On the Way to Inbox: Email Authentication and Infrastructure

Email Authentication and Infrastructure

When you watch the news, all you see is a host delivering to you well-structured, skillfully presented information. But you know that behind that host stands a whole team of professionals who prepare the story. So when your recipient receives an email he/she sees the great attention-grabbing letter. But what mechanism tirelessly works in the background?

What is an Email Infrastructure?

Email infrastructure is the technical part of your email sending program which goes on behind the scenes and helps deliver the messages to the user’s Inbox if set up properly.

Sending infrastructure refers to the domains and IP addresses of the servers you’re sending emails from, and email authentication refers to the methods you use to prove that an email sent by you is really coming from you.

A properly configured sending infrastructure and authentication greatly increase your ability to deliver the messages to the Inbox.

Below are the most important things in the sending infrastructure and sender authentication you should take into account.

Shared IP Address

A shared IP address is a domain that is used by multiple senders. It is like a business center with many companies in it. Nowadays shared IP addresses are pretty common, so let’s look at pro’s and con’s that you should consider:

  • Cost. Shared IPs are inexpensive because the provider spreads the fee between all the domain users.
  • Sending volume. With a shared IP, you don’t have to worry about how many emails you send on a regular basis because the owner can always maintain the needed level with the help of other users as well.
  • Reputation. Unfortunately, you don’t have control over the reputation of the server. Even though reputation is crucial for email marketing, you can end up in a spam folder because someone else’s behavior on that same server was malicious. Just like in the business center, you can keep your office nice and clean, but you can’t control the actions and behaviors of other companies.

Dedicated IP Address

Now, a dedicated IP address belongs only to you, you are the only sender from this IP. Just like the office space, suitable for big corporations like Apple or Google – a big place of their own. Even though it has some obvious advantages compared with shared IP, there are downsides as well. Let’s look at both:

  • Cost. Obviously, if the place is all yours the cost will be higher. First, you pay for acquiring and setting up the IP, and then regularly for the maintenance.
  • Sending volume. Since you will be the sole owner, the amount of emails matters. Low volumes will hurt the reputation, so you should consider if you are actually big enough for a dedicated IP.
  • Reputation. It becomes only your responsibility. No-one else can affect it, so you can concentrate on achieving the maximum of your potential.

Should I Choose a Shared or Dedicated IP Address?

The main criterion for making a decision is your size. If you are a large volume sender (sending more than 500,000 messages per month) and want to have complete control over your sender’s IP reputation, then you need to go with a dedicated IP address or even a few dedicated IP addresses.

If you are a small sender (sending fewer than 50,000 messages per month), you are good to stay with shared IP addresses. However, you should keep in mind that the IP reputation and your ability to send to the Inbox would be impacted by all the users sharing the IP address.

Many lower volume senders switch to a dedicated IP address with the email service provider to control their reputation.

What is IP Address Warm Up

Let’s analyze what it is and why you need it. Most certainly when you go to the gym, you do a warm-up: develop some heat in the muscles, do a little stretching, otherwise there is a big chance you will hurt yourself.

If you get a new dedicated IP address and headfirst send a million emails from it, you’re going to run into a lot of issues (spam folder placements, IP blacklisting, bad reputation, etc.). It is extremely difficult to recover the reputation of the IP.

Thus, when you get a new dedicated IP address, you need to take your time and warm it up. The warm-up process means that you start sending small volumes slowly increasing the amount until you reach the desired quantity per day.

The warm-up process helps to show yourself as a consistent sender and build a reputation for your IP. It is recommended to send emails to your most active recipients during the warm-up process. Positive user engagement will add more points to your reputation.

Make sure that you have your bounce handling process in place. Monitor your bounced emails and user complaints. When your bounce rate and/or complaint rate goes up, stop sending, re-check your email list for validity and revise your email program to continue sending relevant emails.


How to Warm up an IP Address

Read this 11-page whitepaper to learn why and how to warm up your new IP
and make sure you’re doing it right.

 Download PDF


Email Segmentation by IP Address

Large email senders should get a few dedicated IP addresses and segment their mail streams by the IP, i.e. send transactional and marketing emails from different IP addresses. These types of messages typically have different engagement, thus different IP will have different reputations.

The reputation of the IP for marketing emails which is typically lower will not affect the deliverability of transactional messages.

Companies with multiple brands can use a dedicated IP for each brand and, moreover, segment the marketing and transactional email streams under each brand by different IP to provide detailed reputation reporting.

You might also consider using a different IP address for sending reactivation email campaigns. Reactivation campaigns used to have the worst deliverability and highest user complaint rates.

If you are in charge of sending such a campaign, consider splitting your list and sending just a few hundred emails at a time (or per hour) from a different IP instead of pulling a large one-time campaign to protect your primary domain/IP address.

Switching IP Addresses

Getting a new IP address is not the solution to your email deliverability problems. It can help for some time but if you keep following bad sending practices, you’ll still have email deliverability issues.

Moreover, sending similar content from the same domain but different IP addresses is a tactic used by spammers. Mailbox providers will see this and may block your messages at the gateway.

Domain Reputation

Aside from your IP reputation your sender domain also has a reputation.

What is a Domain Reputation?

It is a score assigned to your domain and it’s as important as the reputation of your IP address. If the emails sent from your domain cause a negative user engagement, the reputation of the IP address won’t matter and the messages may be filtered by mailbox providers. Domain reputation can’t be built overnight, it takes time to establish one. You have to be careful and consistent in your sending habits.

Domains in the message body do matter too. A single link to an unreputable website placed in the body of your email could prevent it from landing in the Inbox. You’ll want to make sure that you’re linking only to trusted sites and ideally, only those that you control.

Of course, many marketers want to know how to check domain reputation. Unfortunately, most mailbox providers don’t allow the senders to check their domain reputation. It is assessed internally and is not disclosed. But Google provides such data in their postmaster tools. If you have a high spam placement rate with Google, start the investigation process by analyzing the data about your sender domain and IP in the Google postmaster.

To improve your domain reputation the golden rule is to follow the best practices. Keep your engagement rate as high as possible, keep the emailing list clean by deleting inactive recipients and using segmentation, send relevant content so that the unsubscribing rate wasn’t high.

Blacklists

There are dozens of blacklists out there. Most blacklists will list your IP address or sending domain if they see a high number of spam complaints, spam trap hits, or both.

Simply because your IP or domain is on a blacklist doesn’t necessarily mean that your deliverability suffers. Major mailbox providers use the signals from Spamhaus to determine whether or not they should filter the emails from the sender.

If you’re interested in knowing if you’ve been blacklisted or not, do the IP blacklist check with GlockApps.

The GlockApps spam testing tool will check each of your sender’s IP and your domains (including the domains in the email body and redirects) against 50+ blacklists and show you the listings.

Email Authentication and Infrastructure

To determine whether or not blacklists impact your deliverability, look at your bounce email messages. If a message is blocked due to a listing, the bounce error description will show the messages like below

5.7.1 554 5.7.1 Service unavailable; Client host [xx.xxx.x.xx] blocked using
dnsbl.sorbs.net; Currently Sending Spam
See: http://www.sorbs.net/lookup.shtml?xx.xxx.x.xx

5.7.1 554 5.7.1 Service unavailable; Client host [xx.xxx.x.x] blocked using
multi.uribl.com; 127.0.0.1 -> Query Refused. See http://uribl.com/refused.shtml

5.7.1 554 5.7.1 Service unavailable; Client host [xx.xxx.x.xx] blocked using
zen.libranosdelspam.com; SORBS - Currently Sending Spam

Going with the de-listing procedure makes sense if you use a dedicated IP address. If you are on shared IP, your email service provider which controls the IP should take care of it.

With the tool like GlockApps Bounce Tracker, you can receive advanced bounce email analytics for each sender, provider, bounce type, and reason, and quickly find out the weak sides of your email program.

What is Email Authentication?

Email authentication is a set of tools that are used to prove that the email is sent by you and is not falsified. Mostly it is used to stop malicious content on its way to the recipient, and it is kind of your ticket to the recipient’s mailbox.

How to Authenticate Email

There are different methods to authenticate messages. Ideally, you must implement all of them to show mailbox providers that the message really comes from you and that it wasn’t altered in the transmit. Messages that passed authentication checks have much more chances to be delivered to the Inbox.

  • SPF stands for Sender Policy Framework. It is a domain name system (DNS) record that indicates the IP addresses which are allowed to send emails from your domain.
  • DKIM stands for Domain Keys Identified Mail. A DKIM signature ensures that the message that arrives at the mailbox provider is identical to the message that you sent.

    DKIM protects the message against a malicious alteration in transit, and it is very important for the reputation and deliverability because a valid DKIM record means that the sender takes responsibility for the content they send and the recipient who they send it to. Email messages without a valid DKIM signature are very unlikely to land in the inbox.

  • DMARC stands for Domain-based Message Authentication, Reporting & Conformance. The purpose of this authentication method is to tell mailbox providers what you want them to do with an email that didn’t pass the SPF and DKIM checks: allow it, filter it to spam, or reject it.

Having these email authentication methods in place is an important step in building trust between you and mailbox providers.

Read more: Email Authentication: the Ultimate Guide

To test whether your SPF, DKIM and other email authentication records are properly set up, run a spam test with the GlockApps spam testing tool.

Email Authentication and Infrastructure

FBL Signup

Most major mailbox providers offer feedback loop service (FBL). After you signup with FBL, the mailbox providers will let you know when recipients report your messages as spam. According to best email practices, you must immediately remove the email addresses of spam reporters from your active mailing lists.

Repetitive sending to the recipients who sent a spam complaint telling you that they don’t want to receive your messages anymore is extremely harmful to your sender reputation.

Email service providers automatically handle spam complaints and suppress the corresponding users’ email addresses from the mailings. If you send using your own SMTP server, then it is highly recommended that you signup for feedback loops with the mailbox providers that offer this service to have better control over your mailing lists, reputation, and deliverability.

Email Address Setup

Your “From” email address and “Reply-To” email address must be valid mailboxes being able to receive emails. This allows a recipient to reply without a failure message.

You’ll want to setup a domain and use the “From” and “Reply-To” email addresses on your own domain. Sending marketing emails from a free domain such as @gmail.com or @hotmail.com is a bad practice as it does not create a recognition of your brand with your recipients and doesn’t entice them to open your message.

Branded “From” name and email address make the recipients recognize the email sender faster, increase the likelihood of an open, and help build a better sender reputation. Here you can read more about email branding and its role for deliverability.

Email Authentication and Infrastructure

Your sending domain must have a valid mail exchanger (MX) record. If it doesn’t, some mailbox providers can block your message.

If you send emails via your SMTP server, it is highly recommended that you create a special mailbox to receive bounce emails, for example, bounce@yourdomain.com. Some mailbox providers will still send bounce email notifications to your “From” address. So, you should be monitoring both “From” and “Return” email addresses for bounce messages in order to suppress hard bounce addresses from your mailing lists.

Many mailbox providers require that you have the abuse@yourdomain.com and postmaster@yourdomain.com email addresses set up on your sending domain in order to get access to their feedback loops. These email addresses are also common destinations where mailbox providers that don’t provide the FBL service send user complaints. So, not only should you set up the abuse@ and postmaster@ email addresses, you should be monitoring them and address any reports of unsolicited emails.

From the other side, as abuse@, postmaster@, feedback@, hostmaster@ and a few others are considered as role accounts, sending anything other than abuse reports to such email accounts is a substantially bad practice. You should be removing role email accounts on any domain from your active mailing lists to ensure the compliance with the best email sending practices.

Bottom Line

Mailbox providers aim to protect their users from unsolicited email traffic and look at many things to decide whether to deliver the message to Inbox, filter it or block it at a gateway. Email deliverability is never guaranteed, but a proper email sending infrastructure and email authentication are two data points that contribute to your sender reputation and help you protect your brand.

GlockApps Spam Testing for Marketers and Agencies

GlockApps Spam Testing

Test your email placement

Scan your emails through all the major spam filters before you send.

Improve your deliverability

Get actionable tips for improving your delivery rate for every email you send.

Increase your revenue

Improve your overall email performance by ensuring more emails are being delivered.

Avatar

AUTHOR BIO

Julia Gulevich is an email marketing expert and customer support professional at GlockSoft LLC with more than 15 years of experience. Author of numerous blog posts, publications, and articles about email marketing and deliverability.