Avoid Looking Like a Spammer: Email Dos and Don’ts

Authentication is nothing but a process of demonstrating trustworthiness and securing an ISP’s confidenace in your email. Having proper authentication setup is really important stuff for a sender that will make your job easier in separating from spammers. 

There are mainly three things that come under email authentication: 

1. Sender Policy Framework (SPF): With this, a sender can specify a receiver where the mails should be coming from – IP or IP range or a hostname. Just like permission slips for IPs to send on behalf of your subdomain. This is a TXT type of record that lives in the DNS zone file of the sending domain. This should be as narrow as possible for highest security. 
2. DomainKeys Identified Mail (DKIM): A cryptographic signature used for verification purposes for a sender. It has permission to use the domain in the ‘’from” field and that the content hasn’t been tampered with. This is important for keeping email content secure. This has become a crucial part of deliverability – failing to use valid signatures can impact negatively at many ISPs, hence email should not be sent without it.
3. Domain-based Message Authentication, Reporting, and Conformance (DMARC): DMARC records let receiving mail servers know how to handle an email that fails or has misaligned SPF or DKIM. Senders can monitor possible spoofing of their domain from the DMARC report sent by the ISPs.

Transport Layer Security (TLS): This is an encryption method used to encrypt the message between source and destination computers. Some recipient servers require it and refuse mails that are not TLS encrypted, but that is not very common. For example,  Gmail still accepts mails that are not encrypted but shows a warning message.

DNS is not only needed for hosting, but it is also very important for technologies with email security – the above authentication techniques (SPF, DKIM, DMARC) totally rely on DNS. To become a legitimate sender DNS setup is crucial. Other than SPF, DKIM and DMARC, you need few other essentials DNS record such as:

• A Record – This map to an address or the subdomain that you would create.
• PTR Record – This is just the reverse of A record – this maps the IP address to a name. Some mail servers will not trust mail coming from your server unless they can do a reverse DNS lookup.
• MX Record – This tells other mail servers the name of the server on the Internet to send mail to for your domain. These DNS records always map to an A record and it’s best practice to configure multiple ones for redundancy. While MX records aren’t a hard requirement for emails, they are highly recommended.

In case you need any help with this technical setup, the Blueshift Deliverability Doctors are available to assist so that your sending domain isn’t inadvertently categorized as spam.

A sending domain is one of the important things to deliver your message to your subscribers. Without these you won’t be able to send any emails. What to think before setting up your sending domain?

• Classify Your Domain Based On Your Business Vertical:  It is best practice that your domain reflects your business vertical. If your business (primary domain) falls under healthcare but you’re sending emails related to computer software, that would be inconsistent and as a result, ISPs may flag your domain.
• Use a Subdomain: It is always advisable to separate your primary domain (website domain) from email sending domain. The best way to do it is – creating a subdomain of your primary domain. For example: If your primary domain is www.blueshift.com  then your email sending domain could be sales.blueshift.com or so on, depending upon your mailing streams.
• Use A Separate Sending Domain For Each of Your Mailing Streams: It is best practice to use a different sending domain for every mailing stream; like one subdomain for promotional stream vs. other subdomain for transactional stream. It is even better if you keep separate sending domains by your internal department or business verticals etc. This practice will keep you in a good sender bucket by ISPs.

It is your responsibility to let your subscribers know what they can expect from you. Try to include them into a journey where your subscribers will understand why you are connecting with them. Also, it is best practice to explain do’s and don’t with any suspicious email that pretends to be of your brand. This will also build a solid relationship with your subscribers and eventually improve your deliverability.

Never send any email to your suppressed users. It’s best to forget them once they are added into your suppression list by any means. A spammer doesn’t care who they send to, so don’t be like them.

Here are the few activities that are often done by spammers. They can create a look-alike email of your brand to confuse your subscribers. Strictly don’t do this to avoid yourself becoming like spammers.

• They Don’t Follow A Fixed Sending Pattern: But you should follow a pattern. Don’t surprise your subscribers often with your sends. A steady sending pattern is essential as ISP filtering systems aren’t going to show you leniency just because you want to increase revenue during the holiday season. If your sending pattern deviates by sudden spike in volume, your email will not get through easily.
• They Acquire Mailing Lists Without Any Consent: Spammers don’t acquire lists organically rather they buy them from somewhere. You should never do this. Always send an email only to your real subscribers who intend to receive your email. If the unknown user rate per send is high, the ISPs spam filter will put you in a suspicious sender bucket. Therefore, it’s important to make sure of the low rate of unknown users in any given send.
• They Don’t Carry Any Sending Reputation: Spammers are okay burning through new IPs and subdomains, which is why they don’t care about reputation. However, you should care about your brand reputation. Keep an eye on all of your sending metrics, including unexpected bounces, temporary failures, and anything that could indicate abnormalities in the mail stream.
• They Send Attachments and Shorten URLs Often: Sending attachments are the easiest way for spammers to deliver malware payloads to users. Avoid doing this as much as possible unless it is required.  In some cases senders need to send attachments like booking confirmations or tickets etc. If you need to do this, make sure you do it with proper encryption. Similarly spammers love shortened URLs to hide their URL identity, so please never do that. Also, many ISPs, including Gmail, don’t like shortened URLs, so use your original URLs in the email.
• They Use Misleading Content: Your message should reflect the goal that you are trying to achieve. Be very specific about your content. Make sure that your subject line, preheader text, and body of the email – including the main CTA – align with your content. 

Pankaj Kumar is senior deliverability analyst at Blueshift.