Category Archives: Email Delivery

Has your email been Spoofed?

Email spoofing can harm your corporate brand, decrease open rates for your legitimate email, cause legitimate email to be blocked, compromise website security and even create financial complications.  No company is totally immune from malicious email spoofing using their domain, but there are ways to protect yourself.  Spoofing comes in a few different forms:

  • Simple Domain Spoofing – a spammer sends email that looks like it is from your domain, but originates from a server that you do not control or not in your SPF record.
  • Hacked SPF Sender – A spammer hacks a legitimate sender, one listed in your SPF records, and sends email that appears to be from you.  
  • Hacked Internal Account – A hacker compromises an internal email box and sends email via legitimate sources.  
  • Similar Domain Spoofing – A spammer sets up a complete domain that has a similar name to yours.  For example, “example.com” versus “exarnple.com” or “exampIe.com”.

Recently some fraudsters were brazen enough to attempt to spoof email from MxToolbox.com.  This illustrates how our experts (and MxToolbox Delivery Center Product) protect us from fraud and phishing and how we can protect your company too.  

DNS Configuration

Good email delivery and protection from fraud and phishing attempts requires expert management of your DNS.  Four DNS protocols are particularly important:

  • SPF allows you to delegate outbound email to 3rd parties.
  • DKIM allows you to crytographically sign email to take ownership of the email you send.
  • DMARC provides two very useful features:
    • Allows you to designate email addresses to receive feedback on your email delivery.
    • Allows you to set an email delivery policy for how inbox providers handle email that isn’t DMARC compliant with either SPF or DKIM.
  • BIMI allows you to provide an icon that inbox providers may display if your email passes DMARC with a strict DMARC policy

Our spoofer used IP addresses outside of our SPF so failed SPF checks and DMARC compliance.  Additionally, our DMARC policy is set to reject, so inbox providers knew to discard these failed emails immediately.  Our expertly configured DNS helped us reduce the impact of this attack on our email delivery, our customers and the non-customers targeted.

You might think that DNS configuration is all you need to protect your email delivery, but there is more.

Visibility

SPF, DKIM and DMARC Passing Rates

While DNS configuration is the most important first step in email deliverability, you need constant visibility into your email delivery status in order to protect your brand.  MxToolbox Delivery Center provides important insight into your email delivery posture with real-time statistics on SPF, DKIM and DMARC pass and fail rates across all your email senders, legitimate and fraudulent.  

In this case, MxToolbox Experts quickly noticed a spike in email from illegitimate sources.  Delivery Center reported this spike by analyzing DMARC reports approximately 24-48 hours before we began to receive bounceback notices from targeted inbox providers.  With strict ‘Reject’ DMARC policies in effect, our Expert team could rely on most inbox providers dumping these emails without delivery, however, we needed to analyze the potential risk.

Bounce Analysis

MxToolbox Delivery Center integrates a Bounceback analysis tool that allows us to analyze bounceback email messages from dozens of inbox providers to determine the reason an email failed to make it to the intended recipient.

bouncebacktool.JPG

Bounceback messages can help you understand recent attacks and prevent new ones.  For example, a bounceback due to Reverse DNS failure, as above, is an indicator that your spammer was using a server outside of your network and not listed in your SPF as was our recent spammer.  Bounceback messages can also provide insight into other reasons for delivery failure, including blacklisting, malware/spam content and more.

Feedback Loops

The newest visibility feature of MxToolbox Delivery Center incorporates Feedback Loops.  Feedback Loops allow Inbox Providers to return information from inbox owners to the original senders, including much of the original message header.  Analyzing message content and headers returned via feedback loops gives you unique insight into how your email is being perceived by recipients.  Did the recipient report you as spam?  Was the email actually fraudulent?  Was the content yours but appeared spammy?  Feedback loops are very powerful and a necessary part of maintaining high quality email delivery.  

Get ahead with Delivery Center

To maintain the highest levels of email deliverability, businesses like yours need a proven Email Delivery management system like MxToolbox Delivery Center.  Delivery Center provides you with valuable insight into your email delivery posture and the on-going maintenance necessary to maintain peak performance:

  • Who is sending email purporting to be from your domain
  • What is the reputation of your senders’ IPs
  • Geolocation of your senders and What their blacklist reputations are
  • How your SPF, DKIM and DMARC setup is performing
  • What senders are failing DKIM
  • What senders are failing SPF verification
  • When to setup more restrictive policies for DMARC
  • What on-going maintenance you need to maintain and improve your email deliverability

 

Is your email going to Spam?

Many of our customers hear about us because their business partners tell them that a message failed to reach their inbox or was found in the spam or junk folders.  The typical cause:  a blacklisted sending IP address.  While monitoring for blacklisting is fundamental for preventing email going to spam, inbox providers are now using more technologies to prevent spam from reaching their users.  You need to step up your game!

MxToolbox is here to help

Inbox providers like Google, Outlook and Yahoo! now scan incoming messages for spammy content or words, phrases, domains, and financial requests that are frequently found in spam.  Our SpamAnalyzer tool allows you to get insight into the spammy nature of your content and make changes before you send an email to your customers.

How does it work?

Create you email in your standard mass emailing platform and send yourself a test email.  Locate the email and view the email source.  Copy the email source and paste it in our SpamAnalyzer tool.

Spam_analyzer_home

We run over 700 different types of analyses on your email and provide a detailed report on the tests.  Our report gives you the opportunity to improve your email setup and email content to give you a better chance to have your email land in inboxes and not in spam folders.

Other tools

MxToolbox focuses on providing tools and technologies to help our customers get their legitimate email to their customers, suppliers and partners.  If you are experiencing problems with email going to spam, we highly recommend a multi-step approach:

  • Check all your senders regularly for blacklisted IP addresses and domains (see Adaptive Blacklisting for our unique approach)
  • Make sure all your email senders are in your SPF record
  • Setup DKIM for all email senders
  • Setup DMARC to get feedback on your email
  • Enlist a DMARC analysis service (like MxToolbox Delivery Center) to get insight into the feedback you are receiving on SPF, DKIM and DMARC compliance and the emergence of fraud and phishing attacks using your brand
  • Analyze outgoing emails for signs of spam with SpamAnalyzer
  • Enroll in Feedback Loops to get direct customer feedback

Expert Support

MxToolbox is the expert in Email Delivery and we know that adopting email best practices can be difficult and time-consuming.  We offer a Managed Services approach to improve your email delivery allowing you to return to what you do best: your business.

A Case of Fraud and Phishing

Companies large and small are potential victims of fraud and phishing using their brands and domains.  If you leave your business unprotected, it is simple for hackers and fraudsters to leverage your domain and brand to email your customers scams.  Companies in banking, financial services and investment advice are at particular risk due to the potential for immediate financial loss.

MxToolbox Experts are here to help you prevent damage to your brand and improve your email deliverability.  Leveraging new email technologies, such as DKIM, DMARC, BIMI and others, our Managed Services team helps businesses worldwide with email deliverability and protect against fraud and phishing.

A recent Investment Advisory case study shows how MxToolbox can help:

  • Leveraging DMARC best practices to aid email deliverability
  • Improving SPF, DKIM and DMARC compliance rates
  • Implementing strict DMARC policies to prevent Fraud and Phishing
  • Dramatically Improving Email Open Rates

Read the Case Study

Case Study: Financial Services Company

MxToolbox has a decade plus history of improving email deliverability for our customers.  Occasionally, one of our customers provides insight into exactly how we helped and what it means to their business.

The recent results from a Financial Services company illustrates the way our Managed Services teams increase email delivery and open rates to generate business value.

Highlights include:

  • Implementing DNS best practices to aid email deliverability
  • Improving Email Delivery Rates
  • Dramatically Improving Email Open Rates

Read the Case Study

Email still going to Spam and Junk?

There are many reasons an email can end up in a Spam or Junk folder.  While no system can promise 100% inbox delivery, there are things that our experts can help you with that dramatically improve email deliverability.  Let’s take a look at a few reasons why emails fail to arrive and what can and cannot be done to correct it.  

DMARC Compliance

First, if you aren’t monitoring email delivery, then you don’t know what your DMARC compliance rates are right now.  If you are say around 75%, that’s 25% of your email that fails to make it to the server, much less the inbox.  MxToolbox can help there.

Second, our DMARC compliance rates (and many of our Managed Services customers) are around 99.8%, some of the highest in the industry.  With the volume of email we send in a week, that’s still several thousand emails that fail compliance.

There are many causes of DMARC compliance issues.  Some you can control through better configuration (our specialty), some you cannot control. For example, if you have a large amount of forwarded email, SPF and DKIM will often break, making that email non-compliant.  The newly released ARC standard is starting to help reduce that breakage, however.

Blacklisting

Email sender blacklisting is still an issue.  If your email sending tools are blacklisted, then some of your email will be blacklisted.  It happens and reduces delivery rates. Again, if you aren’t monitoring it, you don’t know about it.  We know that some of our sending IPs were blacklisted in recent emails, which may send some email to spam or junk.  If you are monitoring blacklisting for all your senders, then you can identify problems with these senders and address them either by working with your sender to improve their blacklist status or finding a sender with a better reputation.  Our Adaptive Blacklisting give our customers insight into the blacklist reputation of all your senders.

The Appearance of Spam

Finally, some emails appear spammy to standardized spam rules that inbox providers apply.  This is something MxToolbox tests for before every email broadcast. You can test emails too, with Spam Analyzer.  

However, custom spam rules and customer behavior are something that no emailer can get around without feedback from users.  For example, Gmail applies custom spam rules based upon some image attachments and Outlook.com appears to automatically junk email from senders that you routinely delete without opening.  Fortunately, many inbox providers are leveraging feedback loops to provide insight to legitimate senders about their users’ behavior.

Conclusion

No email delivery tool can promise 100% inbox placement.  Email Delivery is a complicated balance leveraging existing and emerging technologies to help you business communicate your message.  Our Experts spend their days working with these technologies to help our customers improve their email delivery.  

If you have learned something from this, then maybe you can trust us to help you. 

Announcing Bounceback Reporting

Emails bounce.  It’s a fact of email marketing that some percentage of your emails will not make it to the intended customer, partner or vendor.  Inbox providers are leveraging more and more technologies to prevent spam, malware and phishing attempts from making it to their users, which means there are more reasons to bounce email.  Email bouncebacks come in many forms:

  • Malformed email addresses
  • Email addresses that do not exist
  • Email box is full
  • Bad forwarding addresses
  • Blacklisted senders
  • SPF authentication failures
  • DKIM signature issues
  • DMARC authentication problems

With all these complicating factors, inbox providers have gone beyond the RFC standards in creating response codes for bounced emails.  Businesses need to keep abreast of these new responses in order to actively manage their email deliverability.

MxToolbox Bounceback Analyzer

MxToolbox experts focus on helping legitimate email senders get their mail delivered.  Our newest tool, Bounceback Analyzer, leverages our expertise in email to give you insight into the many reasons your email may be bouncing.

How does it work?

When you get a bounceback email from an inbox provider, simply copy the email and submit it to our Bounceback Analyzer tool.  Our tool will diagnose the reasons for your bounceback with our unique centralized repository of bounceback messages that span hundreds email provider responses.  Even better, if we don’t have the bounceback response in our library, the tool will let us know so we can go get it.

The Importance of Managing Email Deliverability

Your business will suffer if you are not actively managing your email deliverability.  How can you effectively communicate with your customers, vendors and partners if your email never reaches their inboxes?

Actively managing email delivery involves:

  • Monitoring Blacklist issues with your email senders
  • Monitoring and managing your email DNS configuration – MX, SPF, DKIM, DMARC and BIMI
  • Monitoring and managing SPF, DKIM and DMARC compliance rates
  • Researching Fraud and Phishing using your email domains
  • Investigating Bouncebacks
  • Leveraging Feedback loops
  • Keeping track of Email Deliverability standards and technologies

MxToolbox Experts constantly monitor trends and technologies that benefit email deliverability and incorporate those in our products.  MxToolbox Delivery Center is the best tool to actively manage your email deliverability, leveraging all of our expertise in a central integrated platform.

Feedback Loops

MxToolbox is pleased to announce our latest Email Deliverability Tool – Inbox Provider Feedback Loops.  Feedback loops are a mechanism where Inbox Providers can submit feedback about how your email recipients perceive the email you send them. With Feedback Loops, you can reduce your spend on email, improve your email deliverability and improve your email reputation.

What are Feedback Loops?

Major inbox providers world wide have created a method to let legitimate email senders obtain feedback on the email they send.  A Feedback Loop or FBL is a standardized XML format that tells a sender which of their emails have been flagged as spam and, often, by what recipients.  Some feedback loops even give insight into which emails were not flagged as spam.

How do Feedback Loops Work?

Most inbox providers allow email senders to apply for the right to receive email feedback.  The application process allows the inbox provider to verify that you are a legitimate sender and owner of the domain you are asking for feedback on.  If you are accepted, then the inbox provider will periodically send you feedback their users provide on the email they receive from your domain.

How do Feedback Loops Improve Email Deliverability?

If you are sending a large volume of email, Feedback Loops give you tremendous insight into how your email is perceived by recipients.  For example:

  • Which users routinely mark your email as “SPAM”?  You can compile a list and remove these users from email campaigns in the future, saving yourself money and improving your email deliverability.
    Note: not all inbox providers provide email addresses of users.
  • What email campaigns get the most “SPAM” warnings?  Some subject lines, body texts and graphics can be a trigger for spam.  Your marketing team can then change email copy to improve this perception and may even see open rates improve!
  • What technical problems may be causing my emails to be flagged?  Occasionally, your email configuration may be detrimental to email deliverability.  SPF, DKIM, over-aggressive re-delivery, multiple emails to the same address, etc. may cause your email to appear as spam to a user or inbox provider.

What does MxToolbox Feedback Loops do?

MxToolbox Feedback Loops goes beyond the basic feedback from Inbox Providers like Yahoo!, Rackspace and others.   We provide both the original header and our expertly tuned analysis of the “Spammy” nature of the email.  With MxToolbox Feedback Loops, you will get better insight into why the user or inbox provider flagged your email as spam and how to correct the issue in future emails.

What MxToolbox Products have Feedback Loops?

Currently, Feedback Loops are available to Delivery Center Plus and Delivery Center Managed Services customers.  Please contact support to begin testing Feedback Loops for your business.

Office 365 Joins ARC

Microsoft is the latest prominent name to adopt the Authenticated Received Chain (ARC) email protocol.  The ARC standard is now available for every Office 365 hosted mailbox. Already used by Google (Gmail, G Suite, Groups) and other email providers, the continued adoption ARC improves email delivery and security.

What Is ARC?

ARC is a new protocol designed to provide an authenticated “chain of custody” for emails. Essentially, this initiative requires that each forwarding email system handles the message in a standard way to preserve the DKIM wrappers.  This allows each inbox provider in the chain to see what other intermediaries have handled it along the way and verify the DKIM signature of the message at each step throughout the delivery process.

ARC leverages the DMARC and DKIM email authentication standards to help fight email spoofing and improve email delivery for forwarded messages.  Prior to ARC, the chain of custody may or may not have been preserved for forwarded emails, resulting in legitimate mail being rejected.  With the implementation of ARC,  email forwarded to Office 365 will be more likely to be delivered as DKIM signatures will be preserved.

Seeing the Benefits of ARC

RFC 8617, specifies the ARC standard for inbox providers, but, what does that mean for business senders?  First, you need to adopt the basic email deliverability standards – SPFDKIM and DMARC.  If you have not already read it, MxToolbox has a great guide to setting up these protocols.  Once you have SPF, DKIM and DMARC setup, inbox providers that have adopted ARC will automatically process your email appropriately.  

MxToolbox Delivery Center provides everything you need to manage the on-going maintenance of email delivery.  Learn more about Delivery Center and how we can help you with email deliverability!

BIMI Monitoring has arrived

MxToolbox is happy to announce additional support for BIMI in the form of BIMI record monitoring.  Now, you can be confident that all your important email deliverability records are properly configured and constantly monitored by our experts.

What is BIMI?

BIMI is an email delivery standard that works with other standards (SPF, DKIM and DMARC) to publish an image or logo on an end-user’s email box when an email comes from you. BIMI helps your email recipients feel confident that an email is legitimately from you and helps to protect your brand from use in fraud and phishing.

How does BIMI work?

First, you need to have SPF, DKIM and DMARC properly setup.  Next, you publish a BIMI DNS record that defines your preferred logo image.  Then, when you send email to a user on a BIMI-Supported inbox provider, like Yahoo! and, in Summer 2020, Google, the inbox provider you have a chance of displaying your logo.

Inbox providers will check for DMARC compliance on every email.  If the email passes DMARC tests, then this inbox provider will check for a BIMI record.  If a valid BIMI record is found, then the inbox provider will display your logo next to the email.  As these checks happen on each email, you need to be sure that your email is both passing DMARC and that your BIMI record is accessible every time you send email.  With a BIMI logo next to every email you send, your customers will be reassured that each email is a legitimate communication from you and have your brand top of mind.

MxToolbox BIMI Monitoring

MxToolbox is expanding our support for BIMI by announcing the inclusion of BIMI record configuration monitoring as part of MxToolbox Delivery Center.  You can already test your BIMI record with our Supertool, but now we offer integrated alerts when BIMI is non-accessible or misconfigured.

Since BIMI is dependent on SPF, DKIM and DMARC, MxToolbox highly recommends that you adopt tools, like Delivery Center, to help you setup and maintain these technologies while also monitoring your your day-to-day DMARC compliance.  MxToolbox Delivery Center leverages our email expertise to improve your email deliverability and allows you to focus on running your business.  Adding BIMI to a tool like Delivery Center will help improve your email delivery and improve the visibility of your brand.

ARC Protocol – Getting your email delivered

Recently, RFC 8617 established the Authenticated Received Chain (ARC) Protocol, a new and powerful email authentication and security standard that allows legitimate forwarded emails to be delivered without any issues.   ARC has been in testing for several years with Google and another inbox provider to transform the theoretical solution into a full-fledged standard.

What is ARC?

ARC allows mail handlers (email servers) to preserve a “chain of custody” that shows where the respective message originated and all subsequent handling entities via authentication data when forwarding emails. To get more specifics about the ARC protocol, click here.

Before ARC, a forwarded email would no longer pass DKIM alignment because there was no standard for preserving the original and subsequent DKIM signatures.  An unaligned message might then fail DMARC and be rejected by the final inbox provider and never reach your customer’s inbox.

The ARC protocol establishes a standard for preserving DKIM alignment when a message is forwarded.  This helps these messages look less suspicious to the receiving inbox providers by ensuring emails that are forwarded pass authentication and avoid being labeled as spoofed messages. 

Why is ARC important?

ARC becoming a standard applied to all inbox providers is highly important for your email deliverability. With ARC, if your business forwards email and has implemented DKIM, your email chain of custody will no longer break, resulting in higher delivery rates.  While SPF alignment breaks under most message forwarding instances, DKIM breaks when emails pass through forwarding services that modify content involving a DKIM signature. Even if the email fails SPF and DKIM validations, the inbox provider can choose to validate the ARC standard.

It is imperative that your business email implement DKIM as soon as possible to improve email deliverability and leverage the benefits of ARC.

ARC Enables more DMARC Adoption

The creation of the ARC standard shows continued support for the DKIM, SPF and DMARC standards that are the basics for email deliverability.  ARC allows messages that have been forwarded via mailing lists, list servers, and email gateways to pass DKIM authentication and not break during delivery.  DKIM is integral to achieving DMARC compliance, so the ARC standard also allows more senders to pass strict DMARC policies.  Strict DMARC block non-DMARC compliant email to improve your company’s overall email deliverability by reducing the threat of fraud and phishing using your domain.

What do I need to do to take advantage of ARC?

The first steps to leveraging ARC involve the adoption of basic email deliverability standards – SPF, DKIM and DMARC.  If you have not already read it, MxToolbox has a great guide to setting up these protocols.  Once you have SPF, DKIM and DMARC setup, inbox providers that have adopted ARC will automatically process your email appropriately.

MxToolbox Delivery Center provides everything you need to manage the on-going maintenance of email delivery.  Learn more about Delivery Center and how we can help you with email deliverability!