Email Delivery Basics: 3 Fundamental Email Concepts Explained
In this post, I give a little bit of theory about email delivery so that you can get a general idea about email concepts, good and bad sending habits, and email spam checker tools you can use to monitor your reputation and deliverability and determine possible causes of deliverability issues if they happen.
To make it easy to read and comprehend, I broke it down into three chapters:
- Legal Requirements
- Sender Reputation
- Feedback Loops
- Decline Policy
- Monitoring Tools
- Spam Traps
- Right Message
- Right Person
- Right Time
- Right Frequency
1. Email Base.
Let's start up with legal requirements.
CAN-SPAM is a US legislation that protects consumers for email marketing, transactional and other types of emails the consumer wants to receive. CAN-SPAM stands for "controlling the assault of non-solicited pornography and marketing".
Some of the requirements to be complied with CAN-SPAM are:
– no false or misleading header information;
– no deceptive Subject lines;
– identify the message as an advertisement;
– provide the location of the business or physical address at the bottom of the message;
– inform the recipients how to opt-out from future messages by adding the unsubscribe link or link to the preference center;
– honor opt-out requests promptly;
– monitor messages sent on your behalf so all people sending emails on behalf of your brand are following the same requirements.
CAN-SPAM does not require that senders have permission to send mail, but sending mail without permission to recipients in jurisdictions with opt-in rules such as Europe or Canada may open up the sender to legal liability.
CASL, a Canadian anti-spam legislation, has these requirements where the sender must:
– have the recipients' consent to send messages to them;
– clearly identify the sender of the message;
– provide the recipient with a way to contact the sender;
– provide a functioning unsubscribe process;
– track and store the type of opt-in, example of the signup page, date of opt-in, and connecting IP address.
Almost every country has email legislation to protect the recipients, and most of them require an operational unsubscribe link, processing of unsubscribe requests within a reasonable amount of time (typically 10 business days or less), and physical address of the organization sending the email.
And in many countries, senders must have permission to send marketing and commercial email:
Argentina — Explicit consent is required. Argentina has a public do not contact list — the DNPDP — that must be honored.
Australia — Explicit consent is a must. Australia has very strong laws regarding permission and data privacy. Australian ISPs are very responsive to consumer issues.
Belgium — Opt-in is required and the sender is responsible for refer-a-friend consent and managing those opt-outs, making this practice dangerous.
Finland — All marketing messages must be clearly marked as advertisements. Plus, a Finnish law requires that senders store the date of subscription and IP address the subscription was made from.
France — Consent is required for e-mailing. French ISPs historically accept fewer connections making email delivery times slower.
Germany — Strong laws requiring opt-in. If a recipient opts-out of a mailing, all data must be erased from the sender’s database.
Hong Kong — Expressed consent is required and it must be different from T&C acceptance. Consent must be clearly differentiated and easy to understand.
Italy — Prior consent required for marketing messages. End-user consent is required for cookie use and senders must disclose if any data will be shared with a 3rd party.
Netherlands — Pre-checked boxes are not allowed as a mode of consent.
Russia — There are no current electronic privacy laws. Russian ISP such as mail.ru can be challenging. Having a local presence is very helpful.
Spain — Maintains a government “do not mail” list.
Japan — All emails must contain clear and visible information for the sender name and title and the correct address for an opt-out (must be at the top of the email). The sender’s address and phone number must also be displayed.
Canada — The Canadian Anti-Spam Legislation (CASL for short) took effect July 1, 2014. The full provisions roll out over three years. Explicit permission and private right of action are the most important measures.
Singapore — All messages must contain an unsubscribe link, phone number, and a postal address. This information must be in English. Unsubscribes must be handled within 10 days.
Our next point is authentication.
Authentication allows the mailbox provider to confirm that the sender is the one who he pretends to be.
There are four primary methods of authentication:
1. DKIM is DomainKeys Identified Mail. This is what the recipient uses to determine that the message has not been altered in transmission. So, the public key and private key have to match to ensure that nothing happened to the message in transit.
2. SPF is Sender Policy Framework which states which IPs are authorized to be sending on behalf of the "From" domain and allows the receiver's host to verify that the email is being sent from the server it asserts it's sent from.
3. Reverse DNS which implies determining what host and domain name belong to a given IP address. If a Reverse DNS Lookup returns a "no domain associated", then the email will likely bounce to the sender, or will be deleted or filtered.
4. DMARC is Domain-Based Message Authentication, Reporting, and Conformance. DMARC ensures that the legitimate email is properly authenticating against established DKIM and SPF standards and that fraudulent activity appearing to come from domains under the organization’s control (active sending domains, non-sending domains, and defensively registered domains) is blocked.
DMARC allows you to use policies to protect your brand and email. The policy you select in your DMARC record will tell the participating recipient mail server what to do with mail that doesn't pass SPF and DKIM but claims to be from your domain that contains the DMARC record.
There are three policies you can set: p=none, p=quarantine, and p=reject.
"p=none" tells the receiver to perform no actions against unqualified mail, but still send email reports to the mailto: in the DMARC record for any infractions.
"p=quarantine" tells the receiver to quarantine the message that does not pass the authentication. Quarantine means "set aside for additional processing".
"p=reject" tells the receiver to completely deny any unqualified mail for the domain. With this enabled, only mail that is verified as 100% being signed by your domain will even have a chance to get to the Inbox. Any mail that does not pass is blackholed, not bounced, so there's no way to catch false positives.
The reports of any policy that you set up allow you to see what other IPs are using or abusing your brand.
Here you can read the ultimate guide about email authentication.
Additional concepts from the Email Base chapter you should be aware of are sender reputation and feedback loops.
Sender reputation involves monitoring the reputation of your IP address and sending domain: who is using the domain on your behalf, shared IP or dedicated IP, and what impact that can have on your reputation.
All the ISPs do correlate your reputation back to engagement, sending domain, and sending IP.
The factors that determine your sender reputation (and consequently impact your email deliverability) are:
– how often your server sends email messages to invalid email addresses;
– how many recipients mark your emails as spam;
– how many email messages you sent from that IP address;
– whether or not your server's IP address is blacklisted anywhere;
– whether or not your server's IP address dedicated and static;
– whether or not your server's IP address have authentication records;
– whether or not others used your server or IP before you.
Feedback loops are how ISPs report complaints back to the sender. It's critical for any successful email campaign to remove all users who are complaining or are not interested in receiving your messages any further. By not removing them, you jeopardize your reputation.
You can find the links to FBL signup pages with different ISPs here.
Fix Email Deliverability: The Ultimate Checklist
This 13-point checklist will help you make sure you deliver your emails to the intended recipient without being filtered or blocked.
Next, we're going to cover email structure and talk about segmentation, decline policy, monitoring tools, spam traps, and blacklists.
2. Email Structure.
Let's start with segmentation. There are multiple ways to segment your traffic.
One way is to segment traffic by IPs so one IP may be used for sending marketing emails, one IP may be used for transactional emails and other critical emails like a password reset or account creation confirmation.
The another way to segment the email traffic is by the engagement level. So, you can have some recipients who are highly engaged with your brand and you'll want to keep those ones on one IP.
And there may be ones who are less engaged or have not been engaged during 3-6 months, so send to them from a different IP.
The decline policy is connected with the engagement, too. It's about removing the recipients who did not engage with your emails within a certain amount of time (60 days, 90 days, etc.) off of your list. This should be done once a year.
Now, we're going to talk about the tools you can use to monitor your reputation and your brand.
– Senderscore.org. It is run by Return Path. The score ranks from 0 to 100, 100 being the best. It tells you how you're performing. Typically it's recommended that you maintain your sender score of 90 or better.
– Senderbase.com. It is run by Cisco and it tells you how your reputation is across all the network providers Cisco manages. The reputation score is grouped into Good, Neutral, and Poor.
Good mean that little or no threat activity has been observed from your IP address or domain. Your email or Web traffic is not likely to be filtered or blocked.
Neutral means that your IP address or domain is within acceptable parameters. However, your email or Web traffic may still be filtered or blocked.
Poor means that a problematic level of threat activity has been observed from your IP address or domain. Your email or Web traffic is likely to be filtered or blocked.
– Postmaster.google.com. This is the first time Google has ever offered senders to see their reputation. You can signup, enter your domain name and add the provided TXT record to the DNS configuration to verify your domain. On successful verification, your account will have access to the domain's data on Google Search Console.
– Postmaster.live.com. Microsoft's Smart Network Data Services gives you the information about the traffic originating from your IP address such as the volume of sent emails, complaint rates, and spam trap hits.
There is also a three-color scale that lets you know how much of your mail has been filtered by Microsoft. Green means that less than 10% of your messages have been filtered by their technologies. Yellow means that 10-90% have been filtered and red means that 90%+ messages have been filtered.
– GlockApps.com. It is a good place for testing and monitoring sender reputation and email deliverability. It shows your sender score and email spam score, tests your authentication records and email placement at different mailbox providers.
Plus, GlockApps can test your sending IP against 50+ of the most common industry blacklists including Spamhaus, SURBL, SORBS, and others and help you diagnose and solve deliverability issues for continuous deliverability. You can setup an automated process of checking your IPs against blacklists and be alerted via email when the IP got listed.
Next, let's talk about spam traps and blacklists.
There are two types of spam traps: recycled and pristine.
Recycled spam traps are email addresses that were used by a person and then abandoned. Typically, if the email address has been dormant for the last six months, a lot of ISPs will convert it into a spam trap.
If you send to recycled spam traps, it shows that you don't have a good list hygiene or you are not actively removing your unengaged users.
The other type of spam traps is pristine. These are the ones that you don't definitely want to be getting. Pristine spam traps are set up by ISPs and anti-spam organizations with the purpose to catch spammers.
No one should be sending emails to those addresses. If you do, it typically indicates that you scraped the list online. It will cause you a lot of trouble and a lot of harm to your sending IP and your brand reputation.
Blacklists. If you find yourself on a blacklist, you'll want to determine what caused it. We recommend that you investigate. A lot of blacklists will give you some information about the date and the IP or sending domain that's involved and sometimes they will include a subject line and a message header. So, looking at that, you can track back the lists or segments of your list you sent to that day.
Then you want to document what changes you need to make to reduce your risk of getting into another blacklist. You'll want to implement these changes and verify that you are not getting on blacklists.
So, when you've done investigation, documentation, and verification, then you want to reach out the blacklist operator and let them know what you've done.
Below are good guides you’ll want to check to learn how to find out if your sending IP is blacklisted by a particular ISP and how to request the removal:
3. Email Education.
Our next topic is email education.
Are you sending the right message to the right person at the right time with the right frequency?
Here are some bad habits you want to avoid:
– Vague subject lines. The subject line should be very clear, well-written, should grab the recipient's eye and make them want to open the message. ISPs do read subject lines and they can track what kind of a message is being sent.
So, if you send an email of a kind like a password reset, but really you're giving a promotion in your email, they will correlate the subject to the message body and know that it's not actually a password reset.
– Lack of personality. You want your message to have some personality, you want it to be interesting and engaging to the recipient, and you want them to be engaged with your brand.
– Unrecognizable "From" address. If you send on behalf of your brand, don't send from a Yahoo "From" address. You want to make sure that all the messages are coming from your brand domain.
– "Do not reply" address. Why would you not like to hear back from your customer? You should have something that comes from support@ or sales@ or newsletter@ or something like that so people know how to contact you back.
Good habits are:
– Strong branding. Your messages should really clearly represent your brand. Your logos in the messages and your "From" address should be tagged to your business.
– Concise writing and proper grammar. They are also high in the list that ISPs look at. Make sure your message is not too long and not too wordy. You don't want people to scroll below the fold to see what's going on in your message.
– Hyper-targeted messages. There are no two recipients that are the same. Why are you sending them the same content? There should be unique messages tailored to each segment of your list based on how you want them to interact with your brand.
Right person. Do your recipients want and expect your mail?
Bad habits to avoid are:
– Purchasing lists. Using purchased lists does not violate CAN-SPAM, but it does violate the Terms of Service of most email service providers. And purchased lists can contain spam traps which can lead to blacklisting issues.
– Automatic subscription. Never pre-check a checkbox. Allow a user to control what they sign up for.
– Allowing customers to invite their entire address book. It doesn't mean you can't use an invite, but you need to do it wisely. You should actually limit it to 9-10 users maximum they can invite.
If you send an invite to people from your recipient's address book, it should be one message. Don't keep emailing. If they don't opt-in, they are not interested.
– Sharing lists with partners. The recipients didn't opt-in for this partner's brand, they did opt-in for your brand. You don't want to ruin a relationship with them. Again, you can have high complaints and spam trap addresses by sharing lists.
The right time and right frequency.
Are you sending emails to users at the time they expect them? Are they expecting a receipt from you? Are they expecting a promotion from you? What time and day do you send so users can read your email?
Watch your metrics and notice when people open and act on your emails. Pay attention to when they are most engaged and make sure that you send emails at the time and day when they do engage with your brand.
Another point to pay attention to is time-sensitive emails: special daily deals, special weekly deals, special offers on holidays etc. Making sure you do the deal, suppress emails when the deal expires.
When it comes to the righty frequency, it's important that you keep up a good sending cadence. If users expect to see your email every Monday, but they receive it at an unexpected time, they can mark your email as spam.
And there should be a limit of how many messages you send every week. Nobody wants to receive too many messages from an individual brand. It causes what we call "email fatigue". So, you have to make sure you have a good limit.
If you are a brand and need to send multiple messages a day, it's recommended doing it like a batch. So, if you are sending them 20 messages a day, batch in groups of 4 so that they get only 5 messages at a time instead of 20 messages.
That lowers that number of messages that go to their Inboxes and need to be read. And that also reduces the number of messages in their Inboxes that they are likely to complain about.
Another reason for having a consistent frequency is that it helps your reputation with ISPs. ISPs look for consistent sending. So, if you are sending a million messages a days 7 days a week, they get used to that.
They are building a rolling 30-day kind of reputation and syndicate it for you. And if you jump up to 3 million one day, they see it's not a normal behavior for you. Is your account compromised? What's going on?
So, you want to make sure you have a consistent sending pattern and if you need to make a change, make a change gradually to allow the ISPs the time to adjust.
If you know users don't wish to receive your messages every day and maybe they open them every other day, change your frequency based on the user engagement.
Implement a preference center where users can tailor the experience with your brand to what is going to fit their lifestyle. Some people are angry to receive daily messages and even weekly messages, so let them tailor that user experience to what is their preference.
Let them also tell you what they want. If you offer multiple streams of the emails (you may have daily deals, you may have weekly deals, you may have a newsletter or popular tips – all these can be different types of email streams), let them choose what they want to subscribe to. Don't force them to be included in all six email streams you are sending out.
So, setting expectations in plain text at signup is the best thing you can do:
"Hey, you're signing up to my brand list. We're going to send you a daily message, but we do offer a preference center where you can tailor the message frequency for your needs".
Just be as transparent as possible. Let them know that you are interested in them and you're going to tailor the experience to them.
GlockApps Spam Testing
Try it out for yourself. Get your email scanned by every major spam filter before you send.