Enabler provide best practice advice for implementing DKIMs within your email marketing software, from a multi award-winning digital agency.

Posts

Whatever email provider you use, whether it be Gmail, Outlook or Yahoo, part if its job is to protect you from emails that are potentially harmful or at the very least not authentic. Typically, this means checking the authenticity of the sender, so when an email hits your email server, the client will ask itself three key questions:

  1. “Is this email from who it says it’s from?”

  2. “How do I check that?”

  3. “What do I do if it’s not?”

 

For a minute, I’d like you to imagine that you receive an email from a friend of yours which says: “Hey you, I know we haven’t seen each other in a while but why don’t we meet for a coffee and catch up soon. How about in the middle of the woods at midnight?”

Now, I don’t know about you, but if I got a message like that I’d want to check that my eccentric friend really did want to meet for coffee in the woods, and that their phone hadn’t been stolen.  The first three thoughts I’d have would be:

  1. Is this the sort of behaviour I’d expect  from this friend?

  2. How to I check it’s really them?

  3. How do I deal with this if it’s not them?

As email marketers, we are particularly interested in how the email client goes about checking if the email is authentic, as it can really impact whether we’re able to get into customer inboxes. As per our first three questions, you’ll see that they take a fairly similar route to us humans in deducing if the message is authentic.

 

So How Does An Email Provider Work Out An Email Is Legit?

Step 1:

First, the receiving mail server looks for specific items of information in your email and in the DNS records, (domain name system – basically the phone book of the web), of your domain to try to determine whether the email is legitimate, safe for its users to receive and whether the email is being sent from an authorised source.

 

Step 2:

It will then look for something called an SPF (Sender Policy Framework) record, which basically means the mail server is making sure that the email has come from a place (IP) that it’s allowed to come from. So for example, if you’re sending an email from coffeefriend@inthewoods.com from an IP such as 84.126.18.127 you would need to make sure that an SPF record was set up that allowed emails coming from that IP to send from that email address. This prevents those tricksters from using spoofed email addresses and fooling us all! If the email is sent from a sending host or IP that is not in the SPF record, the receiving mail server can determine that the email is not coming from an authorised IP, and that the email could be illegitimate in nature.

 

Step 3:

The next thing the server looks for is DKIM (Domain Keys Identified Mail) – a method of authentication that is based on adding an encrypted signature to your emails. Now this isn’t just the normal email signature that goes at the end your email, it’s a special signature found in the email header. Once you have DKIM in place in the DNS records of your domain, your emails will be much better positioned to reach the inbox and you will also be helping protect yourself and your users against spam and phishing attempts.

Here’s a quick summary of how that all works:

  1. DKIM records are put in place and verified – all emails will have a DKIM encrypted signature added to the email header upon sending

  2. This encrypted signature is generated based on the DKIM key that you have added to the DNS records of your domain, and includes a hash string based on elements of the specific email being sent. This means that each individual email you send will carry a unique DKIM signature

  3. The receiving mail server can then decrypt the DKIM signature using the public key that is hosted in your DNS records

  4. It will also simultaneously generate a new hash string based on the same elements of the email that were used when the email was sent

  5. If the decrypted signature matches the newly generated hash string then the email successfully passes DKIM authentication

 

Basically, what that all means is the server can do these two key things:

  1. Safely determine that the owner of the domain where the DKIM key is located was responsible for sending the email

  2. See that the contents of the email were not modified in transit between the sender and the recipient

So, essentially what your mail server has done is checked you are who you say you are (SPF), no-one has stolen your identity (DKIM) … determining that your friend really does want to meet you for midnight woodland coffee.

With all the steps being taken to ensure email is coming from where and who it says it is, it’s more important than ever as marketers to prioritise authentication actions. By putting email authentication in place you are mitigating the potential for email fraud targeting your brand whilst simultaneously helping your emails reach your customers.

Of course, there are other factors which will determine whether your emails are actually reaching your subscribers inboxes such as spammy subject lines, but from a technical perspective, making sure your emails are passing authentication is key.

If your email campaigns are not already authenticated, the time has come to make it happen!

Spam filter problems are something you’ll probably come across during your time as an email marketer.  At present just 79%* of permission-based emails actually reach customer inboxes, as ISPs (Internet Service Providers) and spam filters constantly try to find better ways to reduce the amount of irrelevant content in users’ inboxes. So with almost a quarter of emails being earmarked as spam, how do you ensure you reach the inbox? It’s therefore never been more important to understand how spam filters work, which is why we’re here to help build your knowledgebase so you that can confidently create and send emails that should avoid being flagged as spam.

 

First things first…

To begin to understand how to avoid the spam-filters, we firstly need to tackle the question ‘What is spam?’. There are hundreds of different definitions of spam out there, but the most comprehensive one is that spam is unsolicited, irrelevant email, sent in bulk to a list of people. For example, if you bought a list of data and started to send emails to the people on that list, although you think you are sending these people content you believe to be relevant or beneficial to them, you are in fact contacting people who have not opted in to receive your emails. Because you have not been given explicit permission to market to these people, your emails would be considered ‘spam’ by these individuals. (Note to self – only ever email opted-in customers).

 

Being marked as ‘Spam’ – what does it mean for your emails?

Spam might seem like just an annoyance in the inbox, but when individuals actively start marking your emails as ‘spam’ or ‘junk’, Email Service Providers (ESPs) will start to take notice. Having your emails flagged as spam will negatively impact your reputation as a sender, and if poor sending practices continue Email Service Providers will start filtering your emails directly into the spam folder to ensure you never reach people’s inboxes. So to maintain good email deliverability and avoid being flagged as spam, it’s worth understanding the laws and regulations that ESPs abide by. Different countries have different regulations regarding spam, for example the UK uses the 2003 Privacy and Electronic Communications Regulations, USA has the CAN-SPAM Act of 2003 and Canada has its own Anti-Spam Legislation (CASL), but every country / ESP has common regulations which all email marketers must abide by, including:

  • Always providing an unsubscribe link which work for at least 30 days post-send

  • Not using deceptive headers, from names and addresses or subject lines. 

(You can find a comprehensive list of laws by country at the end of this article).

Failure to comply with these regulations can result in costly penalties which differ per country. For example, violating the CAN-SPAM Act could see you fined $11,000 per offense… which translates to $11,000 for every email address you sent to. To ensure you don’t fall foul, it’s definitely worth having a read of the legislation before using any new data source.

 

Spam Filters – How do they work?  

It can be rather tricky when it comes to judging how spam filters determine how ‘spammy’ an email is. To put it simply, they’ll systematically weigh up each component of your email and assign each part a spam rating. For the purposes of this we’ll call the rating 1-10, 1 =‘not spammy’ and 10= ‘very spammy’. Once every email component has been rated the email will then be given a spam score which will decide whether an email can pass through the filter. If the score exceeds a threshold (let’s call it 5 for this example) then the email will get flagged as spam, will not pass go and heads straight to the spam folder or is completely blocked from being delivered.

 

 

Avoiding the filters

The tricky part is that each spam filter works differently, with some having stricter ‘pass’ thresholds determined by their server administrations. So while your email might receive a score of 4 for one spam filter, another one might mark it as an 8. The list of spammy criteria is forever evolving as email users continue to identify and mark new email content / senders as spam in their inbox. Spam filters often share this information with each other to help identify new emerging spam. Unfortunately for us marketers, this means there’s no easy or definitive checklist to ensure our emails don’t end up in the spam folder. We do, however, know that there are some key factors to keep an eye on when sending emails.

1. Coding in your campaign. Some spam filters will be triggered by sloppy code, tags which don’t need to be there or code that has been pulled in directly from MS Word. To avoid this being an issue in your campaigns, make sure you are using templates that have been reviewed by a developer, or have a developer build you one from scratch for you. Many ESP’s will provide tools such as HTML or drag and drop editors which will help you avoid these issues.

2. Campaign metadata. Spam filters want to see that you know the people you’re sending to. Personalising your emails is a great way to demonstrate this; it shows the spam filter that you hold information about the recipient other than their email address. You can also ask recipients to add you to their list of trusted mailers.

3. Your IP address. Some spam filters will block or mark an email as spam if it has come from an IP address that has been flagged as having sent spam in the past or been blacklisted, so you need to ensure the IP address you’re emailing from has a good sender reputation. Try to avoid IP pools with poor reputations, where you share sending IP addresses with other senders, as their poor sending behaviour can impact on your deliverability / sender reputation. This usually won’t cause problems if the ESP is taking correct precautions to make sure all emails have unsubscribe links etc, however if you see your deliverability rates drop, it might be worth contacting your ESP to make sure it’s definitely your emails that are causing the drop in deliverability. Sending reputation is incredibly important, so make sure yours is good by sticking to good sending practices.

 

 

Content is key

Why words are a big influencer in avoiding the spam filters

Although content and formatting can be a bit of a hazy subject because there’s no specific content that is always guaranteed to be flagged as spam in an email, I can recommend a few best-practices to make sure you’re doing everything you can to not trigger spam filters and get your email safely to the inbox.

1. Never stop testing.  It’s a great way to find out how different content in your email impacts your deliverability. If you don’t make it into the inbox, it could be something in your content i.e. a negative keyword, too many links or images, or overall tone that is trigger the spam filter. Test and retest the content.

2. Clear unsubscribe links are a must. Don’t try to hide your unsubscribe links within your email – it’s a sure-fire way to get marked as spam if people can’t find the link easily. Think about it from the perspective of the user, you receive an email and you think the content isn’t relevant to you. If you can’t find an unsubscribe link, what do you do? Some people might try and contact the company sending the emails, but most people won’t bother and will just mark the email as spam. Don’t let it happen to you!

3. Be consistent. If your customers are used to a particular type of content / branding from your emails, don’t make a sudden change without warning. Straying from the normal messaging of your brand could trigger people to mark it as spam if they don’t think it’s a genuine email from yourselves.

4. Avoid trigger words. Now although there is no definitive list of words and phrases to avoid, spam filters are already looking out for certain negative keywords which have been previously identified as spam and proven to trigger filters. Using any of these words/phrases in your subject line or email is almost certain to get you a higher spam score and trigger a filter. We can’t list them all, but some simple ones to avoid are:

  • the word Free

  • Exclamation marks (big no-no!), and other symbols such as $ £ %

  • ALL CAPS words

 

For a more comprehensive list of words to avoid, see HubSpot’s ‘Ultimate List of Email Spam Trigger Words’.  

So there you have it, some useful ways you can keep yourself out of spam. With any emails you send make sure you’re really thinking about your opt-in method, how you’re acquiring your data, setting customer’s expectations, where you put your unsubscribe link, and what keywords you use in your email content. By keeping on top of all these you should be able to maintain a good sender reputation and prevent your spam score from triggering any filters.