As an Email marketer, it’s important for you to follow the email deliverability best practices to achieve successful campaign performance. Here, we walk you through various technical configurations and concepts behind email authentication and deliverability.
What is an authenticated email?
As part of the email delivery process, receiving mail servers work to determine the authenticity and legitimacy of the email. Email authentication is not just about security – it’s also about deliverability. You can help prevent email fraud, improve your email deliverability, and help ensure continued delivery at receiving mailboxes.
So what do we mean when we say an email has been successfully authenticated? In short, that a receiving mail server has been checked for the relevant SPF records, the DKIM key associated with your email and sending domain, and that your email has successfully passed those checks.
The Domain Name System (DNS) is the phone directory of the Internet. Web browsers interact through Internet Protocol (IP) addresses. DNS translates domain names to IP addresses so browsers can load Internet resources.
Domain Keys Identified Mail (DKIM) is an email validation system designed to detect email spoofing by providing a mechanism to allow receiving mail exchangers to check that incoming mail from a domain is authorized by that domain’s administrators and that the email has not been modified during the transport. A digital signature included with the message can be validated by the recipient using the signer’s public key published in the DNS. In technical terms, DKIM is a technique to authorize the domain name which is associated with a message through cryptographic authentication.
Domain key is an email authentication system created by Yahoo. It gives email providers a mechanism for verifying both the domain of each email sender and the integrity of the messages sent (i.e., that they were not altered during transit). Since the actual domain can be verified, it can be compared to the domain claimed in the From: field of the message. If the sender is genuine, a profile can be established for that domain that can be tied into anti-spam policies. If the email is a forgery, it can be dropped, flagged or quarantined.
Preventing forged email helps email marketers in a number of ways, including branding. Using Domain-Keys reduce the chance that someone will impersonate your domain and use it for fraudulent purposes, including “phishing attacks” — the solicitation of personal information such as passwords, credit card numbers, etc.
A sample DKIM record is given below:
Screenshot of the Godaddy panel after updating the DKIM is given below:
Note: Using Domain key doesn’t guarantee that your email will bypass any spam filters on the receiving end, but if your recipients can confirm that the email truly came from you, and if they consider you someone of good reputation, they are more likely to receive your emails in the inbox.
Sender Policy Framework, an extension of SMTP that stops e-mail spammers from forging the “From” fields in an e-mail. As SMTP itself does not carry an authenticating mechanism, the SPF extension provides the authentication scheme by specifying which computers are authorized to send email from a specific domain. In order to use SPF, the domain sending e-mails must establish an SPF record that is published in DNS records. When the e-mail passes through the DNS server, it is compared to the SPF record for that domain to determine if the sender is indeed authorized to transmit e-mails from that sender’s address. If the e-mail comes from a domain that is not authorized, the DNS server will not forward the e-mail to the expected destination.
SPF is one method that can be used to stop spam from being sent using unauthorized domain names. However, it should be noted that SPF only stops the spammer from forging the “From” field in the e-mail and does not stop the spammer from sending e-mails from a domain in which it is a member.
SPF was formerly called Sender Permitted Form, but the name was later changed while the abbreviation remained the same.
SPF allows administrators to specify which hosts are allowed to send mail from a given domain by creating a specific SPF record (or TXT record) in the Domain Name System (DNS). Mail exchangers use the DNS to check that mail from a given domain is being sent by a host sanctioned by that domain’s administrators.
If a domain publishes an SPF record, spammers and phishers are less likely to forge e-mails pretending to be from that domain, because the forged e-mails are more likely to be caught in spam filters which check the SPF record. Therefore, an SPF-protected domain is less attractive to spammers and phishers. Because an SPF-protected domain is less attractive as a spoofed address, it is less likely to be blacklisted by spam filters and so ultimately the legitimate e-mail from the domain is more likely to get through.
A sample SPF record is given below:
The CNAME record creates an alias for subdomain.yourdomain.com. The CNAME is needed for our click and open tracking features in order for those statistics to be routed back to your account. This will also be what your messages are signed by, so your recipients will be able to see what you have chosen for your CNAME.
It is always an ideal approach to do click through masking in your domain used for sending out email campaigns.
This helps to bring a good reputation on your domain as well as to reduce the impact on your server farm.
For example, take the scenario where Click through masking is not done. When a user receives a mail and he clicks on any link or clicks on spam, the server farm gets first reflected and the direct hit will be on the same which affects the server farm reputation.
On the other hand, when a user is not reporting spam and clicks on any link, the path which gets first reflected in the server farm and post which, it will be redirected to the actual path. But, since the click through masking configuration is not done, the domain users will not be getting the benefit/reputation as well as the actual reputation of the domain will not be measurable.
Hence, better user experience and improved deliverability are the 2 core benefits of URL masking. We always prefer it to be customized with the brand name.
A sample CNAME is given below:
Screenshot of the Godaddy panel after updating the CNAME is given below:
Feedback Loop Integration:
Feedback loops are reports that ISPs provide to large volume senders about the number of recipients who mark their mails as spam. It’s a really important service that allows businesses to monitor their sender reputation with the ISPs and quickly take action for damage control if large numbers of recipients are marking their emails as spam. This is very crucial for businesses that are dependent on email marketing as the main revenue stream. Yahoo Mail offers a free Complaint Feedback Loop program to help email senders minimize complaint rates.
When it comes to email program, feedback loop integration plays a very vital role.
Let’s take an example where you have targeted 1000 Non-Gmail users and you got 10 spam complaints which is 0.01% against the total volume targeted.
On the other hand, the majority of your database is coming from Gmail say 70%. So, it’s very crucial when you target the Gmail users, where the total projected spam complaint would be almost double of the total spam complaint reported. Hence when we target the Gmail users, we need to be extremely cautious as Gmail ISP can blacklist this domain due to the high no: of spam complaints generated.
On the other hand, take the case where Feedback loop integration is not done. In the back end, users would be reporting on the spam which does not get tracked in the system and due to this, domain can get blacklisted by Gmail ISP. Where from a marketer perspective, rest of the factors are within the permissible limits. But due to the lack of FBL integration, the spam complaints are hidden and we are unable to find out the reason why the domain has got into reputation issue. The industry average for spam complaints is 0.01%.
How to Configure Yahoo Feedback Loop:
When we configure a domain, we need to submit the domain name, the selector value and the email id to which the complaint gets generated. The email id which needs to be updated in the Yahoo feedback Loop is email@example.com. On the other hand, we need to create the “firstname.lastname@example.org” id for submitting the yahoo feedback loop. For Yahoo to share the spam complaints, feedback loop should be set.
Gmail Feedback Loop:
Gmail announced their Feedback Loop (FBL) pilot offering to ESPs to help them with identifying bad actors and spammers on their network.
Adding a Domain Name to the Postmaster’s Interface.
In order to add a domain name, it will be necessary to login to “postmaster.google.com” and click on the ‘+’ bottom-right on the screen: the pop-up screen will now display:
Enter the domain name to be set, and then click Next. On the following screen, Google will ask you to prove that you own the domain by adding a DNS TXT or a DNS record.
The update of specific DNS servers may require up to 24 hours. It is possible that you are required to await before being able to click on the ‘Verify’ button — it is, of course, possible to switch windows and going back to it later on.
If you use several subdomains for each one of your different e-marketing campaigns, you will entitle to embed every single one of them, as well as the main domain name. This will empower you on one hand to monitor the performance of your domain names, and on the other, to have an overall view of the main domain.
Important: Here mentioned TXT embedding operations on your DNS have to be repeated for each Google user willing to access this data. If several users require access and that you run several subdomains, the creation of a new Google account reserved to your colleagues is likely to be the better solution.
DMARC is a new email standard designed to give email senders and ISPs additional tools to fight email forgery, phishing, and spoofing. It’s based around email authentication, but isn’t an authentication method itself; instead, it builds on existing authentication methods we already support – DKIM and SPF.
In circumstances where a domain or brand may be targeted by phishing attacks or forgery, DMARC can help ISPs to more easily identify and block unauthorized messages.
Similarly, for domains frequently appearing in unauthorized email or spam, DMARC may, in theory, help prevent damage to that domain’s sending reputation.
DMARC only requires you to authenticate your email with SPF and DKIM, check “alignment” (effectively just making sure the domains match), then publish a DMARC record within DNS for the authenticated domain. But in more complex systems – where a domain may send email from multiple sources, for example – this may result in a legitimate email being filtered or rejected.
So if there is any uncertainty about the number of sources sending on behalf of the domain you plan to use DMARC with, or their authentication status, this method is not recommended.
In a more standard implementation, after authentication and alignment checks, DMARC is set up in “monitoring” mode to request reports of unauthenticated mail. These reports are used to identify any gaps in authentication coverage and/or alignment, which can then be closed. Once that process is complete, DMARC can be set to more aggressively filter/block unauthenticated mail.
More information is available here:
A sample DMARC is given below:
Screenshot of the Godaddy panel after updating the DMARC is given below:
The CRP is a mailbox for handling/ tracking the bounced Email IDs. If the CRP setting is not done with the account, there is a chance of mails going to spam and bounced email IDs not getting tracked. CRP is visible from the header of the mails.
The return path is the address which bounced messages are sent to. When you send a message from your personal email, the bounces come back directly to you notifying you that the message was undeliverable. However, when targeting a bunch of users, return path is the place to park the hundreds of bounce receipts that may come back from an email campaign. The return path of your email messages is not normally seen by recipients. However, it can have an impact on your domain reputation and may impact your deliverability. By customizing the return path, your domain reputation will not be affected by other senders.
Having a custom return path does not guarantee inbox delivery. There are a whole host of things that play into your sending reputation, cleaning up your email header and customizing your return path is an easy fix to get your emails to the inbox.