Deliverability 101, Delivery Essentials

Deliverability 101: IP address and domain reputation

Reputation can be very important in all walks of life, and email is no different. For senders with a good reputation, mail is more likely to be delivered to the inbox, giving your recipients more chances to read and interact. On the other hand, if your reputation is “not so hot,” you’ll be more likely to see your messages end up in the spam folder or even rejected altogether. So what exactly is this mystical “reputation,” and how is it determined?

15313888764_975c5f0c67_z

IP Address Reputation

Before we address (no pun intended) the reputation aspect, let’s have a brief refresher on the nature of IP addresses. Every device connected to the internet – computer, router, even your smart thermostat – is assigned a numeric value known as the Internet Protocol address. This IP address is how your mail server is identified on the internet. When you send mail to a recipient, their mail provider will see where the message originated, identified by that IP address.

Most inbound mail servers will also attempt to use that IP address to determine whether the sender of the mail is trustworthy. If mail from that IP address is often sent to invalid addresses, or the mail generates too many complaints, the inbound server may choose to route incoming messages from that server to spam, or block them outright. Many mailbox providers also use third-party IP address blacklists like Spamhaus or Spamcop, choosing to filter or reject mail from IPs that appear on those lists.

A few years ago, IP address was the gold standard for sender reputation. As content filters that looked for “spam words” became less effective (MILLI0NS OF DOLLAR$ IN VI4GRA, anyone?), IP reputation helped receivers identify habitual bad senders. The receivers could then act on all mail sent from those servers instead of chasing down ever-morphing content to filter inbound mail. This often caused issues for ESPs with smaller clients, because many clients were often sending from the same IP address (This is one of the reasons many ESPs tend to be more strict with shared-IP clients – because mail you send can impact delivery for many other senders on your IP).

A fact that is not widely known outside tech circles is that the internet is running out of IP addresses. As a result, a new standard for IP addresses was created: IPv6. This standard allows for a seemingly infinite number of IP addresses – theoretically 340,282,366,920,938,463,463,374,607,431,768,211,456 to be exact. With that many IP addresses, anyone whose IP is blocked can simply start using a different IP address, essentially bypassing IP address-based filtering.

Domain Reputation

There are times that an IP address alone doesn’t give the whole picture. The shared IP pools used by some ESPs, as mentioned above, are a prime example. Another example might occur when multiple divisions of a single company or organization use the same IP addresses to send mail. Because of this, and the onset of the IPv6 standard, domain reputation has become increasingly important in mail delivery.

How domain reputation is checked can vary depending on the mail server. Some providers check only the domain the mail is actually sent from, while others look at all the domains in the message headers. Some providers, including Google, check every domain in the body of the message as well. So if you send your mail from example@example.com, you can bet the reputation of example.com will be checked, but other domains in your message could be checked as well. If you are using an ESP or other hosted mail solution, there may be domains in the header that belong to your host that will also be checked (another reason authentication is so important). And don’t forget those links in the body! Many filters will block a message if it contains links to domains that have been flagged as spam or dangerous. If you’re linking to a domain you don’t own, it’s a good idea to check its reputation using one of the handful of free online tools available (we’ve compiled a few on our Resources page).

Not surprisingly, a domain’s reputation is typically impacted by mail sent from that domain or using that domain in the body. However, it can also be affected by the reputation of that domain on the web as a whole. If a specific website has gotten a bad reputation for, say, gaming Google’s search engines or potentially scamming customers, that can also impact mail delivery.

The ‘Secret Sauce’ of Sender Reputation

When it comes to actually filtering inbound email, every mailbox provider uses a unique combination of factors to determine whether mail reaches the inbox. For many providers, IP address reputation still ranks at or near the top of the list of these factors. Domain reputation is typically very close behind, if not in the top spot. After that, there are typically various ingredients that make up the proprietary methods used by each organization. Trying to figure out the secret sauce for each ISP is a fruitless effort – even if you do manage to find a trick that bypasses or overcomes a specific filter for a time, it will invariably change and you’ll be left looking for another backdoor.

While the specific components of spam filters change constantly, your sender reputation – both IP and domain – will continue to play the largest role in getting your mail to the inbox. Manage that reputation well, and you’ll save yourself a lot of delivery headaches.

For more information on IP addresses or the IPv6 standard, check out these resources:
What is an IP Address? on HowStuffWorks
Word to the Wise – IPv6 archives
IPv6.com – A Beginner’s Look

– BG

Best Practices

Spammers Anonymous, or How I Learned to Stop Worrying and Send Email

anonymous

Hi, my name is Brad, and I’m a spammer. 

Recently I discussed how the perception of consent often varies pretty widely from sender to recipient, and asserted that sending any unsolicited mail (no matter how innocuous) makes one a spammer. In retrospect, and in light of a rousing debate currently occurring in a popular industry forum, it may be helpful to expand a bit on that statement.

Much like politics, most of the voices you hear in the email industry tend to vary between two extremes. One one hand, there are the anti-abuse crusaders, those who propose hefty penalties for anyone who sends even a single unsolicited email. On the other, you have those who believe that because someone provided their email address somewhere public (i.e. on their employer’s webpage), they are giving free reign for marketers to send them anything they want. Most of us, thankfully, are somewhere in between. Those of us who send email on behalf of others (email service providers, particularly) generally have to be closest to the median as we balance the needs of senders who want to keep their business growing with the ability to reach recipients (more accurately, their mail providers) who don’t want to receive spam.

To that end, I say this: unsolicited mail is spam. Unless your intended recipient asked you directly to receive what you’re sending, you’re sending spam. The thing is, we’ve almost all done it – even those of us on the anti-abuse side of things. If we haven’t sent spam directly, we’ve been party to it. Maybe it was the marketing team at our company. Maybe it was a salesperson, contractor, or vendor. No one likes spam, but very few of us can say we are completely removed from it.

Go ahead, let it out. It’s cathartic.

Does that excuse sending sending spam? Not even close. Just because we’ve all likely done it doesn’t mean it’s okay. What it does mean is that the damage can be fixed – but how? In Spammers Anonymous, there are just 3 steps on your path to email enlightenment:

Get permission.

This one is the simplest, but often causes the most problems. Don’t send to addresses that were found on a website or forum. Don’t purchase lists or use any list generated by a third party (including government lists obtained via the Freedom of Information Act – those are some of the worst). If someone makes a purchase from you or joins your organization, give them the option to receive your marketing emails. In some jurisdictions (I’m looking at you, Canada) it’s a requirement that you provide separate consent options.

Set expectations.

When someone provides you their email address they’re trusting you to send them the information they’ve requested, and not to send them other, unwanted mailings. Honoring that trust helps build loyalty and keeps your recipients happy. One of the best ways to ensure your trustworthiness is to set clear expectations at sign-up. At the point of email collection, make clear designations of the type and frequency of mailings you’ll be sending. It doesn’t have to be hyper-specific; something like “weekly informative newsletters” does the trick without excessive wording. Bonus upside: when your recipients expect your email, they’re ready to engage when it shows up and often tell you when it doesn’t (which helps identify potential delivery issues).

Acknowledge there is a higher power.

OK, so this one may sound familiar – but in this case we’re talking about mailbox providers. Google, Microsoft, Yahoo, and AOL, among others, provide mailboxes to millions of recipients and their primary focus is ensuring those recipients get only the mail they want. One of the biggest ways they do this is through engagement monitoring. Recipients who read and reply to your messages are more likely to see them front and center in their inbox. This means that your job is not only to get the initial opt-in, but to ensure your recipients continue to want your mailings. One of the best ways to do this is through re-engagement campaigns. Every 6-18 months (depending on your sending frequency), reach out to recipients who haven’t engaged and ask if they still want your mailings. For those that don’t, purge them from your list and look at other ways to market to them, such as phone outreach or snail mail.

If you’re sending unsolicited email, attempting to justify your practices won’t matter to the mailbox providers who are routing your mail to Spam, or to the blacklist admins who have flagged your IP address for hitting spam traps. Instead of hiding behind the “everyone’s doing it” mantra, take action and make your program better than everyone else’s. It takes some work to follow best practices, but taking these steps will help ensure your mail gets delivered and boost your business in the long run.

– BG

Industry Updates

Terra Freemail joins Orange, Wannadoo, and Freeserve email in closing up shop

The past month has seen some major happenings in the world of Freemail providers: UK provider EE finalized their closure of Orange email services – which included long-time freemail domains Wanadoo.co.uk and Freeserve.co.uk – and Terra.co.br announced the end of their freemail service. (A full listing of affected domains is at the end of the post.)

Orange had been heralding the May 31 closure date for a few months, recommending their users switch to Gmail, while Terra has given July 1 as the end date for their services. Terra.es had previously announced their email migration to terra.com starting in April of this year.

For senders in the US, these domain closures are likely to have varying impacts. Typically you’re unlikely to have a large number of Orange addresses on file, especially since these addresses are typically older and many users have migrated away from them to more advanced services. Terra addresses tend to be slightly more common in the US, particularly terra.com.mx. If you have these addresses in your database, you probably also know that delivery issues at Terra tend to be difficult to resolve – so maybe there is a bit of a silver lining in the closures yet.

In any case, you should take the opportunity to check your database for addresses at these domains. If you have any of the Orange addresses, suppress them immediately as they are officially shut down. If you have other contact data for those recipients, feel free to use it to get updated information. If you have recipients at the Terra domains, you still have 3 weeks to reach out via email to get updated details. If you haven’t gotten the info by July 1, you’ll need to suppress those recipients as well.

The full list of Orange domains affected:
  • Orange.net
  • Orangehome.co.uk
  • Wanadoo.co.uk
  • Freeserve.co.uk
  • Fsbusiness.co.uk
  • Fslife.co.uk
  • Fsmail.net
  • Fsworld.co.uk
  • Fsnet.co.uk
The Terra domains being shuttered are:
  • terra.com
  • terra.com.ar
  • mi.terra.cl
  • terra.com.co
  • terra.com.mx
  • terra.com.pe
  • terra.com.ve
  • terra.com.ec

As always, please feel free to reach out with any questions or comments, or email me with any more detailed requests.

– BG

Privacy & Security, Random

Want to unsubscribe? Just confirm your email address first

Here’s a Public Service Announcement for your Monday: confirming your email should never be required to unsubscribe from a mailing list. I’m sure I’ll hear from someone who has an example of an edge case where it’s necessary, but the vast majority of cases should require no such thing. Possibly the most compelling reason not to require confirmation of the address? Spammers require confirmation of addresses in order to “unsubscribe” – with the exception they don’t actually unsubscribe you. Do you want your email to have something in common with most spam? We don’t recommend it. Add to that it’s likely a violation of CASL as well, and you have a recipe for disaster.

Inbox

I’ll have a full post coming up tomorrow but seeing this in my inbox (a dedicated email asking me to unsubscribe? They must be extra compliant!), along with recently speaking with senders who wanted to do something similar, prompted me to issue this brief admonition.

– BG

Delivery Essentials

The silent killer hiding in your old email list

“…details at eleven.”

351px-Villainc.svgIf you grew up watching local news broadcasts in the ’80s, you probably recall the teasers touting all sorts of hidden dangers that could affect your family. And of course, when the payoff came, there was a sigh of relief as we all realized the story was blown way out of proportion – merely a ploy to raise ratings. Fortunately for us, our pantries, medicine cabinets, and refrigerators were not just teeming with potential killers, and now we can all read our scary “hiding right in your cupboard!”-style headlines on Facebook or Twitter instead.

Even though those ’80s news threats were mostly imagined, there are some legitimate “hidden killers” when it comes to email marketing. For senders, one of the biggest potential minefields comes when you decide to send to an old list of email addresses. It’s probably happened to you: someone from another team (or a superior on your own team) brings you a list of addresses that is clearly outdated. They were acquired sometime during the Clinton administration, last mailed 2 years ago (or was it 3?), and probably haven’t been updated…ever. They gave you permission to send all those years ago, so sending to them now is no problem. You’ll remove the hard bounces, then you’re left with a good list of opted-in contacts just waiting to boost your sales numbers. Sounds like a win-win, right?

Not so fast. Even if you received permission to email these contacts, if it happened very long ago there are a number of reasons that permission may not matter. The address may have been abandoned, deactivated, reallocated to a new user, or even repurposed as a spam trap. Let’s look at each of these scenarios and how they can wreak havoc on your sender reputation.

Abandoned addresses

Email addresses, though personal, are a somewhat disposable commodity. With workers switching jobs more than ever, and freemail services providing a myriad of email address options, it’s not uncommon for a recipient to simply abandon an email address. The address remains active and accepts mail, but the user rarely if ever accesses the mailbox.

Most mailbox providers, as we’ve previously discussed, rely heavily on engagement metrics to filter mail. Senders who see good engagement rates from their recipients are more likely to reach the inbox. What you may not know is that many of these providers also look at how many “zombie” mailboxes you send to regularly. If you are frequently mailing to recipients who rarely if ever check their mail, that can have a negative impact on your delivery rates.

Deactivated addresses

This one tends to be the easiest to see: when you send to an address, the message is bounced and you receive a rejection response. Many senders simply gloss over this point because their ESP automatically suppresses bounces, so they know they won’t be mailing to them again. But even a single send to a large number of invalid addresses can cause delivery issues. Once you’ve damaged your sending reputation, the time and effort required to repair it are often much more than would have been required to ensure the list was clean before sending.

Reallocated addresses

If you haven’t mailed to an address in months or years, it’s possible the address was abandoned or surrendered by the previous owner and now belongs to someone else. If this is the case, that recipient hasn’t provided you permission so any mail you send to them is technically unsolicited. These recipients are much more likely to mark your message as spam or report it to a blacklist or spam filter provider.

This scenario is most likely if you haven’t mailed a recipient in well over a year: most webmail providers keep an address active for a minimum of 6 months before it is deactivated, and it’s not uncommon to see another 6 months or more lapse before the address is reassigned to a new user. If the address belongs to a corporate domain, though, the turnover time is often faster.

Spam trap addresses

Of all the problematic addresses, these have the potential to cause the most damage to your reputation and sending ability. Abandoned addresses (and sometimes entire domains) are brought back to life to serve as spam traps, either for the domain owner or a third-party provider like Spamhaus. These trap admins monitor all mail sent to their traps and take action against senders who are seen to be mailing traps with regularity. (For more on spam traps, check out Deliverability 101: Spam Traps.)

Spam traps are most dangerous because they are inconspicuous. They don’t reject mail or throw any red flags to indicate the address has been repurposed as a trap. If you haven’t sent to an address in more than a year, the potential risk of it being a spam trap is greatly increased. While there’s no hard and fast rule, it’s often said that addresses typically remain dormant for 6 to 12 months before being reactivated as a trap.

As a marketer trying to squeeze all possible value from limited resources, sending to an old list can be quite appealing. That appeal, however, vanishes pretty quickly when that old list causes spam folder placement, an ISP block, or even a major blacklisting – preventing all of your recent, engaged recipients from getting the mail as well.

– BG

Industry Updates

Protected Sky blacklist a fraud?

Had trouble with your IPs being listed on the Protected Sky blacklist (bad.psky.me)? You’re not alone. Since the blacklist came onto the scene in 2015, many senders have bemoaned the lack of delisting process and high rate of false positives, as well as the inability to contact anyone working for the list provider.

Recently, Spamhaus issued a statement revealing that this list was fraudulently republishing IP listings from the Spamhaus blacklists by siphoning the data from a user of the Spamhaus data feeds. The affected user has since added security measures to prevent this data from being passed to Protected Sky.

Personally, I’m not sure I’ve ever seen mail rejected solely due to a Protected Sky listing, but after this announcement it’s a pretty safe bet that anyone left using the list likely won’t be doing so for long.

Thanks to Laura at Word to the Wise for the heads up on Spamhaus’ statement. 

– BG

Delivery Essentials

Transactional email and the unsubscribe link

3542845394_68b995ff48_bThere’s been a fairly long-standing debate in the email industry about transactional emails and the unsubscribe link. The main point of contention is whether or not a transactional email should include an unsubscribe link and if so, what types of messages should be stopped when it’s clicked. With the renewed discussion of the Canadian Anti-Spam Law (CASL)* ahead of its pending changes, this topic has made its way back into regular discussions with clients.

You may already know that CASL requires all transactional messaging to include an unsubscribe link, even though transactional messages don’t technically require consent. So in essence, the CASL-compliant unsubscribe link is designed to allow recipients to opt out of other commercial messages from the sender, but not transactional ones. But what if someone really doesn’t want to receive any more transactional messages? As senders, are we concerned with adhering to the letter of the law, or with improving our customer experience? The answer, of course, isn’t always cut and dry.

For starters, not everyone means the same thing when they reference a “transactional” email message. While a receipt for a purchase is considered transactional by most everyone, some other types of messages can present more of a gray area. Under CASL, a transactional message completes a transaction (duh!), delivers a product or service, presents warranty information, distributes legally required notices, or provides information pertaining to an ongoing contract, membership, or subscription. Sounds pretty similar to the US idea of transactional, with one major exception: under CASL, any promotional content in the email makes it a ‘commercial electronic message,’ or CEM, and therefore potentially subject to consent requirements. This differs from the “80/20 rule” that is considered best practice in the US (80% transactional content, 20% marketing).

Whether or not it makes sense to include an unsubscribe link in your transactional messaging depends on a number of factors. Let’s look at some of the most important ones for most senders.

Location, location, location

If you’re based in Canada, or your recipients are, you’ll have to include that unsubscribe link in your transactional messages to comply with the law. You’re only required to remove clickers from your commercial emails, but be sure to remove any promotional content from those transactional messages!

Transactional or transactional?**

One of the biggest factors to consider is just how essential the message may be. If someone purchases a software download and your email provides them the link to the software, or the license key, you’re not ever going to want to allow someone to unsubscribe from that. These are often referred to as triggered transactional messages, and they almost always facilitate or record a transaction involving the recipient.

For messages that are more relationship-based, such as a monthly update on benefits available to members, it may be a good idea to allow recipients the option to unsubscribe. Most recipients won’t unsubscribe, but those that do were only going to drag down your engagement metrics (and your deliverability as a result). If you start to see a swell of unsubscribes from these types of messages, it’s likely a good time to re-evaluate the value they are providing to your recipients.

Your audience

Do you have a receptive audience who opens and clicks on each email with almost religious fervor? Or do you have recipients who only open an email when they want to make a purchase? Analyze your audience engagement and segment based on those recipients who rarely if ever engage. It may be a good idea to provide these non-engaged recipients with the option to unsubscribe from non-critical relationship messaging.

In the end, it’s up to each organization to determine their ideal policy for allowing (or disallowing) unsubscribes in transactional messages. Aside from the mission-critical type triggered messages, the question really boils down to what’s most important: getting your message out, or giving your recipients the choice of what they want to receive?

– BG

*Of course, since we mentioned CASL, we also must mention that nothing in this post is legal advice. I’m not a lawyer, nor do I play one on TV. 

*Everyone who’s ever watched a cheesy mafia movie knows that when you say the same word twice, but with extra emphasis the second time, the distinction is being made between the literal and figurative uses of said word. Capisce?