In the world of sending email and spam filtering, intentions matter far less than behavior. The spammers set the bar. Even if you are sending authenticated, confirmed opt-in (COI) email, if your email program does not at least meet the basics, no spam filter will understand the difference.

Legitimate mailers work hard to build brand reputation based on a real business address, a known domain, and a small, permanent, well-identified range of sending IPs.

What steps to take to ensure you look legitimate

It is critical to follow best practices to distinguish yourself from miscreants who spam. Always keep the following in mind:

  • Authentication:
    • All emails should be correctly authenticated with DKIM & SPF at a minimum.
    • The SPF record should be as narrow and specific as possible. If you designate the entire internet as “permitted sender,” this is not useful and opens the domain to abuse by spammers.
  • Whois: Do not use anonymized or unidentifiable Whois records. Legitimate businesses should have no reason to hide their online identity using WhoisGuard or other such privacy services. Since the advent of GDPR in 2018, many registrars have defaulted to publishing anonymized Whois records, but most will remove it upon request.
  • Limit domain usage. With the increased number of unique domains used to send the same emails, you increase the number of flags raised; use the primary business domain – or a subdomain of it – whenever possible.
  • Use clear and consistent naming schemes in DNS – keep it simple.
  1. The best option is delegating a subdomain of the brand’s primary domain to the email service provider (ESP): e.g., email.customerbrand.com.
  2. The second best would be: “customerbrand.espdomain.com”
  3. Last resort (and to be avoided if at all possible): customerbrand-email.com. If this is necessary, it is crucial to use a cousin domain that clearly relates to the primary brand name.

Phishing has made people very wary of look-alikes. Having a clear brand relationship allows receivers to easily distinguish the Email Service Provider (ESP) and customer and reduces the chances of blocks or reputation damage due to unclear identification.

  • Use properly registered domains with working mail AND web addresses. There should be a website for every domain/brand email domain address used, and not having one looks shady. This is something that spammers do all the time. Link and tracking domains should have a redirect to the primary business website.
  • Every domain that sends email should have functional abuse@ & postmaster@ addresses.
  • Use contiguous IPs if possible. Use the same network.
    • If not possible, do not use more IPs than needed.
    • Most brands do not need 100s of IPs scattered across multiple networks – this is the definition of snowshoeing [insert a link to snowshoe FAQ].
  • ESPs: Publish an Acceptable Use Policy (AUP)/Terms Of Service (TOS) that is easy to find, read, and enforce.

Now we’ve explained how not to appear like someone who’s sending spam we’ll be looking at what authentication and encryption are necessary to set up for marketing emails.

.

 

Resources

Top 5 tips from Email Software Providers to email senders

27 July 2022

Blog

Email senders - take note: in this blog, the deliverability experts from Emarsys, Twilio, and Validity share their top 5 tips for you to achieve consistent email deliverability. You're welcome!

Changing Email Software Provider: the opportunities and challenges

27 July 2022

Blog

Deliverability experts from Emarsys, Twilio and Validity share their insight into the opportunities and challenges senders should consider when changing email provider. Hint - you need to build your reputation from scratch, so how can an email filter decide if your email is genuine or attempted abuse?

Who’s responsible for getting email delivered? The Email Software Provider’s perspective

27 July 2022

Blog

As part of our Deliverability 101 series, we're inviting experts from across the email-sending community to share their pearls of wisdom. For this blog post, we get the insight from Emarsys, Twilio, and Validity on who holds responsibility for deliverability.