into the problem.  Without proper monitoring of your blacklist status, your business could be at risk.

MxToolbox to the Rescue

An early innovator in addressing blacklist issues, MxToolbox built started with a free online Blacklist Check tool to help email admins, marketers, and business owners monitor their sending reputation. Since then, we have focused on email delivery solutions, introducing the most comprehensive Blacklist Monitoring service on the Internet and, now, providing DMARC-based email deliver solutions.

The Future of Blacklist Monitoring

MxToolbox believes in continually delivering innovative tools and services to help our customers who face an ever changing email world.  Recently, we released Adaptive Blacklist Monitoring, expanding the frontier of blacklist monitoring beyond traditional blacklist monitoring for businesses to answer the following questions:

  1. How do you maintain lists of all internal and external sender’s IP addresses?
  2. How do you update IP addresses being monitored when they change?
  3. How do you monitor cloud email services sending from large pools of IPs?

MxToolbox Adaptive Blacklist Monitoring leverages new technologies like SPF and DMARC to monitor your blacklist status and email deliverability across all of your senders: internal, external and cloud-based.

Automatic Monitoring

MxToolbox automatically detects all your Outbound IP addresses that you actively send email from and monitors them for blacklistings.  Add a new 3rd party sender? MxToolbox automatically monitors those new IP addresses as well. With this solution you no longer need to maintain IP lists and update monitoring.

Sender/Cloud Email Reputation

Send email through Office 365 or GSuite, etc.? MxToolbox detects the IP addresses those services are actively using to send your messages and if they are blacklisted. You can even view your sender’s reputation via MxRep to gauge how well their services are functioning.

 

New Features for MxToolbox

At MxToolbox, we’re continuously striving to provide cutting-edge tools to help our customers improve their company’s email practice. As you can see on our Network Tools page, we offer a wide-range of helpful free tools and paid products that ensure your business email platform is working at its optimal level. And since we’re routinely updating and expanding our collection of tools, we recommend you visit the page often for the latest developments. For the most recent updates and newest tools please check out the NEW! tab. Let’s take a closer look at some of the more popular MxToolbox features.

NetworkTools-21April2019

Email Tab

The email portion of the Network Tools page contains some of our most popular tools such as the MX Lookup and Blacklist Check; and offers several other essential diagnostic tools that can greatly benefit your company’s email setup. For example, the SPF, DKIM, and DMARC tools now support improved message delivery and provide feedback catered to your business domain. Moreover, the two specific DNS record generators features (SPF and DMARC) MxToolbox offers under this tab help create records for the respective protocols.

Network Tab

For this section of Network Tools, the ASN Lookup and Domain Health Report tools are highlighted points. For example, the ASN (Autonomous System Number) Lookup query takes either an AS name or AS number as input and returns the missing component. For immediate feedback regarding your domain, the Domain Health Check will execute hundreds of domain/email/network performance tests to ensure your systems are online and performing optimally. In addition, the report will provide results for your company’s domain and highlight any critical problem areas that need attention.

DNS Tab

The DNS tab provides all the key DNS tools to help make sure your DNS records are published correctly and your DNS is operating at 100% such as DNS Lookup, DNS Check, and Whois. This list of tools also contains some advanced DNS Security diagnostic tools such as nsec, rrsig, and more.

MxToolbox’s Newest Additions and Updates

Among the many email tools MxToolbox offers, there are a few that stand out. Although we love each equally, if forced to name favorites, these come to mind:

  • DMARC Report Analyzer – One of our newest tools, this feature will make DMARC Aggregate XML reports human readable by parsing and sorting them by IP address into understandable reports.
  • DMARC Generator – Another new tool we’re proud of, this generator will help you create a DMARC record specifically for the domain/subdomain that you submit. Simply put, this tool’s a must for your DMARC implementation.
  • Header Analyzer – Found under the Email tab, this tool will make email headers human readable by parsing them. This helpful feature is a popular tool to which we’ve recently added DMARC, SPF, and DKIM testing functionality.
  • Email Deliverability – Also under the Email tab umbrella, this tool has been updated for easy workability. Send a test email to us, and we take over from there to generate a comprehensive deliverability report. To receive crucial data regarding your email status, definitely try this tool.

MxToolbox strives to provide your business the most beneficial information related to your email platform. By offering your company a variety of free tools to gain optimal deliverability, we believe our tools allow your messages to be delivered successfully. This not only protects your business, but also your customers. Whether found under one or more tabs, the features shown on the Network Tools page are vital to your email rates. Be sure to explore the page and try as many as desired. We’re here to help.