How to improve your e-mail deliverability

How many times have you faced email clients delivering your e-mails in the spam box? To deal with such problems, there are many ways to certify your domains and IPs and improve your deliverability.

You have probably heard many acronyms, so let’s shed some light on this matter. First of all, we must talk about the message itself. Every email is composed by an HTML code that defines its appearance, its images and so on.

After the email is sent, it is possible to read more information in a part of the message source code called “message header“: this code sequence is the first one to be controlled by providers, that here can find data about the sender and its IP. If the email client recognizes a “good” IP and domain, certified according to RFC regulations, it will deliver the email; otherwise it could end up in the spam box, or even not be delivered at all.

Let’s have a look at what it does mean to have a good IP reputation, which criteria email clients choose to verify your emails and all the certifications you need to pass these controls.

What does it mean that IPs and domains have a reputation?

Every IP address has its own reputation. You can consider IPs as a physical thing. When you purchase a server, in this case to send emails, some IP addresses are assigned to you. IPs are continuously bought and sold again, but when they are sold they are not “cleaned”. When they pass on to a new owner, IPs maintain their own history. When you buy an IP address, you cannot know what they have been used for previously. The more IPs are stable and they are used for good communication (which means, communication sent to users that gave the consent), the more their reputation improves. A good reputation increases the chance to be delivered in inbox.

Spammers usually send their emails from non-certified and temporary infrastructures; that’s why many websites keep IPs controlled. Companies like CiscoSenderScore (Return Path), SenderBase and Barracuda analyze IPs and provide these data to the main email services providers, but they can also be consulted online. To keep the monitoring activity effective, it is necessary that the IP is used by a single user (click here to learn more about dedicated and shared IPs).

Here a couple of websites where you can check an IP address reputation:

Which certifications can I set on my domains and IPs?

Email clients always verify if your IPs posses any certification. These are aimed at confirming that who is using a certain sending IP is authorized to do so. We can compare this certification model to watermarks on banknotes: they cannot be counterfeited and are same as a guarantee for authenticity.

Here below you can find a list of all the certifications that can be made to pass the email clients controls without problems:

  • Sender Policy Framework (SPF):every domain is linked to different IP addresses that can send communication on its behalf. By setting this certification, in case of controls by the email client, the domain assures that those IP addresses are authorized to send communications on its behalf.
  • DomainKeys Identified Mail (DKIM): you can implement this tool on your mail server to increase the chance to be delivered. This service provides an encryption key that is divided in two different parts, a public one (added to your DNS) and a private one. Every time you will send a communication, thanks to the private key the DKIM will add a code to the message, containing information about the email (sender, subject, text…). When the recipient’s mail server will receive this message, it will decrypt this code part with the public part. Once decoded, the “original” message will be compared to the one received, to check if it as been counterfeited. If they coincide, the message will be delivered, otherwise deleted.
  • Domain-based Message Authentication (DMARC): this certification is some kind of behavioral policy to be followed by the email client while it receives your messages. With DMARC, you can set which controls the client will do when it will receive your message; for instance, you can decide that, in order to deliver your message, it must pass the SPF or DKIM control. Moreover, in case your message does not follow DMARC guidelines, you can tell the client to block the email or to quarantine it. You can also set the rate of emails that you want to be controlled in the same way, for example only the 30% of them.

What happens if I don’t set the certifications? Which controls do email clients do?

Every time an email client receives one of your messages, it performs a series of controls to verify if you have any of the certifications listed above. Let’s have a look at what could happen in case you haven’t set them.

  • Greylisting: this kind of control is strictly linked to an analysis of the message source code. The system blocks all the emails that it doesn’t recognize and all those domains with which the recipient haven’t had any conversation in the last hours or days. Basically, greylisting checks how many times the sender’s server tries to transmit the message, because spammers, beyond not having a certified sender and stable IPs, try to send their messages repeatedly. In this case, emails are not even delivered in spam, but they will simply be rejected.
  • Reverse DNS resolution (rDNS):every time we send a communication, the email client translates the IP address in the domain name. In short, it controls if the IP really owns the sender’s domain. That’s because spammers usually hide their communications with fake or other companies’ domains. If the client recognizes a fake or suspicious IP, the message will be marked as spam. For example: I send a message and I introduce myself as Kloudymail. The client checks if the sending IP really belongs to Kloudymail. If the result is positive, then the message will be delivered.
  • DNSBL or Black-list: when an IP address is recognized as fake or it sends bad communication (which means it has been reported as spam by recipients), it can be place in one or more blacklists. Such lists are public or private databases that collect IPs and domains that have been reported by users. When a client receives an email, it controls if the sending IP is blacklisted. Blacklists have different parameters for IPs and domains delisting: some of them delist addresses after 24 hours; in other cases, IPs owner must contact them and provide justifications. Email providers work with different blacklists, so a message that is marked as spam by Gmail can be delivered in inbox with Hotmail. Moreover, a blacklisted IP does not automatically prevent the message to be delivered; some clients evaluate blacklists and can decide to deliver the message anyway.

How can you set up the SPF/DKIM records?

 One of the most common questions, asked to our technical department is the following one: “How can you set up the SPF/DKIM records?”

We do an introduction. There are endless providers to manage your own domains. Each platform has, for sure, different features and interfaces, for this reason we can’t describe to you the specific procedure, because the varied keys and the varied sections are different.

However, what we can do is to explain you where you can insert the parameters to set up the SPF/DKIM records (if you want to analyze the SPF and DKIM topics, click here).

record spf/dkim

Every administrator has a page with the list of all domains that you have bought or that you organize. In this section, you can organize DNS of each domain. When you will open the management of DNS of the domain that you want to modify, you will have the possibility to add a new record “TXT”.

  • Host: here you have to write the name of the host for the record TXT. For example, write @ if you want to connect the record directly to your name of the domain or write the name of the subdomain of your Host, as www. or ftp.

    TXT Value: write the value that you want to assign to your record. In this section you have to insert records SPF and DKIM.


Write in the section host “@” and in the section TXT write v=spf1 mx –all (This record is an example. The technical department of Kloudymail will assign you the record that you should insert.)


In the section host write “kloudymail._domainkey”, and in the section TXT write k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC9P1qcTB9RFtLtDZsqv4g/heXwVlZyC… (Also this record is an example. The technical department of Kloudymail will assign you the record that you should insert.)

The SPF/DKIM records are assigned to you during the activation’s phase of your Kloudymail licence: when the technical department gives you the records to set up, you can follow the guide that you find in your services’ host, so you will insert the parameters easier.

As an example, we give you here the link of GoDaddy, the service platform of domains’ management most used worldwide.

Guide to set up records SPF/DKIM with GoDaddy

What the phishing is and how to avoid it

After the last posts, where we wrote about deliverability (whether you miss those click here and here) today we talk about phishing.

With this word we mean as someone try to redirect users to a fraudulent website, with the purpose to steal personal information. Mail client notices this kind of links and blocks successfully this emails before they reach the inbox, , thanks to their antispam filter. This kind of messages are easily recognizable, because they ask to update the account information (for example user name or password). Typical expressions in this newsletter are “Update your account within 48 hours” or, “your account will be closed ..”

Many doesn’t know that sometimes you can do some “accidental phishing” in your newsletter, inserting some links to website in wrong way. When it happens mail clients block the email and report ip address to blacklists.

Let’s go deeply into the problem.


Sometimes, creating your newsletter, you can insert links in the wrong way. When you insert a URL in the e-mail platform, links are changed in a new script in order to make them trackable and visible in the statistic.

The platform must modify your URL and includes a sequence of extra parameters.

For example, when you insert the link:  and you use as visible sentence this:

Kloudymail converts your URL in: (for example)

The e-mail client analyzes your newsletter and reads two different links: the sentence you wrote and the converted one, but they are different! It will be classified as a way to redirect users to a fraudulent website and the client blocks your email.


It is very easy. It’s enough to use a different sentence to identify the website’s link. For example, you can use “read more”, “discover more” or “visit our website” and on this sentence insert the URL. For the example we show above you should write “Look at Kloudymail” or just “Kloudymail”.

If you would know more about phishing, read the related wikipedia webpage.

Spamtraps: what are and how recognize them

We continue our path to improve e-mail deliverability. In the older posts we talk about technic to improve deliverability, how to keep high ip reputation, what are and how set SPF and DKIM records and how not do phishing. Today we write about spamtrap.

Spamtrap are spoof e-mail addresses create expressly by blacklist providers. They are used for understanding if contacts lists are legally create or if you have bought them. It is illegal sending newsletter to contacts without express consent! If you send your communication to one of those e-mails, blacklists will tag you as a spammer and your ip will be blacklisted. So you should notice a decrease of your performances.


The most common types of spamtrap are:

1 inactive and reused e-mail contacts: e-mail providers often transform e-mail addresses that are no longer used into a spamtrap. Contacts are often past and copy in many list online, so, when you buy one, is very common that some of the contacts in those lists are spamtrap.

Kloudymail has an inner spamtrap list. If you import a lists with one of these e-mail addresses your list will be frozen and you can’t send any communication (unless you send us the permission of this address to receive your newsletter).

2 Spoof address: spammer use crawler, software that can automatically collect e-mail addresses published on different websites. As they have collected a good amount of addresses, they use the addresses to send illegal communication (spam) or the lists are sold to other companies.

Blacklists provider oppose bot’s work inserting some spoof address in websites’ HTML codes. This addresses are hidden for users but not for a crawler. When a spammer send his communication to one of those e-mails, blacklist tag the sender as a spammer. Consequences are a decrease of your deliverability or the stop for your ip and server.


Most of providers used for sending e-mail marketing campaigns, such as Kloudymail, not allow the import of this kind of lists because they are very unprofessional: the contacts are not so updated, or worse, illegally collected and sold as valid addresses.

Finding spamtrap here is very common, for the reason we speak above, so it’s important to check those databases before sending them newsletter.


When you import a list in Kloudymail and it is frozen is very probably that there are some spamtrap in it. It often happens even if you import your private database, that you create in all your years of business.

System addresses: if your list is frozen is possible that there are in it some of system addresses typically used as domain registration, hosting, etc. Those addresses are hardly used for newsletter submission. So these kinds of e-mail are present in illegally lists because lot of suppliers don’t clean them well enough and built their database with crawler.

Addresses that submit a form with single opt-in: when you insert a form on your website, you have two choices: you can choose the single or the double opt-in for the newsletter submission.

With the single opt-in, e-mail addresses will be inserted directly in a list as active contacts; using the double opt-in it is necessary that users confirm e-mail addresses before being activated. Double opt-in guarantees the validity of the e-mail address and a clean list. Sometimes, for technical reason, you choose the single opt-in. This choice, however, let users to insert fake data (users very often like to stay anonymous).

P.s. Sometimes blacklists create bot that can insert data automatically in all that form that haven’t CAPTCHA or the ones that don’t have the double opt-in. In this way blacklist could insert in your database some spamtrap to verify if you send valid communication with the permission of your contacts.


 In order to be sure that you have clean lists that don’t contain spamtrap, we suggest you to follow those tips:

1 First of all, never buy database if you are not 100% sure of their source

2 Make all your submission form safe, asking the confirmation of all addresses. Maintain in your list only the certificate addresses (you can contact the ones you consider suspicious via private e-mail). If you think that the double opt-in is too much complicated you have to check all the contacts that submit your form.

3 We suggest you to clean your list after every campaigns, considering bounces.

4 A way to obtain valid e-mail addresses is simplify contact form: ask users only the data you really need for your communication. If the form is too much longer you could frighten or bother the users and they will insert fake data.

Bounce: what is it?

Bounce literally means “return”. In this case with bounce, we mean all those e-mails that we send in an e-mail marketing campaign that comes back to us.

If it is normal that some e-mails bounce back, it is also normal that it is important keeping clean the lists. This will help to reduce the bounce phenomena (if you want to know hoe and why you should clean your list click here).

The different kind of Bounce

The newsletter platform Kloudyamil has 4 different kinds of bounce:

  • Spam bounce. This bounce contains reporting of spam (which means reporting of Spam from the receiver) and spam trap (address that has not been created for communication goal but instead attracts spam);
  • Hard bounce. This bounce happens when the address can’t receive e-mail for permanents reason or because they are fake or because the domain doesn’t exist or also when the server of the receiver doesn’t accept e-mail.
  • Soft bounce. This bounce shows the impossibility of sending the e-mail for a temporary reason.
  • Unknown bounce. There was a not specified problem during the e-mail sending. This problem could disappear in the next send.

bounce: what is it?

Kloudymail allows, moreover, to discover in detail which e-mail address created a bounce and which kind of bounce it created.


The percentage of bounce is detected from Kloudymail and it is shown in the overview of statistics.


How should you deal with bounce?

Kloudymail automatically deactivates the Spam and the Hard Bounce.

The Soft Bounce are deactivated just when they are detected a second time from the same contact and just if between the first and the second time have been at least seven days. The unknown bounces are registered but there aren’t any automatic action from the software: this kind of bounce can be a temporary problem and it will probably solve in the next send.

Kloudymail software allows you also to export the sending address that has generated a bounce so that you could personally verify if the mistakes are due to a wrong compilation of the database.

Dedicated Cloud: when should you choose it?

Kloudymail’s standard license has the activation of e-mail marketing service on shared Cloud. To this Cloud Kloudymail assaying a set of sending IP shared with other users inside the cloud. The standard license has the possibility of sending the newsletter with no limits.

Shared IP

The sending done from a client who has its own license on a shared cloud will be managed through a set of IP shared between different clients present on the cloud.

The reputation connected with IP address will not be determinate from the sending from just one client but it will be decided from all communication sent from all the clients of the cloud. One client’s reputation will influence also the reputation of those who share IP.

Dedicated IP

In this case, the sending done from a client who has its own license on a dedicated cloud will be done through a set of IP assigned just to this client.

The reputation connected with the IP address will be detected just from the sending done from the client owner of the dedicated cloud.

Which solution should you choose?

It depends on the needs of each customer and on the number of e-mails sent.

A quantity of items limited the solution on Cloud Shared constitutes a good choice for what concerns the quality/price ratio.

However, the choice of shared IP can sometimes be limiting. Since the reputation is not determined just by its activity but also from that of other customers, whose campaigns may sometimes lead to a lower IP reputation and used in temporary blacklisting with consequences on deliverability. Problems that are promptly taken over by our technical staff but inevitably can cause temporary performance issues.

In this context, the Dedicated Cloud is the only solution that protects the customer from these scenarios because the IP addresses are in exclusive use. Therefore, the reputation will be determined just by the action of the latter.

Cloud Dedicated is also the only solution that allows you to more effectively deliverability, identifying a more specific follow up on findings on which to intervene. Besides, that allows the activation of some ancillary services such as DKIM and SPF certification systems and allows integration with other certification systems provided by third parties such as Return Path and allowing a significant improvement in deliverability.

So what’s the difference between a standard license and Cloud Dedicated?

The solution to Cloud Dedicated PRO is recommended for those who make submissions to a number of recipients greater than 500,000: in this way you get better deliverability and better reputation management of the assigned IP. Solely on this type of license is in fact activated the “Dedicated HD” with SPF and DKIM validation system which consists of the generation of encryption keys that allow you to insert in the e-mail sent a unique signature (if you want to know more of DKIM and SPF click here).

This signature allows the server that receives to verify the link between the newsletter and the domain connected to the sending server. All this results in a lowering of the probability that the e-mails are classified as spam, the fact of increasing the possibility that reaches their destination.

In addition, the set of reserved IP transmission allows better control of reputation, which affects also on deliverability, as it depends solely on its e-mail marketing activities.

My domain has end up in a Blacklist. Why?

If your domain has ended up in a Blacklist probably is for these reasons:

  • you received one or more reports of abuse in your previous send: one or more users signed you to the provider as a spammer;
  • you did one or more sending to one or more spam trap (e-mail addresses hidden in the HTML of web pages in order to find the spammer. Often the spam trap are in lists illegally bought);
  • A user has manually signed you at his/her post client that your communications are Spam for him/her.

It is clear that these situations can directly influence the reputation of your domain until it has been pushed in a blacklist.

Spamming is illegal in an important number of Countries in the world: in order to send communications you need to have the authorization from your clients to use their contacts for marketing goals (you can read here Kloudymail antispam policy)

The only way to avoid to be sent in a blacklist is to work in the full respect of the law. You should send just high-quality e-mails and you should send them just to the people that are interested. So, buy online lists is illegal and it guarantees you to finish in a Blacklist.

Can I ask you to delatet my domain from the blacklist?

Generally, yes you can. However, each Blacklist (there are a lot of them) work according to a different policy. In this way, each Blacklist works in a different way so the modality that you should use to delete a domain from a Blacklist change every time (if you need support you can always write to our staff).

Setting validation systems DKIM and SPF / SenderID

In order to lower the chances of being classified as spam, you can request activation of the validation system DKIM and SPF / SenderID.

  • The certification SPF / SenderID is useful to change the DNS records that authorize the IP addresses to the sending of e-mail for the domain to which have been published. Anyone using Kloudymail service can use the certification method SPF / SenderID independently adding TXT records listed in the table.
  • The DKIM certification consists in the generation of encryption keys that allow you to enter the e-mail sending a unique signature. This signature allows the server that receives to verify the link between the newsletter and the domain connected to the sending server. It is a paid service, for which an interface with the staff is expected. For information please contact the sales staff by completing the form on this page.
  • Once created records SPF / SenderID and DKIM, you can configure the DMARC certification by adding rules to your domain’s DNS records in the form of TXT records (just as you did earlier for the SPF / SenderID certification). In the table, there are a few common tags used in TXT DMARC records. Recall that the DMARC can be enabled only after you activate both the certification SPF / Sender ID is the DKIM certification.

Enabling the above certificates can reduce the chances that the emails being classified as spam, effectively increasing the possibility that reach their destination.