On the Way to Inbox: Email Authentication and Infrastructure
Email infrastructure is the technical part of your email sending program which goes on behind the scenes and helps if set up properly, deliver the messages to the user’s Inbox.
Sending infrastructure refers to the domains and IP addresses of the servers you’re sending emails from, and email authentication refers to the methods you use to prove that an email sent by you is really coming from you.
A properly configured sending infrastructure and authentication greatly increase your ability to deliver the messages to the Inbox.
Below are the most important things in the sending infrastructure and sender authentication you should take into account.
Shared vs. Dedicated IP Address
If you are a large volume sender (sending more than 500,000 messages per month) and want to have complete control over your sender’s IP reputation, then you need to go with a dedicated IP address or even a few dedicated IP addresses.
If you are a small sender (sending fewer than 50,000 messages per month), you are good to stay with shared IP addresses. However, you should keep in mind that the IP reputation and your ability to send to the Inbox will be impacted by all the users sharing the IP address.
Many lower volume senders switch to a dedicated IP address with the email service provider in order they can control their reputation.
IP Address Warm-Up
If you get a new dedicated IP address and send a million emails from it, you’re going to run into a lot of issues (spam folder placements, IP blacklisting, bad reputation, etc.). It is very very difficult to recover the reputation of the IP.
Thus, when you get a new dedicated IP address, you need to take your time and warm it up. The warm-up process means that you start sending small volumes slowly increasing the volume until you reach the desired volume per day.
The warm-up process helps to show yourself as a consistent sender and build a reputation for your IP. It is recommended to send emails to your most active recipients during the warm-up process. Positive user engagement will add more points to your reputation.
Make sure that you have your bounce handling process in place. Monitor your bounce emails and user complaints. When your bounce rate and/or complaint rate goes up, stop sending, re-check your email list for validity and revise your email program to continue sending relevant emails.
How to Warm up an IP Address
Read this 11-page whitepaper to learn why and how to warm up your new IP
and make sure you’re doing it right.
Email Segmentation by IP Address
Large email senders should get a few dedicated IP addresses and segment their mail streams by the IP, i.e. send transactional and marketing emails from different IP addresses. These types of messages typically have different engagement, thus different IP will have different reputations.
The reputation of the IP for marketing emails which is typically lower will not affect the deliverability of transactional messages.
Companies with multiple brands can use a dedicated IP for each brand and, moreover, segment the marketing and transactional email streams under each brand by different IP to provide detailed reputation reporting.
You might also consider using a different IP address for sending reactivation email campaigns. Reactivation campaigns used to have the worst deliverability and highest user complaint rates.
If you are in charge of sending such a campaign, consider splitting your list and sending just a few hundred emails at a time (or per hour) from a different IP instead of pulling a large one-time campaign to protect your primary domain/IP address.
Switching IP Addresses
Getting a new IP address is not the solution to your email deliverability problems. It can help for some time but if you keep following bad sending practices, you’ll still have email deliverability issues.
Moreover, sending similar content from the same domain but different IP addresses is a tactic used by spammers. Mailbox providers will see this and may block your messages at the gateway.
Like the IP address, your sender domain has a reputation, and it’s as important as the reputation of your IP address. If the emails sent from your domain cause a negative user engagement, the reputation of the IP address won’t matter and the messages may be filtered by mailbox providers.
Domains in the message body do matter too. A single link to an unreputable website placed in the body of your email could prevent it from landing in the Inbox. You’ll want to make sure that you’re linking only to trusted sites and ideally, only those that you control.
Most mailbox providers don’t allow the senders to check their domain reputation with them. It is assessed internally and is not disclosed. But Google provides such data in their postmaster tools. If you have a high spam placement rate with Google, start the investigation process by analyzing the data about your sender domain and IP in the Google postmaster.
There are dozens of blacklists out there. Most blacklists will list your IP address or sending domain if they see a high number of spam complaints, spam trap hits, or both.
Simply because your IP or domain is on a blacklist doesn’t necessarily mean that your deliverability suffers. Major mailbox providers use the signals from Spamhaus to determine whether or not they should filter the emails from the sender.
If you’re interested in knowing if you’ve been blacklisted or not, do the IP blacklist check with GlockApps.
The GlockApps spam testing tool will check each of your sender’s IP and your domains (including the domains in the email body and redirects) against 50+ blacklists and show you the listings.
To determine whether or not blacklists impact your deliverability, look at your bounce email messages. If a message is blocked due to a listing, the bounce error description will show the messages like below
5.7.1 554 5.7.1 Service unavailable; Client host [xx.xxx.x.xx] blocked using
dnsbl.sorbs.net; Currently Sending Spam
5.7.1 554 5.7.1 Service unavailable; Client host [xx.xxx.x.x] blocked using
multi.uribl.com; 127.0.0.1 -> Query Refused. See http://uribl.com/refused.shtml
5.7.1 554 5.7.1 Service unavailable; Client host [xx.xxx.x.xx] blocked using
zen.libranosdelspam.com; SORBS - Currently Sending Spam
Going with the de-listing procedure makes sense if you use a dedicated IP address. If you are on shared IP, your email service provider which controls the IP should take care of it.
With the right tool like GlockApps Bounce Monitor, you can receive advanced bounce email analytics for each sender, provider, bounce type, and reason, and quickly find out the weak sides of your email program.
There are different methods to authenticate messages. Ideally, you must implement all of them to show mailbox providers that the message really comes from you and that it wasn’t altered in the transmit. Messages that passed authentication checks have much more chances to be delivered to the Inbox.
SPF stands for Sender Policy Framework. It is a domain name system (DNS) record that indicates the IP addresses which are allowed to send emails from your domain.
DKIM stands for Domain Keys Identified Mail. A DKIM signature ensures that the message that arrives at the mailbox provider is identical to the message that you sent.
DKIM protects the message against a malicious alteration in transit, and it is very important for the reputation and deliverability because a valid DKIM record means that the sender takes responsibility for the content they send and the recipient who they send it to. Email messages without a valid DKIM signature are very unlikely to land in the inbox.
DMARC stands for Domain-based Message Authentication, Reporting & Conformance. The purpose of this authentication method is to tell mailbox providers what you want them to do with an email that didn’t pass the SPF and DKIM checks: allow it, filter it to spam, or reject it.
Having these email authentication methods in place is an important step in building trust between you and mailbox providers.
For more information, check out this post Email Authentication: the Ultimate Guide
To test whether your SPF, DKIM and other email authentication records are properly set up, run a spam test with the GlockApps spam testing tool.
Most major mailbox providers offer feedback loop service (FBL). After you signup with FBL, the mailbox providers will let you know when recipients report your messages as spam. According to best email practices, you must immediately remove the email addresses of spam reporters from your active mailing lists.
Repetitive sending to the recipients who sent a spam complaint telling you that they don’t want to receive your messages anymore is extremely harmful to your sender reputation.
Email service providers automatically handle spam complaints and suppress the corresponding users’ email addresses from the mailings. If you send using your own SMTP server, then it is highly recommended that you signup for feedback loops with the mailbox providers that offer this service to have better control over your mailing lists, reputation, and deliverability.
Email Address Setup
Your “From” email address and “Reply-To” email address must be valid mailboxes being able to receive emails. This allows a recipient to reply without a failure message.
You’ll want to setup a domain and use the “From” and “Reply-To” email addresses on your own domain. Sending marketing emails from a free domain such as @gmail.com or @hotmail.com is a bad practice as it does not create a recognition of your brand with your recipients and doesn’t entice them to open your message.
Branded “From” name and email address make the recipients recognize the email sender faster, increase the likelihood of an open, and help build a better sender reputation. Here you can read more about email branding and its role for deliverability.
Your sending domain must have a valid mail exchanger (MX) record. If it doesn’t, some mailbox providers can block your message.
If you send emails via your SMTP server, it is highly recommended that you create a special mailbox to receive bounce emails, for example, firstname.lastname@example.org. Some mailbox providers will still send bounce email notifications to your “From” address. So, you should be monitoring both “From” and “Return” email addresses for bounce messages in order to suppress hard bounce addresses from your mailing lists.
Many mailbox providers require that you have the email@example.com and firstname.lastname@example.org email addresses set up on your sending domain in order to get access to their feedback loops. These email addresses are also common destinations where mailbox providers that don’t provide the FBL service send user complaints. So, not only should you set up the abuse@ and postmaster@ email addresses, you should be monitoring them and address any reports of unsolicited emails.
From the other side, as abuse@, postmaster@, feedback@, hostmaster@ and a few others are considered as role accounts, sending anything other than abuse reports to such email accounts is a substantially bad practice. You should be removing role email accounts on any domain from your active mailing lists to ensure the compliance with the best email sending practices.
Mailbox providers aim to protect their users from unsolicited email traffic and look at many things to decide whether to deliver the message to Inbox, filter it or block it at a gateway. Email deliverability is never guaranteed, but a proper email sending infrastructure and email authentication are two data points that contribute to your sender reputation and help you protect your brand.
GlockApps Spam Testing for Marketers and Agencies
Scan your emails through all the major spam filters before you send.
Get actionable tips for improving your delivery rate for every email you send.
Improve your overall email performance by ensuring more emails are being delivered.