Category Archives: Email Delivery

Does email content affect your email delivery?

Absolutely! Google, Outlook.com/Office365 and Yahoo! have different algorithms for picking up on Spam, Phishing and Fraud emails and content is a key factor in their decisions to place an email in the user’s inbox.

What factors do the algorithms use?

While each Inbox Provider uses a different algorithm for weighting incoming email, there are several factors that they all have in common:

  • Checking the sending IP address for Blacklisting
  • Checking the sending Domain’s SPF record for the sending IP address
  • Checking the DKIM signature in the email header against the signature in the Domain’s DKIM record
  • Passing DMARC compliance checks
  • Checking the content for blacklisted Domain names
  • Checking the “Spamminess” of the subject line and content

Obviously, there are many more concerns than content. However, content is now a deciding factor that could still place your email in Junk or Spam folders, even if you pass all the technical hurdles.

To maintain the highest levels of email deliverability using DMARC, businesses like yours need a proven Email Delivery management system like MxToolbox Delivery Center.  Delivery Center provides you with valuable insight into your email delivery posture and the ongoing maintenance necessary to maintain peak performance:

  • Manage SPF, DKIM, and DMARC (and BIMI) to improve compliance and reduce the threat of fraud and phishing using your domain.
  • Review daily volume and SPF, DKIM, and DMARC compliance rates to ensure the best email deliverability.
  • Implement Feedback Loops to gain unique information on how your recipients view your emails and when they mark you as spam.
  • Gradually move your DMARC policy to Reject to enable better inbox placement opportunities.
  • Manage the on-going requirements of maintaining high levels of email deliverability

What do Inbox Providers look for in the content?

Again, Inbox Providers maintain different proprietary algorithms for analyzing the quality of incoming email content. However, we do have some suggested best practices to help you reach the inbox.

  • Keep subject lines relevant to the content and less sensationalized – We know the goal is to improve open rates, but if your subject line is too sensational or feels like click-bait, it will may mean the email never reaches your target.
  • Refrain from subjects that are frequently used in spam – This may go without saying, but advertising adult pills, adult recreation, bitcoin, super cheap handbags, etc. will probably put your email directly in the spam folder.
  • Avoid talking about money too often – We know you need to put the price of an item in an email. That’s totally fine. However, avoid making the entire email an inventory price list or talking about large sums of money. A local retailer we know put the pricing of single items, 6-packs and 12-packs for over a dozen items in every weekly newsletter. The spam folder was their most common destination.
  • Avoid ALL CAPS – Proper language usage is expected. If many words are all capitalized, you are shouting and begging for attention, and to be placed in the Spam folder.
  • Avoid too much hyperbole or sensationalism – Talking about being the best occasionally will not kill your content, but lots of exclamation points are a sure fire way to make an email appear to be spam.
  • Avoid links to 3rd party sites – You should own the content on your website and within your email. Linking off to a website that is not the origin of the email can be a huge red flag.
  • Avoid attachments – Attachments can be dangerous ways to distribute malware and viruses. Regardless of your intent, an email campaign with attachments is a mistake that looks like spam.
  • Have an Unsubscribe feature – Anti-spam legislation requires an unsubscribe link, so you will be violating the law not to have one, but you also look spammy if you lack the feature.

MxToolbox Spam Analyzer will help you analyze your email for problematic content and give you insight into the potential for rejection

Are you sending meaningful content?

Staying connected to customers is important for your business to thrive. The email messages you send should follow the same marketing rules that have existed for years. Be sure to following marketing best practices before sending an email campaign:

  • Are you providing real value to your audience?
  • Does your content align with your brand’s voice?
  • Does your content offer a new, unique perspective?
  • Can you support your content with data and examples?

Ignoring these best practices can make a difference between high open rates, good click-through rates and immediate unsubscribes.

If email technology feels daunting, MxToolbox Managed Services will reduce your burden. Our highly experienced team provides a Managed Services option that will help keep your email delivery at the highest possible levels.

  • Setup your SPF, DKIM and DMARC records properly
  • Manage incremental DMARC policy changes to reduce phishing and protect your reputation
  • Monitor your 3rd party providers’ reputations so you know who is at risk
  • Be alerted to phishing outbreaks using your brand so you can notify customers and vendors
  • Keep up with emerging email delivery technologies like BIMI, ARC, Feedback Loops and more…
  • On-going maintenance as email threats, configurations and standards change

Google Leverages DMARC to Block Scams

“In these uncertain times…”

Okay, we had to say it. It’s all over the place. In our estimation, 8 months into COVID, you are still receiving 2-3 of these emails a week. And, you are not alone. Google announced in April that it blocked 18 million daily malware and phishing emails related to COVID-19 in a week’s span and the more than 240 million coronavirus-related daily spam messages currently being floated. And, Google is leveraging DMARC as the workhorse.

Protect your email with DMARC

DMARC helps an Inbox Provider, like Google, determine legitimate email from potential junk, spam, phishing or fraud. An email that is DMARC compliant most likely came from a legitimate source. Google and other Inbox Providers use DMARC to make acceptance and inbox placement decisions. So, DMARC compliance can help elevate your email and protect your business email against malicious attacks.

Without DMARC, your business email is highly vulnerable to online impersonators exploiting this pandemic. If you can be impersonated because you have not implemented DMARC, you are at risk. Adopt DMARC as soon as possible. It protects your outbound messages and improves your deliverability rates. With DMARC and BIMI, your customers will more likely view your email, which boosts your company’s brand reputation and brings both parties peace of mind.

MxToolbox’s Delivery Center helps you adopt DMARC

The MxToolbox Delivery Center is your comprehensive service for understanding email sent on your company’s behalf. It provides you expert monitoring with answers to the following questions:

  • Who sends email purporting to be from your domain?
  • What is the reputation of your senders’ IPs?
  • What is the geolocation of your senders and what are their blacklist reputations?
  • How are your DMARC, SPF, and DKIM setups performing?
  • Which senders are failing SPF?
  • Which senders are failing DKIM?
  • When to implement stricter DMARC policies?
  • What ongoing maintenance is needed to improve your email deliverability?

Our Delivery Center offers everything you need to confirm the proper configuration and ongoing maintenance of your email delivery settings. Let MxToolbox’s email experts do the work for you.

DKIM Signature Tags, A Primer

DKIM is a form of email authentication that allows an organization to claim responsibility for a message by signing it in a way that can be validated by the recipient. DKIM Authentication is an important part of DMARC compliance and obtaining the best email deliverability possible for your domain.

DKIM tags are located within the actual DKIM-Signature header data. A tag is typically a single letter followed by an equal sign (=). The value of each DKIM tag denotes a specific piece of intel about the email sender, the message itself, and its public key location.

There are several tags available to an email sender using DKIM, with some being required and some being optional. If a required tag is omitted in the DKIM signature, a verification error with the mailbox provider will occur. Of note, tags included in the DKIM signature that do not have a value assessed are treated as having an empty value. However, tags not included in the DKIM signature are treated as having the default value.

Required DKIM Tags

Below are the required tags of a DKIM-Signature header. Any DKIM signatures missing these tags will produce an error during the verification process.

  • v= version of DKIM standard being used. The value should always be set to 1.  
  • a= cryptographic algorithm used to generate the signature. The value should be rsa-sha256.
  • d= domain used with the selector record (s=) to locate the public key. The value is a domain name owned by the sender.
  • s= selector record name used with the domain to locate the public key in DNS. The value is a name or number created by the sender.
  • h= list of headers that will be used in the signing algorithm to create the hash found in the b= tag. The order of the headers in the h= tag is the order in which they were presented during DKIM signing; therefore, it is also the order in which they should be presented during verification. The value is a list of header fields that will not change or be removed.
  • bh= computed hash of the message body. The value is a string of characters representing the hash determined by the hash algorithm.
  • b= cryptographic signature of the headers listed in the h= tag. This hash is also called the DKIM signature.

Optional DKIM Tags

Recommended

Below are the optional tags that are typically recommended in a DKIM-Signature header. DKIM signatures missing these tags will not produce an error during verification, but they are recommended as a means to help identify spam.

Note: Spammers do not normally set time values. Empty or incorrect time values, such as an expiration time dated before the email timestamp, will cause some mailbox providers to reject the message.

  • t= DKIM signature timestamp. It is meant to indicate the time the message is sent. The format is the number of seconds from 00:00:00 on January 1, 1970 (UTC).
  • x= DKIM signature expiration time in the same format as above. The value of this tag must be greater than the value of the timestamp tag if both are used in the DKIM signature. DKIM signatures could be considered invalid if the verification time at the verifier is past the expiration date, so be sure not to set the expiration date too soon.

Not Required

Below are the optional tags that are not required in the DKIM signature.

  • c= canonicalization algorithm that defines to a mailbox provider what level of modifications may be present as the email is in transit to the mailbox provider. Modifications can include whitespace or line wrapping. Some email servers make minor modifications to the email during transit, which can invalidate the signature.
  • i= identity of the user or agent. The value is an email address containing the domain or subdomain as defined in the d= tag.

Not Recommended

Below are the optional tags that are not recommended in any DKIM signature.

  • l= number of characters from the message body that were used to compute the body hash (bh=). If this value is not present, it is assumed the entire message body was used. This tag can be difficult to control and could lead to verification errors.
  • z= list of the message’s original headers and may differ from the headers listed in the h= tag. This tag may be used by some mailbox providers in the process of diagnosing a verification error. Its value is not well defined.

MxToolbox Delivery Center helps you with DKIM Compliance

To maintain the highest levels of email deliverability using DKIM, businesses like yours need a proven Email Delivery management system like MxToolbox Delivery Center.  Delivery Center provides you with valuable insight into your email delivery posture and the ongoing maintenance necessary to maintain peak performance:

  • Manage SPF, DKIM, and DMARC (and BIMI) to improve compliance and reduce the threat of fraud and phishing using your domain.
  • Review daily volume and SPF, DKIM, and DMARC compliance rates to ensure the best email deliverability.
  • Implement Feedback Loops to gain unique information on how your recipients view your emails and when they mark you as spam.
  • Gradually move your DMARC policy to Reject to enable better inbox placement opportunities.
  • Manage the on-going requirements of maintaining high levels of email deliverability

Why do you need DMARC?

At MxToolbox, we keep saying “DMARC adoption is imperative for successful delivery of your business email“. Without implementing DMARC, your messages are vulnerable to poor inbox placement, and fraud, phishing and spoofing campaigns. The DMARC standard gives you visibility into who is sending email “from” your domain, including bad actors. And, big Inbox Providers are prioritizing DMARC-compliant email for inbox placement. If you don’t adopt DMARC, you will behind your competitors.

Inbox Provider DMARC Adoption is Increasing

The major Inbox Providers like Google and Yahoo! have supported DMARC for several years. About 80% of the world’s inboxes run DMARC checks on inbound messages, and enforce the domain owner’s DMARC policies. This includes essentially all U.S.-based email providers (Gmail, Yahoo!, Outlook).

In addition, a recent study found the number of email domains that have implemented DMARC has now exceeded the one million mark.1 This is an increase of over 48% from the previous year, and nearly 2.5 times the number of DMARC records from two years ago. It is now likely that your competitors are adopting DMARC to get better inbox placement and protect their domains against fraud and phishing. It’s time you joined them.

MxToolbox Helps You Adopt DMARC

To maintain the highest levels of email deliverability using DMARC, businesses like yours need a proven Email Delivery management system like MxToolbox Delivery Center.  Delivery Center provides you with valuable insight into your email delivery posture and the ongoing maintenance necessary to maintain peak performance:

  • Manage SPF, DKIM, and DMARC (and BIMI) to improve compliance and reduce the threat of fraud and phishing using your domain.
  • Review daily volume and SPF, DKIM, and DMARC compliance rates to ensure the best email deliverability.
  • Implement Feedback Loops to gain unique information on how your recipients view your emails and when they mark you as spam.
  • Gradually move your DMARC policy to Reject to enable better inbox placement opportunities.
  • Manage the on-going requirements of maintaining high levels of email deliverability

1 https://www.valimail.com/resources/email-fraud-landscape-summer-2020/

AMP for Email

What is AMP for email?

Accelerated Mobile Pages (AMP) is a way to provide dynamic email to recipients. This technology combines HTML, CSS, and JavaScript components to deliver engaging content quickly to customers on mobile devices.

In 2015, Google initially released AMP for websites. Four years later, AMP for email was introduced, providing email developers and marketers increased functionality. The technology’s goal is to deliver interactive content within emails that loads promptly to inboxes.

AMP and Gmail

Google and now Gmail is the driving force behind AMP adoption. Before to 2019, if your business considered the AMP email technology, you were limited to Gmail users as targets, which for most marketers is a sizable opportunity. Recently, other email providers have implemented the AMP framework, making it more relevant to business communications. If AMP becomes a standard practice, even more email providers will undoubtedly offer this technology.

AMP is far less constrained than traditional email. Some of the main aspects you can use in AMP emails are discussed below.

Dynamic content

Overall, email content has been static which can make for bland reading. AMP for email changes that practice by displaying dynamic content for more versatile engagement.

Layout

AMP for email opens up the layout of traditional email with elements such as a carousel for media, lightboxes for images and text, and accordions for showing and hiding sections. This aspect lets AMP users upgrade messages to make more impactful experiences.

Media

With AMP, media loads quickly, allowing for better customer experience. AMP for email provides efficiency and speed without compromising design.

Should you adopt AMP?

Although AMP for Email is still being rolled out, it appears to be trending toward implementation by the majority of email providers. While email deliverability is still the biggest factor in getting your message to your customers, AMP for Email could be an interesting technology to leverage once your email is delivered.

MxToolbox and Email Deliverability

To maintain the highest levels of email deliverability, businesses like yours need a proven Email Delivery management system like MxToolbox Delivery Center.  Delivery Center provides you with valuable insight into your email delivery posture and the ongoing maintenance necessary to maintain peak performance:

  • Manage SPF, DKIM, and DMARC (and BIMI) to improve compliance and reduce the threat of fraud and phishing using your domain.
  • Review daily volume and SPF, DKIM, and DMARC compliance rates to ensure the best email deliverability.
  • Implement Feedback Loops to gain unique information on how your recipients view your emails and when they mark you as spam.
  • Gradually move your DMARC policy to Reject to enable better inbox placement opportunities.
  • Manage the on-going requirements of maintaining high levels of email deliverability

If AMP for Email becomes a standard, expect MxToolbox to add free tools to the site and new features to Deliver Center to help you adopt AMP.

Phishing Risk – Domain Registrars

Email Fraud and Phishing is a huge risk for both consumers and businesses.  In 2019, the FBI estimated that people lost over $57M to email fraud and phishing attacks.  Fortunately, there are ways to protect yourself and your business.

Inbox Protection

For consumers and businesses, being vigilant in recognizing the potential for fraud and phishing via email is important.  The FTC has created good guidelines to help you recognize inbound email phishing and you can read more about recognizing phishing on MxToolbox’s Blog.  Unfortunately, people are pretty bad at recognizing phishing emails, so depending on your users to protect your business from phishing scams is not enough, you need technological assistance.

Inbox Provider Protection

Your email inbox provider is trying to protect you from fraud and phishing emails by using DMARC as a decision criteria for inbox placement.  DMARC does three important things for email senders:

  1. Obtain feedback on how much of your email is passing SPF, DKIM and DMARC checks
  2. Obtain forensic examples of failed emails
  3. Set a policy for how Inbox Providers handle email that fails DMARC checks

A sender using DMARC is therefore more likely to manage email delivery and less likely to be a source of spam, malware, fraud or phishing.   Senders can even instruct Inbox Providers to Reject email that fails DMARC compliance checks.  Inbox providers then protect their users from fraud and phishing by prioritizing DMARC compliant email.

Vendor Sender Protection

A Vendor that sets up and maintains DMARC and sends DMARC compliant email will protect its own brand from being used in fraud and phishing emails and protect the recipients of their email.  Therefore, it is important to check the DMARC status of any potential vendors.  

In this on-going series, MxToolbox will report upon the DMARC status of key service areas.  Today:

Domain Registrars – Do they protect their customers from fraud and phishing?

TLDR:  Some, not all. 

DMARC adoption by the top 30 domain registrars is currently ahead of the Alexa 1000 and the Fortune 500, but not complete.  With 30% of Domain Registrars not adopting DMARC yet, there is a lot of room for improvement.  In addition, only 21% of Domain Registrars have adopted strict Reject DMARC policies to protect their customers from fraud and phishing attempts using the registrars domain. 

The Risk

If a Domain Registrar has not adopted DMARC and more secure DMARC Reject policies, the risk of their domain being used in fraud and phishing emails is particularly high.  If a single email slips through your mental filter, a fraudster could gain your legitimate credentials to your domain registrar and make potentially fatal changes to your domain setup.  For example:

  • Redirecting traffic from your website to theirs
  • Setting up a phishing website in a subdomain of your own domain to gain your customers information
  • Changing your SPF record to include their IP addresses to further the email phishing scam
  • All of the above.

Domain Registrars are a critical component of e-commerce.  If they are not protecting themselves from being used in fraud and phishing attacks, they put their customer businesses at risk.

The Solution

There are a few simple ways to protect your business from fraud and phishing by vendors:

  • Check any vendor you do business with for a DMARC record.  
  • Prioritize vendors with DMARC policies set to Reject.
  • If you are tied to a vendor who has not adopted DMARC, it’s time to pressure them to do so.
  • Adopt DMARC for your own email communications.

How can you adopt DMARC?

Adopting DMARC is a multi-step process requires on-going management.

  1. Setup SPF record to include all your known senders
  2. Setup DKIM signatures at all your known senders
  3. Create a DMARC record to get feedback on your email
  4. Identify new legitimate sources of email from the DMARC reports and add them to your SPF and DKIM setups
  5. Identify fraud and phishing from DMARC reports and warn your users and email recipients.
  6. Gradually adopt restrictive policies once you have identified all legitimate sources of email using your domain name

Repeat steps 4 and 5 regularly as you may add and remove systems and vendors that send email on behalf of your domain.  In addition, DMARC reports can be difficult to read, particularly when you have a large volume of email.  Investing in a partner to help you on your DMARC journey is important. 

MxToolbox Delivery Center

To maintain the highest levels of email deliverability, businesses like yours need a proven Email Delivery management system like MxToolbox Delivery Center.  Delivery Center provides you with valuable insight into your email delivery posture and the ongoing maintenance necessary to maintain peak performance:

  • Manage SPF, DKIM, and DMARC (and BIMI) to improve compliance and reduce the threat of fraud and phishing using your domain.
  • Review daily volume and SPF, DKIM, and DMARC compliance rates to ensure the best email deliverability.
  • Implement Feedback Loops to gain unique information on how your recipients view your emails and when they mark you as spam.
  • Gradually move your DMARC policy to Reject to enable better inbox placement opportunities.
  • Manage the on-going requirements of maintaining high levels of email deliverability

The State of Government Email Delivery

Recently the CDC found itself in the awkward position of advising the public on email fraud and phishing.  The reason: COVID contact tracing efforts have been thwarted by fraudulent email from professional phishing groups.  Email phishing and email delivery are a systemic problem for governments and businesses alike.

As more federal, state and local agencies move online they generate more email to their constituents and users. Whether you are receiving confirmation on your recent driver’s license renewal or setting up a meeting about property taxes, ensuring the email reaches your inbox is a major concern.  Unfortunately, the majority of American governmental agencies are poorly positioned to deliver email.

Blacklisting

Inbox providers use blacklists to filter incoming email.  Email from IP addresses of a blacklist or containing Domain names on blacklists will be blocked or thrown into the Spam or Junk folders.  

Unfortunately, on average 3.3% of government domains are blacklisted, meaning that their email is in jeopardy of being blocked.  

AgencyBlacklist %
City3.8%
County3.8%
Federal Agency – Executive1.1%
Federal Agency – Judicial0.0%
Federal Agency – Legislative4.4%
State3.3%

City, County and State governments represent the majority of government domains and the highest percentage of blacklisted agencies, excluding the Legislative branch of the Federal government.  This puts email correspondence with these smaller agencies in jeopardy.

SPF

SPF is a technology that allows a domain to designate a list of IP addresses or domains as legitimate senders on behalf of that domain.  For example, your company could use MailChimps or SalesForce to send email to marketing and sales customers.  SPF allows you to designate those two companies as valid senders and only these domains.  Anyone else trying to send email using your domain would fail the SPF checks that inbox providers run on incoming email.  A failed SPF check means that the email may be blocked or dumped to the Spam or Junk folders.

Agency Type% SPF
City72.7%
County70.1%
Federal Agency – Executive93.9%
Federal Agency – Judicial73.9%
Federal Agency – Legislative22.8%
State40.1%

MxToolbox’s survey clearly shows that State and Legislative Agencies are failing to adequately use SPF to protect their email delivery.  While City and County agencies fare slightly better, SPF adoption is required to get email to the inbox.  Without SPF, anyone can attempt to send email that appears to come from a government agency, creating the potential for fraud and phishing using that agency’s domain name.  

The lone bright spot in our survey is the Executive Branch of Federal government.  The nearly 94% adoption of SPF reflects the Department of Homeland Security’s requirement to fully adopt DMARC by October of 2018 (SPF is a key component of DMARC).  While some departments are behind, the DHS directive has definitely been successful. All US agencies need to make adopting SPF, and DMARC a priority to improve email delivery and protect their recipients from fraud and phishing using government domains. 

DMARC

DMARC is a standard that allows a domain owner to do several things:

  • Assign email addresses to be used for feedback from inbox providers regarding SPF, DKIM and DMARC compliance.
  • Assign email addresses to be used for forensic samples of emails that fail SPF, DKIM or DMARC compliance.
  • Set a Policy for how Inbox Providers should handle email from the domain that fails SPF, DKIM or DMARC compliance.  Policy options are:
    • None – Do nothing
    • Quarantine – Set the email aside in a Quarantine type folder.  Sometimes this is a Spam or Junk folder, sometimes this gets placed in a Quarantine spot the administrator can examine.
    • Reject – Dump the email to trash. A reject policy is required by the Department of Homeland Security and to use the BIMI image standard.
  • Specify a % of email to obey the Policy.  The rest will be treated as in a None policy.
Policy as a % of DMARC % ofDomains
Agency Type% DMARCNoneQuarantineRejectReject
City13.1%56.6%24.5%13.8%1.8%
County20.7%52.8%25.8%19.7%4.1%
Federal Agency – Executive90.4%2.8%1.4%93.6%84.6%
Federal Agency – Judicial17.4%50.0%25.0%25.0%4.3%
Federal Agency – Legislative13.2%40.0%13.3%46.7%6.1%
State12.0%57.4%14.0%24.0%2.9%

The Executive Branch with 90% DMARC adoption is well out in the lead, again owing to Department of Homeland Security requirements.  Unfortunately, all other agencies are dangerously behind, risking their email deliverability.  In our recent case studies, we found that improving DMARC compliance can dramatically improve email open rates and click through rates.  If government agencies want to connect with constituents, they need to adopt DMARC as soon as possible.

Fraud and Phishing Protection

Ultimately, to protect your recipients from Fraud and Phishing using your domain, you need to adopt a strict Reject DMARC policy.  A Reject policy tells the inbox provider to completely reject email that does not pass SPF, DKIM and DMARC checks.  Unless they gain access to your servers or the servers of your legitimate senders, fraudsters’ emails will be blocked by a DMARC Reject policy.  While getting to a DMARC Reject policy requires careful management and attention to prevent legitimate email from being blocked, the benefit of protecting your email, your brand and your customers outweighs the complexity and cost.   

Taken as a whole, Government agencies are woefully inadequate in their support for DMARC reject policies and guarding their email from fraud and phishing.  Particularly troubling are the state, county and city governments with low single digit support.  Government agencies need to be a trusted source of information.  Unfortunately, with their current DMARC configurations, the domains of government agencies are at tremendous risk of being used in fraud and phishing attacks.

How can you or governments adopt DMARC?

Any domain owner must adopt SPF and DMARC immediately.  When adopting DMARC, it pays to invest in an email delivery management platform that can help you analyze your email senders, manage the quality of your senders and help you obtain a DMARC Reject policy that does not limit legitimate email. Without analyzing the SPF, DKIM and DMARC compliance of your email, both legitimate and fraudulent, you will not be able to protect your email deliverability.  

MxToolbox Delivery Center

To maintain the highest levels of email deliverability, businesses like yours need a proven Email Delivery management system like MxToolbox Delivery Center.  Delivery Center provides you with valuable insight into your email delivery posture and the ongoing maintenance necessary to maintain peak performance:

  • Manage SPF, DKIM, and DMARC (and BIMI) to improve compliance and reduce the threat of fraud and phishing using your domain.
  • Review daily volume and SPF, DKIM, and DMARC compliance rates to ensure the best email deliverability.
  • Implement Feedback Loops to gain unique information on how your recipients view your emails and when they mark you as spam.
  • Gradually move your DMARC policy to Reject to enable better inbox placement opportunities.
  • Manage the on-going requirements of maintaining high levels of email deliverability

Blacklisted? Get DMARC

Blacklisting is the oldest form of spam protection.  Inbox Providers keep a list of IP addresses and domains that recently sent spam and block them from the inbox.   Blacklisting eventually evolved to include 3rd parties maintaining and selling blacklists derived from spam traps, honey pots, and lists gathered from multiple inbox providers.  As an email sender, being blacklisted is a sign that you are not adequately managing your email delivery posture.  But, blacklisting is not the only way Inbox Providers protect their users from spam.  Increasingly, Inbox Providers are using technologies like SPF, DKIM and DMARC to make inbox delivery decisions.

DMARC Helps Prevent Blacklisting

Your IP addresses and Domain can be blacklisted for many reasons:

  • Spam appears to be coming from your IP addresses or Domain
  • Sending too much email from a single IP address
  • Sending email from an IP address that also sends spam
  • Email recipients marking too much email from your Domain as spam
  • Improper Forwarding
  • Domain included in Fraud and Phishing emails
  • Using spammy wording in your email content

With the right DMARC setup, you can almost completely block spammers from spoofing your domain, or using it in spam, fraud and phishing emails.  Adopting DMARC would then eliminate three reasons why your Domain could be blacklisted, dramatically improving your email delivery posture and helping you get your business message to your intended audience.

DMARC Might be More Important than Blacklisting

Blacklisting was once the first line of defense.  Now, Inbox Providers are increasingly using more complex algorithms to determine the quality of the email they deliver to inboxes.  These algorithms weigh content, blacklisting, DMARC and other factors to determine placement in the Inbox, Junk/Bulk/Spam Folder or simply dump the email entirely.  In the new algorithms, DMARC configuration might weigh more heavily than Blacklisting.  

Since DMARC depends upon two other technologies, SPF and DKIM, DMARC setup requires more time and attention to setup.  This means your team cares about email delivery management and is more active in the management process.  Inbox providers like Gmail, Yahoo! and Outlook.com have begun to prioritize DMARC compliant email.

Blacklists are simple and fallible.  A legitimate email can put a company on a blacklist if it falls into a honey pot or gets reported as spam by enough email recipients.   In addition, many companies use 3rd party emailers with large IP address blocks.  These mass emailers rotate through the IP addresses when sending email for all their clients.  Not only could your email be sent from the same IP address as many other businesses, but that IP address could be blacklisted because of the other companies’ content.   Inbox Providers know the limitations to blacklisting and the benefits of DMARC and their proprietary algorithms reflect this, making DMARC adoption a business requirement.  Even if you are blacklisted, DMARC can help you reach the inbox.

How does DMARC work?

Adopting DMARC gives you the ability to do three important things:

  1. Get feedback on how much of your email is passing SPF, DKIM and DMARC checks
  2. Get forensic examples of failed emails
  3. Set a policy for how Inbox Providers handle email that fails DMARC checks

Feedback on email allows you to identify SPF and DKIM configuration issues with legitimate senders, improve these configurations and identify illegitimate senders which may be fraud or phishing threats.  Once you have corrected your configuration issues for legitimate email senders, you can change your DMARC policy to instruct Inbox Providers to Reject email that fails SPF, DKIM and DMARC checks.  DMARC Reject policies give Inbox Providers comfort that you are actively managing your outbound email.

MxToolbox Delivery Center

To maintain the highest levels of email deliverability, businesses like yours need a proven Email Delivery management system like MxToolbox Delivery Center.  Delivery Center provides you with valuable insight into your email delivery posture and the ongoing maintenance necessary to maintain peak performance:

  • Manage SPF, DKIM, and DMARC (and BIMI) to improve compliance and reduce the threat of fraud and phishing using your domain.
  • Review daily volume and SPF, DKIM, and DMARC compliance rates to ensure the best email deliverability.
  • Implement Feedback Loops to gain unique information on how your recipients view your emails and when they mark you as spam.
  • Gradually move your DMARC policy to Reject to enable better inbox placement opportunities.

Email Deliverability in the Travel Industry

Traveling is one of the most enjoyable experiences a person can have and is a widely popular leisure activity.  Travel is also a risky endeavor, requiring careful planning and sometimes last minute itinerary changes especially in business travel.  Lodging and airfare are typically the most expensive pieces of the budget, so you want partners you can depend upon to inform you of confirmations and itinerary changes in a timely manner.  But, can you trust the emails that come from these airline partners?

DMARC Creates Trusted Senders

DMARC is a requirement for trusted email communication.  An email from a sender with DMARC properly configured to a strict “Reject” policy can be trusted.  Without a “reject” policy, a sending company could easily be spoofed by a fraudster and have that email accepted by inbox providers.  Adopting DMARC protects the email recipient and the corporate brand.

DMARC Adoption in the Airline Industry

Trusting email correspondence from your airline is an important part of enjoying your travel experience.  If an airline domain can be easily compromised by fraudsters, your travel plans are at risk.  Unfortunately, email hygiene and DMARC adoption rates are low among airlines.

MxToolbox’s September 2020 study uncovered the following concerns about airlines ability to deliver emails to their travellers:

  • 8% of airlines sending IP addresses are blacklisted, meaning that email from these domains could be blocked from your email entirely.  Good luck getting that flight update.
  • Only 40% of airline domains have adopted DMARC.  Email delivery from the other 60% of airline domains is at high risk for fraud and phishing and may be more likely to end up in the Junk folder than the Inbox.
  • Only 14% of airlines are using Strict DMARC policies (7% Reject, 7% Quarantine).  The remaining companies are at high risk of being used for fraud and phishing.
  • Only 1 Airline has deployed BIMI to display their logo in the recipients inbox. BIMI gives an extra level of assurance that the sender is legitimate and reinforces the corporate brand.

Protecting Your Brand with DMARC

To maintain the highest levels of email deliverability, businesses like yours (and these airlines) need a proven Email Delivery management system like MxToolbox Delivery Center.  Delivery Center provides you with valuable insight into your email delivery posture and the on-going maintenance necessary to maintain peak performance:

  • Leverage our unique Adaptive Blacklist Monitoring to manage the email reputation of all your senders.
  • Manage SPF, DKIM and DMARC (and BIMI) to improve compliance and reduce the threat of fraud and phishing using your domain.
  • Review daily volume and SPF, DKIM and DMARC compliance rates to ensure the best email deliverability.
  • Implement Feedback Loops to gain unique information on how your recipients view your emails and when they mark you as spam.

Deliverability and Send Time Optimization

Several Email Service Providers, Bulk Email Senders, and Email Inbox Providers are offering a new type of service that promises to get your emails in front of your recipients at the top of the inbox and therefore increase your open and click-through rates. Does Send Time Optimization affect your email deliverability?

What Is Send Time Optimization (STO)?

Send Time Optimization, and a similar technology called View Time Optimization, uses artificial intelligence to analyze your email recipients email opening habits and times your emails to arrive just before the user would view or open their email box. The general pitch is that being the top email or first email a user sees improves the open rate and better open rates yields better click-through rates and purchases.

Does it work?

STO is attempting to predict when a customer will actually check email and open the emails in their inbox, while VTO is provider side technology to delay email delivery until the moment the inbox is checked. Marketing claims for STO/VTO range from improving open rates by 2% to 4x and click-through rates by 2% to 2x Note, improving open rates by 4x is ludicrous if your open rates are near the industry average 21%, so beware of what you are buying into. However, it seems reasonable that being top of the inbox would invoke a improved email metrics, especially in use cases that are geared toward re-engaging with a past customer.

Is STO Worth the Cost?

That really depends on your existing email delivery management posture. There are many options that can dramatically improve your email deliverability and therefore your open rates for less, and some techniques your should be doing before enlisting in an optimization service. Here are a few of our recommendations:

  • Slow your roll – Reduce the number of emails you send to your customers. Consumer email fatigue is a real thing that creates passive unsubscribe behavior, reducing your open and click-through rates. One company realized that four different product marketers were sending a weekly email blast about six different products all targeting senior executives. Combined with weekly newsletters and nurturing campaigns, webinar requests, etc. these prospects were massively turned off to the marketing message before they even read it. Open rates will suffer if you stuff the inbox so reducing the number of times you email someone is in your best interest.
  • Clean out your rolodex – Okay, really, clean up your contact lists. If someone has not opened an email in six months, unsubscribe them! They aEre no longer interested. Continuing to send to an out of date contact obscures what your real open rates really are.
  • Improve your content – Too often email marketers are inside-out, focusing on their product or solution without regard to the actual user or buyer. Your email marketing content should be outside-in: engaging and interesting enough for your users to open, read, and examine your offer. Also, it’s time to evaluate your subject lines, are they gimmicky and spammy? You could be turning off your audience, even if the email isn’t blocked as spam.
  • AB Test your pitches – Relying on old, out-of-date pitches can lower your open rates over time. Periodically AB testing new pitches forces you to reevaluate your marketing and may give new life to existing prospects, increasing open rates and click-throughs.
  • Improve your Email Deliverability Posture – Adopting new technologies like SPF, DKIM and DMARC can dramatically improve email open rates by increasing the amount of your email that actually makes it to the inbox. A recent MxToolbox customer saw a 2% rise in open rates in the first few months just by improving DMARC compliance.

MxToolbox Delivery Center allows you to peer beneath the surface of the iceberg and see the the hidden issues affecting your email delivery – Blacklisting, SPF Failures, missing DKIM signatures, low DMARC compliance, etc. Only with a tool like Delivery Center can you really understand and manage your email deliverability.

Our Recommendation

STO is a valuable technology, but works best when your email deliverability is already at its best. The more you can do to improve your delivery rates before taking advantage of STO, the more value STO will have for you.