So, let me guess, you’ve received some recent reports of your organization’s emails hitting recipients’ spam folders? This wasn’t on your to-do list for today, but now it’s becoming a priority. You were under the impression everything was set up correctly, and it is, right? Because you’re a rockstar! And you are, of course :).
That said, you’re feeling the pressure to come up with an explanation. It could be for your boss, a sales or customer support representative communicating with prospects, or maybe even someone outside of your organization that you were speaking with directly.
Deliverability can be a tricky subject. See, internet service providers aren’t always the most transparent about the criteria they use to sort who is in their good books and who is in their bad books. That’s for good reason, because if that information was all public it would also serve as a sort of guide from those with malicious intentions to hit unsuspecting recipients inboxes. It’s a good idea to explain this to your team and remind them whenever you can. Always set those expectations!
The good news is that there are some basic pieces of the puzzle to check on, test, and tweak. We’ll start by covering some potential ways of diagnosing the problem and then move into the basics of deliverability protocols, which should hopefully be a refresher. Once that’s done we’ll talk about testing your configuration.
One last thing, if you haven’t already picked up on it, this piece is very much written for someone in marketing or marketing operations. If you’re in sales, growth, or GTM engineering and looking for advice on infrastructure for outbound campaigns, that’s a little different. Hence, we’ll cover that in a future post.
Diagnosis
One piece of the puzzle that can help get you pointed in the right direction is looking at the domain that is being used to send the messages in question. Here are a few possible scenarios that may be helpful to keep in mind as context:
Is it your primary (corporate) domain or subdomain?
This will typically either be a case of something in the configuration that has recently broken, since it will have almost always been working properly at some point in time. Or, your domain reputation has gone bad. You can get a better sense of if it is the former or latter by skipping ahead to the section about deliverability protocols and then testing.
If you have been through testing and you suspect the issue is a domain that has gotten a bad reputation, you may need to look into acquiring a new domain and setting up new infrastructure to help mitigate the problem. That topic will be covered in a future post.
Is it a secondary domain?
Usually these domains are specifically acquired for the purposes of a marketing campaign or initiative. Of course, some forward thinking companies will purchase separate domains for the purposes of sending high volumes of email to an opted-in database. Most people reading this will probably be in the former camp.
Like for primary domains, this situation can typically go two ways. There is either a configuration issue, which you should be able to get some insight on based on whether you remember setting up the infrastructure to use it. Or, the domain reputation has gone bad from being overused or marked as “spam” too many times. As above, it’s probably worth skipping ahead to test a bit, and if it is a case of a burned domain moving to a new domain may be required.
Is it a default (unconfigured) domain?
For example, Campaign Monitor uses [companyname].createsend.com as its default domain. This is usually a case of a new email service provider has been acquired and set up with contacts, email design, and copy, but not configured to send properly. You might think this is uncommon, but it happens more often than you think.
The good news is, it is a straightforward fix and most email service providers will have helpful in-app infrastructure to aid you through the process. The bad news is that someone in your department needs to get a slap on the wrist for setting up a new tool without your involvement. Ouch!
Deliverability Protocols 101
Let’s do a quick and dirty refresher on SPF, DKIM, and DMARC. These are typically the most important components to be looking at in configuration when establishing the problem, and they can also come into play with most fixes. This is important stuff!
Sender Policy Framework (SPF)
What is SPF?
SPF is an email authentication method that allows domain owners to specify which mail servers are permitted to send emails on their behalf. It works by adding a DNS record that lists authorized IP addresses.
Why Does SPF Matter?
Imagine receiving a letter claiming to be from your bank but delivered by an unknown courier. You’d be suspicious, right? SPF helps email servers verify that incoming emails claiming to be from your domain are sent from authorized sources, reducing the chances of spoofing and phishing attacks.
SPF Checklist
- Identify Authorized Senders: List all IP addresses and servers that send emails on behalf of your domain.
- Create an SPF Record: Publish this list in your domain’s DNS settings as a TXT record. You may need to contact your R&D team for help with this as it usually requires cPanel (or equivalent) access.
DomainKeys Identified Mail (DKIM)
What is DKIM?
DKIM adds a digital signature to your emails, allowing the receiving server to verify that the email hasn’t been altered during transit and confirms the sender’s identity.
Why Does DKIM Matter?
Think of DKIM as a wax seal on a letter. If the seal is intact upon arrival, the recipient knows the content is authentic and untampered. DKIM builds trust with email providers, enhancing your sender reputation and improving deliverability.
DKIM Checklist
- Generate DKIM Keys: Create a public-private key pair. You can usually do this with admin credentials on many marketing automation providers. For example, with HubSpot.
- Publish the Public Key: Add the public key to your DNS records. You may need to contact your R&D team for help with this as it usually requires cPanel (or equivalent) access.
- Configure Your Email Server: Set up your email server to sign outgoing emails with the private key.
Domain-based Message Authentication, Reporting & Conformance (DMARC)
What is DMARC?
DMARC builds upon SPF and DKIM by providing a way for domain owners to specify how unauthenticated emails should be handled (e.g., quarantine or reject) and offers reporting capabilities.
Why Does DMARC Matter?
DMARC acts as a policy enforcer. Without it, even if SPF and DKIM fail, malicious emails might still reach recipients. DMARC ensures that only authenticated emails are delivered, protecting your brand from impersonation.
DMARC Checklist
- Create a DMARC Policy: Decide on your policy—none, quarantine, or reject—based on your readiness.
- Publish the DMARC Record: Add a TXT record to your DNS with the chosen policy and an email address for receiving reports.
- Monitor Reports: Regularly review DMARC reports to understand your email authentication status and adjust policies as needed.
Testing Deliverability and Reputation
Now that we’ve covered deliverability protocols let’s look at a couple of tools to test your configuration. This is a great way to identify any possible red flags that are directing your organization’s message to the spam folder.
EasyDMARC
EasyDMARC offers a free domain scanner tool that makes it fast and easy to check on SPF, DKIM, and DMARC in your DNS records. It uses each to deliver an overall risk assessment grade of low, medium, or high. For each record type it shows the values that have propagated, which helps to assess whether they line up as expected. The tool also makes recommendations on how to improve the risk assessment. It’s a little unforgiving with DMARC, but nonetheless these suggestions are worth looking into.
SenderScore
SenderScore assesses the reputation of your domain. Type in your domain, your email, the volume of emails you’re sending, and your country, and it spits out a score per IP address from 0 to 100. This is a representation of your reputation to ISPs and the recipients of the email. The higher the score, the better. The lower the reputation, the more likely it is you have some work to do to improve the reputation or start utilizing new domains.
Mail Tester
Mail Test requests that you send an email to a random address that they provide you with. You’ll get a score out of 10, plus an indicator of what that might mean. You can then check:
- SPF, DKIM, and DMARC results.
- Body message errors.
- If you’re blacklisted.
- If the message has any broken links.
This can be very useful if you have configuration and domain reputation ruled out, or suspect they are less likely to be the problem. Some messages are more likely to trigger spam filters, and while it may not be practical to check each one before a new campaign, this can help to retroactively weed out anything that is causing problems.
My domain is burned, what now?
While resolving configuration issues can be a bit of a pain in the behind, it is at least pretty straightward to sort out. Bad domain reputation is a whole other kettle of fish. Can you improve upon a bad reputation? Sure, but it can be a bit of a process and require some patience. There are a few ways to go about that:
- Ensure users can unsubscribe. Most marketing automation and email service providers will have dedicated tools for this.
- Confirm users are opted in. Please consult with an expert in relevant legislation like CASL or CAN-SPAM to get detailed guidance on what constitutes consent.
- Reduce bounce rates. You can use tools like Zerobounce to clean your lists.
- Send with consistency. Unusual spikes in sending volume is one of the fastest, surefire ways to arouse ISPs suspicion. Gradual increases are best practice.
All that being said, once the damage is done making reactive changes isn’t a guarantee you will get yourself out of the ISP doghouse. Hence, you will want to consider setting up new infrastructure with the above advice implemented for longer term success and stability. In other words, you should take this as a sign to move to a more proactive approach – ISP’s are more stringent with identifying spam than ever! Again, we’ll cover this in detail in a future post.