How many times have you faced email clients delivering your e-mails in the spam box? To deal with such problems, there are many ways to certify your domains and IPs and improve your deliverability.
You have probably heard many acronyms, so let’s shed some light on this matter. First of all, we must talk about the message itself. Every email is composed by an HTML code that defines its appearance, its images and so on.
After the email is sent, it is possible to read more information in a part of the message source code called “message header“: this code sequence is the first one to be controlled by providers, that here can find data about the sender and its IP. If the email client recognizes a “good” IP and domain, certified according to RFC regulations, it will deliver the email; otherwise it could end up in the spam box, or even not be delivered at all.
Let’s have a look at what it does mean to have a good IP reputation, which criteria email clients choose to verify your emails and all the certifications you need to pass these controls.
What does it mean that IPs and domains have a reputation?
Every IP address has its own reputation. You can consider IPs as a physical thing. When you purchase a server, in this case to send emails, some IP addresses are assigned to you. IPs are continuously bought and sold again, but when they are sold they are not “cleaned”. When they pass on to a new owner, IPs maintain their own history. When you buy an IP address, you cannot know what they have been used for previously. The more IPs are stable and they are used for good communication (which means, communication sent to users that gave the consent), the more their reputation improves. A good reputation increases the chance to be delivered in inbox.
Spammers usually send their emails from non-certified and temporary infrastructures; that’s why many websites keep IPs controlled. Companies like Cisco, SenderScore (Return Path), SenderBase and Barracuda analyze IPs and provide these data to the main email services providers, but they can also be consulted online. To keep the monitoring activity effective, it is necessary that the IP is used by a single user (click here to learn more about dedicated and shared IPs).
Here a couple of websites where you can check an IP address reputation:
Which certifications can I set on my domains and IPs?
Email clients always verify if your IPs posses any certification. These are aimed at confirming that who is using a certain sending IP is authorized to do so. We can compare this certification model to watermarks on banknotes: they cannot be counterfeited and are same as a guarantee for authenticity.
Here below you can find a list of all the certifications that can be made to pass the email clients controls without problems:
- Sender Policy Framework (SPF):every domain is linked to different IP addresses that can send communication on its behalf. By setting this certification, in case of controls by the email client, the domain assures that those IP addresses are authorized to send communications on its behalf.
- DomainKeys Identified Mail (DKIM): you can implement this tool on your mail server to increase the chance to be delivered. This service provides an encryption key that is divided in two different parts, a public one (added to your DNS) and a private one. Every time you will send a communication, thanks to the private key the DKIM will add a code to the message, containing information about the email (sender, subject, text…). When the recipient’s mail server will receive this message, it will decrypt this code part with the public part. Once decoded, the “original” message will be compared to the one received, to check if it as been counterfeited. If they coincide, the message will be delivered, otherwise deleted.
- Domain-based Message Authentication (DMARC): this certification is some kind of behavioral policy to be followed by the email client while it receives your messages. With DMARC, you can set which controls the client will do when it will receive your message; for instance, you can decide that, in order to deliver your message, it must pass the SPF or DKIM control. Moreover, in case your message does not follow DMARC guidelines, you can tell the client to block the email or to quarantine it. You can also set the rate of emails that you want to be controlled in the same way, for example only the 30% of them.
What happens if I don’t set the certifications? Which controls do email clients do?
Every time an email client receives one of your messages, it performs a series of controls to verify if you have any of the certifications listed above. Let’s have a look at what could happen in case you haven’t set them.
- Greylisting: this kind of control is strictly linked to an analysis of the message source code. The system blocks all the emails that it doesn’t recognize and all those domains with which the recipient haven’t had any conversation in the last hours or days. Basically, greylisting checks how many times the sender’s server tries to transmit the message, because spammers, beyond not having a certified sender and stable IPs, try to send their messages repeatedly. In this case, emails are not even delivered in spam, but they will simply be rejected.
- Reverse DNS resolution (rDNS):every time we send a communication, the email client translates the IP address in the domain name. In short, it controls if the IP really owns the sender’s domain. That’s because spammers usually hide their communications with fake or other companies’ domains. If the client recognizes a fake or suspicious IP, the message will be marked as spam. For example: I send a message and I introduce myself as Kloudymail. The client checks if the sending IP really belongs to Kloudymail. If the result is positive, then the message will be delivered.
- DNSBL or Black-list: when an IP address is recognized as fake or it sends bad communication (which means it has been reported as spam by recipients), it can be place in one or more blacklists. Such lists are public or private databases that collect IPs and domains that have been reported by users. When a client receives an email, it controls if the sending IP is blacklisted. Blacklists have different parameters for IPs and domains delisting: some of them delist addresses after 24 hours; in other cases, IPs owner must contact them and provide justifications. Email providers work with different blacklists, so a message that is marked as spam by Gmail can be delivered in inbox with Hotmail. Moreover, a blacklisted IP does not automatically prevent the message to be delivered; some clients evaluate blacklists and can decide to deliver the message anyway.