Email Delivery Basics: 3 Fundamental Email Concepts Explained
In this post, I give a little bit of theory about email delivery so that you can get a general idea about email concepts, good and bad sending habits, and email spam checker tools you can use to monitor your reputation and deliverability and determine possible causes of deliverability issues if they happen.
To make it easy to read and comprehend, I broke it down into three chapters:
- Legal Requirements
- Sender Reputation
- Feedback Loops
- Decline Policy
- Monitoring Tools
- Spam Traps
- Right Message
- Right Person
- Right Time
- Right Frequency
1. Email Base.
CAN-SPAM is a US legislation that protects consumers for email marketing, transactional and other types of emails the consumer wants to receive. CAN-SPAM stands for “controlling the assault of non-solicited pornography and marketing”.
Some of the requirements to comply with CAN-SPAM are:
no false or misleading header information;
no deceptive Subject lines;
identify the message as an advertisement;
provide the location of the business or physical address at the bottom of the message;
inform the recipients how to opt-out from future messages by adding the unsubscribe;
link or link to the preference center;
honor opt-out requests promptly;
monitor messages sent on your behalf so all people sending emails on behalf of your brand are following the same requirements.
CAN-SPAM does not require that senders have permission to send mail, but sending mail without permission to recipients in jurisdictions with opt-in rules such as Europe or Canada may open up the sender to legal liability.
CASL, Canadian anti-spam legislation, has these requirements where the sender must:
have the recipients’ consent to send messages to them;
clearly identify the sender of the message;
provide the recipient with a way to contact the sender;
provide a functioning unsubscribe process;
track and store the type of opt-in, an example of the signup page, date of opt-in, and connecting IP address.
Almost every country has email legislation to protect the recipients, and most of them require an operational unsubscribe link, processing of unsubscribe requests within a reasonable amount of time (typically 10 business days or less), and physical address of the organization sending the email.
And in many countries, senders must have permission to send marketing and commercial email:
Argentina — Explicit consent is required. Argentina has a public do not contact list — the DNPDP — that must be honored.
Australia — Explicit consent is a must. Australia has very strong laws regarding permission and data privacy. Australian ISPs are very responsive to consumer issues.
Belgium — Opt-in is required and the sender is responsible for refer-a-friend consent and managing those opt-outs, making this practice dangerous.
Finland — All marketing messages must be clearly marked as advertisements. Plus, Finnish law requires that senders store the date of subscription and IP address the subscription was made from.
France — Consent is required for e-mailing. French ISPs historically accept fewer connections making email delivery times slower.
Germany — Strong laws requiring opt-in. If a recipient opts out of a mailing, all data must be erased from the sender’s database.
Hong Kong — Expressed consent is required and it must be different from T&C acceptance. Consent must be clearly differentiated and easy to understand.
Italy — Prior consent required for marketing messages. End-user consent is required for cookie use and senders must disclose if any data will be shared with a 3rd party.
Netherlands — Pre-checked boxes are not allowed as a model of consent.
Russia — There are no current electronic privacy laws. Russian ISP such as mail.ru can be challenging. Having a local presence is very helpful.
Spain — Maintains a government “do not mail” list.
Japan — All emails must contain clear and visible information for the sender’s name and title and the correct address for an opt-out (must be at the top of the email). The sender’s address and phone number must also be displayed.
Canada — The Canadian Anti-Spam Legislation (CASL for short) took effect July 1, 2014. The full provisions roll out over three years. Explicit permission and private right of action are the most important measures.
Singapore — All messages must contain an unsubscribe link, phone number, and postal address. This information must be in English. Unsubscribes must be handled within 10 days.
Authentication allows the mailbox provider to confirm that the sender is the one who he pretends to be.
There are four primary methods of authentication:
- DKIM is DomainKeys Identified Mail. This is what the recipient uses to determine that the message has not been altered in transmission. So, the public key and private key have to match to ensure that nothing happened to the message in transit.
- SPF is Sender Policy Framework which states which IPs are authorized to be sending on behalf of the “From” domain and allows the receiver’s host to verify that the email is being sent from the server it asserts it’s sent from.
- Reverse DNS which implies determining what host and domain name belong to a given IP address. If a Reverse DNS Lookup returns a “no domain associated”, then the email will likely bounce to the sender, or will be deleted or filtered.
- DMARC is Domain-Based Message Authentication, Reporting, and Conformance. DMARC ensures that the legitimate email is properly authenticating against established DKIM and SPF standards and that fraudulent activity appearing to come from domains under the organization’s control (active sending domains, non-sending domains, and defensively registered domains) is blocked.
DMARC allows you to use policies to protect your brand and email. The policy you select in your DMARC record will tell the participating recipient mail server what to do with mail that doesn’t pass SPF and DKIM but claims to be from your domain that contains the DMARC record.
There are three policies you can set: p=none, p=quarantine, and p=reject.
“p=none” tells the receiver to perform no actions against unqualified mail, but still send email reports to the mailto: in the DMARC record for any infractions.
“p=quarantine” tells the receiver to quarantine the message that does not pass the authentication. Quarantine means “set aside for additional processing”.
“p=reject” tells the receiver to completely deny any unqualified mail for the domain. With this enabled, only mail that is verified as 100% being signed by your domain will even have a chance to get to the Inbox. Any mail that does not pass is blackholed, not bounced, so there’s no way to catch false positives.
The reports of any policy that you set up allow you to see what other IPs are using or abusing your brand.
Here you can read the ultimate guide about email authentication.
Sender reputation involves monitoring the reputation of your IP address and sending domain: who is using the domain on your behalf, shared IP or dedicated IP, and what impact that can have on your reputation.
All the ISPs do correlate your reputation back to engagement, sending domain, and sending IP.
The factors that determine your sender reputation (and consequently impact your email deliverability) are:
- how often your server sends email messages to invalid email addresses;
- how many recipients mark your emails as spam;
- how many email messages you sent from that IP address;
- whether or not your server’s IP address is blacklisted anywhere;
- whether or not your server’s IP address dedicated and static;
- whether or not your server’s IP address has authentication records;
- whether or not others used your server or IP before you.
Feedback loops are how ISPs report complaints back to the sender. It’s critical for any successful email campaign to remove all users who are complaining or are not interested in receiving your messages any further. By not removing them, you jeopardize your reputation.
You can find the links to FBL signup pages with different ISPs here.
Next, we’re going to cover email structure and talk about segmentation, decline policy, monitoring tools, spam traps, and blacklists.
2. Email Structure.
There are multiple ways to segment your traffic.
One way is to segment traffic by IPs so one IP may be used for sending marketing emails, another – for transactional and other critical emails like a password reset or account creation confirmation.
A different way to segment the email traffic is by the engagement level. You can have some recipients who are highly engaged with your brand and you’ll want to keep those on one IP.
There may be recipients who are less engaged or have not been engaged during 3-6 months, so send to them from a different IP.
The decline policy is connected with the engagement, too. It’s about removing the recipients who did not engage with your emails within a certain amount of time (60 days, 90 days, etc.) from your list. You should do it once a year.
Here are the tools I would recommend to use for your reputation and brand monitoring.
- Senderscore.org. It is run by Return Path. The score ranks from 0 to 100, 100 being the best. It tells you how you’re performing. Typically it’s recommended that you maintain your sender score of 90 or better.
- Senderbase.com. It is run by Cisco and it tells you how your reputation is across all the network providers Cisco manages. The reputation score is grouped into Good, Neutral, and Poor.
Good mean that little or no threat activity has been observed from your IP address or domain. Your email or Web traffic is not likely to be filtered or blocked.
Neutral means that your IP address or domain is within acceptable parameters. However, your email or Web traffic may still be filtered or blocked.
Poor means that a problematic level of threat activity has been observed from your IP address or domain. Your email or Web traffic is likely to be filtered or blocked.
- Postmaster.google.com. This is the first time Google has ever offered senders to see their reputation. You can signup, enter your domain name and add the provided TXT record to the DNS configuration to verify your domain. On successful verification, your account will have access to the domain’s data on Google Search Console.
- Postmaster.live.com. Microsoft’s Smart Network Data Services gives you the information about the traffic originating from your IP address such as the volume of sent emails, complaint rates, and spam trap hits.
There is also a three-color scale that lets you know how much of your mail has been filtered by Microsoft. Green means that less than 10% of your messages have been filtered by their technologies. Yellow means that 10-90% have been filtered and red means that 90%+ messages have been filtered.
- GlockApps.com. It is a good place for testing and monitoring sender reputation and email deliverability. It shows your sender score and email spam score, tests your authentication records and email placement at different mailbox providers.
Plus, GlockApps can test your sending IP against 50+ of the most common industry blacklists including Spamhaus, SURBL, SORBS, and others and help you diagnose and solve deliverability issues for continuous deliverability. You can setup an automated process of checking your IPs against blacklists using the GlockApps uptime IP monitor and be alerted via email, Slack or Telegram when the IP got listed.
There are two types of spam traps: recycled and pristine.
Recycled spam traps are email addresses that were used by a person and then abandoned. Typically, if the email address has been dormant for the last six months, a lot of ISPs will convert it into a spam trap.
If you send to recycled spam traps, it shows that you don’t have good list hygiene or you are not actively removing your unengaged users.
The other type of spam trap is pristine. These are the ones that you don’t definitely want to be getting. Pristine spam traps are set up by ISPs and anti-spam organizations with the purpose to catch spammers.
No one should be sending emails to those addresses. If you do, it typically indicates that you scraped the list online. It will cause you a lot of trouble and a lot of harm to your sending IP and your brand reputation.
If you find yourself on a blacklist, you’ll want to determine what caused it. We recommend that you investigate. A lot of blacklists will give you some information about the date and the IP or sending domain that’s involved and sometimes they will include a subject line and a message header. So, looking at that, you can trackback the lists or segments of your list you sent to that day.
Then you want to document what changes you need to make to reduce your risk of getting into another blacklist. You’ll want to implement these changes and verify that you are not getting on blacklists.
So, when you’ve done investigation, documentation, and verification, then you want to reach out to the blacklist operator and let them know what you’ve done.
Below are good guides you’ll want to check to learn how to find out if your sending IP is blacklisted by a particular ISP and how to request the removal:
IP Blacklist Removal – How To Fix a Blacklisted IP Address
How to Remove Your IP Address from Gmail’s Blacklist
How to Remove Your IP Address from the Hotmail/Outlook’s Blacklist
How to Remove Your IP Address from the Yahoo!’s Blacklist
3. Email Education.
Are you sending the right message to the right person at the right time with the right frequency?
Here are some bad habits you want to avoid:
- Vague subject lines. The subject line should be very clear, well-written, should grab the recipient’s eye and make them want to open the message. ISPs do read subject lines and they can track what kind of a message is being sent.
- So, if you send an email of a kind like a password reset, but really you’re giving a promotion in your email, they will correlate the subject to the message body and know that it’s not actually a password reset.
- Lack of personality. You want your message to have some personality, you want it to be interesting and engaging to the recipient, and you want them to be engaged with your brand.
- Unrecognizable “From” address. If you send on behalf of your brand, don’t send from a Yahoo “From” address. You want to make sure that all the messages are coming from your brand domain.
- “Do not reply” address. Why would you not like to hear back from your customer? You should have something that comes from support@ or sales@ or newsletter@ or something like that so people know how to contact you back.
Good habits are:
- Strong branding. Your messages should really clearly represent your brand. Your logos in the messages and your “From” address should be tagged to your business.
- Concise writing and proper grammar. They are also high in the list that ISPs look at. Make sure your message is not too long and not too wordy. You don’t want people to scroll below the fold to see what’s going on in your message.
- Hyper-targeted messages. There are no two recipients that are the same. Why are you sending them the same content? There should be unique messages tailored to each segment of your list based on how you want them to interact with your brand.
Do your recipients want and expect your mail?
Bad habits to avoid are:
- Purchasing lists. Using purchased lists does not violate CAN-SPAM, but it does violate the Terms of Service of most email service providers. And purchased lists can contain spam traps which can lead to blacklisting issues.
- Automatic subscription. Never pre-check a checkbox. Allow a user to control what they sign up for.
- Allowing customers to invite their entire address book. It doesn’t mean you can’t use an invite, but you need to do it wisely. You should actually limit it to 9-10 users maximum they can invite. If you send an invite to people from your recipient’s address book, it should be one message. Don’t keep emailing. If they don’t opt-in, they are not interested.
- Sharing lists with partners. The recipients didn’t opt-in for this partner’s brand, they did opt-in for your brand. You don’t want to ruin a relationship with them. Again, you can have high complaints and spam trap addresses by sharing lists.
Are you sending emails to users at the time they expect them? Are they expecting a receipt or a promotion from you? What time and day do you send emails so users can read?
Watch your metrics and notice when people open and act on your emails. Pay attention to when they are most active and make sure that you send emails at the time and day when they engage with your brand.
Another point to pay attention to is time-sensitive emails: special daily or weekly deals, special offers on holidays, etc. Make sure you do the deal, stop emails when the deal expires
When it comes to the right frequency, you must keep up a good sending cadence. If users expect to see your email every Monday, but they receive it at an unexpected time, they can mark your email as spam. Here are some tips on sending frequencies:
- Have a limit. There should be a limit to how many messages you send every week. Nobody wants to receive too many messages from an individual brand. It causes what we call “email fatigue”. Make sure you have a good limit.
- Send in batches. If you are a brand and need to send multiple messages a day, it’s recommended to do it in a batch. If you send 20 messages a day, batch in groups of 4 so that they get only 5 messages at a time instead of 20. It lowers the number of messages going in recipients’ Inboxes and reduces the number of messages that they are likely to complain about.
- Keep up your reputation. ISPs look for consistent sending. If you are sending a million messages a day, 7 days a week, they get used to that. They are building a rolling 30-day kind of reputation and syndicate it for you. If you jump up to 3 million one day, ISP will analyze the abnormal sending behavior and might consider your account compromised.
Make sure you have a consistent sending pattern and if you need to make a change, do it gradually to allow the ISPs the time to adjust.
Adjust your frequency based on user engagement. Implement a preference center where users can tailor the experience according to their lifestyle. Some people are angry to receive daily messages and even weekly messages.
If you offer multiple mail streams, let recipients choose what they want to subscribe to.
So, setting expectations in plain text at signup is the best thing you can do:
“Hey, you’re signing up to my brand list. We’re going to send you a daily message, but we do offer a preference center where you can tailor the message frequency for your needs”.
Just be as transparent as possible. Let the recipients know that you are interested in them and you’re going to adjust to their needs.
Learn More: How to Write Emails that Convert