Many marketing professionals say email is the biggest driver of customer retention and acquisition, and 36% of organizations say that email is their most important channel of communication. However, 78% of companies also have email deliverability issues.
For email marketing campaigns, email deliverability troubles translate to lost revenue. 21% of opt in emails never land in an inbox. To get a sense of how that affects the bottom line, it’s estimated that deliverability issues cost European email marketers 53.2 million euros per day, for a total 19.4 billion euros per year. Capture all the email addresses you want, but if your emails aren’t even being delivered, it’s effort wasted.
To get even more personal, check your average order value to understand how much it costs each time one of your legitimate emails is mistakenly sent to the spam folder or blocked.
What Is Email Deliverability?
Good email deliverability simply means that your emails successfully arrive in your recipients inboxes, rather than being sent to the spam, bulk mail folder or getting blocked by an ISP.
When evaluating email campaigns, many email marketers use the email delivered rate as a metric for measuring email deliverability. But having an email delivered just means that the email didn’t bounce.
A delivered email could end up in the recipient’s inbox, the spam folder, or get blocked, so looking at the delivered rate doesn’t tell the entire story.
A better way to measure your email deliverability is to evaluate a combination of email marketing metrics that will help you determine where your emails are ending up, and why they’re ending up there. The following are a good combination of metrics to look at:
- Delivered Rate (this helps evaluate the quality of your email list)
- Rejected Rate (this indicates how many of your emails are being rejected because of reputation issues)
- Open Rate (you can use your open rate in tandem with the other two metrics to identify where your emails are going, since emails that don’t land in the inbox have a much lower chance of getting opened)
- Inbox Placement Rate (not all ESP’s showcase this metric, however it’s used to determine the percentage of your sent emails that actually hit recipients’ inboxes)
If your ESP tracks inbox placement rate, it’s pretty much a slam dunk for monitoring email deliverability. If your ESP doesn’t offer inbox placement rate tracking, keep an eye out for unexpectedly low open rates coupled with high rejected rates.
In the rest of this post we’ll dig into the various aspects of deliverability, and what every email marketer can do to make sure their campaigns actually land in the inbox.
Email Deliverability Best Practices
While customer interaction is key to ensuring that your subscribers can tell that your emails are legitimate, email deliverability best practices focus mainly on making sure that computers can tell that your emails are legitimate.
Here’s how to make sure your emails don’t get stopped by spam filters:
Use These Email Authentication Standards
Proper email authentication identifies the origin of your emails for spam filters, and indicates that your emails are from a legitimate source. This differentiates your emails from spam and malicious emails like phishing campaigns.
The best practice email authentication setup includes: authenticating records for each of your sending domains, so that your emails appear trustworthy to receiving email servers.
While it may seem excessive to setup multiple authentication standards for your emails, there are two main reasons to do this:
- Some ISPs do not support all authentication standards. If your emails are not authenticated using a standard that a receiving ISP supports, they will be rejected, or flagged as spam.
- Using more than one authentication standards better protects your emails from being used in email attacks.
SPF (Sender Policy Framework) authenticates emails by using the sender’s IP address to make sure the sender is who they say they are.
I’ll explain the above in more detail:
- The receiving domain compares the sender’s IP address to a list of authorized IP addresses provided by the sending domain
- If the sending domain’s IP address is on the list of authorized IP addresses, the receiving domain passes the email through to the recipient’s inbox
- SPF is setup in your domain’s administrative console, and checks authentication based on the domain used in the SMTP MAIL FROM header field. This is also called the Envelope-From or Return-Path address
- An incorrect SMTP MAIL FROM address is the main cause of SPF authentication failure
There is also a From Address which is visible to the email recipient. This address is only involved in SPF authentication if it matches the SMTP MAIL FROM address.
A simple SPF record should look like this:
SPF authentication also limits the number of DNS lookups an email server is allowed to make to 10. This limit is imposed in order to protect domains from denial of service attacks. In order to avoid SPF authentication failure because of too many DNS lookups, it’s best to minimize the number of “include” commands in the SPF record for your domain.
To know if your domain’s SPF records are valid, run an SPF check.
DKIM (DomainKeys Identified Mail) uses an encryption key to authenticate emails. DKIM ensures that emails have not been modified in transit from the sender to the recipient.
When a DKIM encrypted message is sent, the sender includes a subdomain where the public key to decode the message authentication signature is located. Since only the true domain owner (or someone they authorize) can publish the subdomain DNS, this associates the email with the domain owner. If the matching decryption key cannot be located using the subdomain DNS, DKIM authentication fails.
If DKIM authentication fails, that doesn’t necessarily mean the email is automatically rejected or sent to the spam folder, though. Emails that are verified through DKIM have their spam score reduced, meaning that they are less likely to be sent to the spam folder.
Emails that fail DKIM authentication may simply have [SPAM] added to the subject line as a warning, but still be delivered to the recipient’s inbox. However, if a DKIM failure—combined with the sending domain—indicates a very strong possibility for the email to be spam, many email servers will reject the email. For example, Gmail doesn’t deliver email from eBay or PayPal which fail DKIM authentication because the likelihood that the email is spam is incredibly high.
The DKIM signature is part of the RFC2822 header field. This is how a correct DKIM signature looks:
If you’re not including a signature for DKIM authentication in your emails, your emails are more likely to be marked as spam, and some email servers will just reject the emails.
To know if your emails are being sent with DKIM authentication, run a DKIM signature check.
DMARC (Domain-based Message Authentication, Reporting and Conformance) is an additional layer of authentication built on SPF and DKIM that blocks fraudulent emails. DMARC adds additional authentication parameters such as reporting, policy definition, and identity alignment.
Major email providers, such as Gmail and Microsoft, require DMARC compliant authentication for all emails. So adding a DMARC record for your domain and properly configuring your SPF and DKIM authentication to be DMARC compliant will improve your email deliverability.
DMARC for a domain is configured using a DNS TXT record. A DNS TXT record is added to the “_dmarc” subdomain of the domain that needs DMARC configured. The DNS TXT record defines the policy for the domain.
This is a DMARC record for example.com:
v=DMARC1; p=quarantine; rua=mailto:email@example.com; ruf=mailto:firstname.lastname@example.org
The main benefit of DMARC authentication is that if spammers use your domain for sending spam, the additional DMARC authentication parameters protect the reputation of your domain and brand.
To know if your emails are DMARC compliant, run a DMARC records check.
Reverse DNS Lookup
Reverse DNS lookup is similar to SPF in that it uses IP addresses to authenticate emails. However, reverse DNS lookup works from the IP address to the domain name, rather than the other way around.
On the internet, the domain name system (DNS) attaches IP numbers to each domain name on the internet. For example, Rejoiner.com has an assigned IP number that computers use to identify Rejoiner.com on the internet. In short, people use domain names to find places on the internet, and computers use numbers to find the same places.
Reverse DNS lookup authenticates emails by checking the domain that an email says it’s from, then looking up the IP address that the email was sent from, and lastly making sure that the domain name associated with the IP address is the same as what’s included in the email.
So, if your email server gets an email from an IP address that claims to be from Rejoiner.com, reverse DNS lookup will check the IP address. If the email address routes back to Rejoiner.com, the email will be passed to your inbox. If the IP address goes to thebestspamguy.net, then your email server rejects the email.
The trouble occurs when domain servers don’t have DNS records setup. In this case, when the reverse DNS lookup authenticator looks up your IP address, the domain name comes back blank. To most email servers, this looks suspicious, and they will often reject your emails.
The results of a reverse DNS lookup should look like this, if your reverse DNS records are properly set up:
IP address 18.104.22.168 resolves to mail.domain.com.
Host name mail.domain.com resolves to IP addresses 22.214.171.124 and 126.96.36.199.
Thus, reverse DNS for IP address 188.8.131.52 is forward confirmed.
If you need to know if your reverse DNS records are setup, run a DNS records check.
HELO to IP
The HELO command is used in conjunction with other authentication methods, most often SPF. However, an invalid HELO syntax can cause your emails to get stopped by authentication services.
If you are getting messages from mail servers saying they have rejected your emails, it’s possible that your HELO command is not correct. These are the two most common HELO issues:
- Incorrect email client or account settings.
- The domain name in the HELO command is not a fully qualified domain name.
For the vast majority of users, the first problem is the culprit. To solve this, check the settings in your email program (eg. Outlook, Thunderbird, etc.), and make sure that it’s setup to use SMTP authentication.
If this doesn’t solve the problem, then it’s possible there is an invalid domain in the HELO command. Usually, your ISP or email provider will be able to take care of this issue if you contact them. But, the domain name in your HELO command should be a fully qualified domain name that looks something like this:
This issue with the domain name is most often only a problem if you use a mass email provider.
Domain Reputation vs IP Reputation Explained
The standard method of measuring email reputation is through tracking the email activity from IP addresses. Email providers like Gmail, Microsoft, and Yahoo! only want to deliver email that their users want. An emailer’s reputation is one metric email providers use to determine whether they send emails from that IP address to the inbox or the spam folder.
Your IP reputation is based on:
- Complaint ratio (a complaint ratio of less than 1 complaint per 1000 emails is ideal)
- User engagement (how often do your emails get opened and how many clicks do your emails get)
- Unsubscribe rates (this is used to evaluate how relevant your emails are and whether or not you’re sending emails to people who have opted in to email lists)
- Email quality (this is based on authentication standards, email formatting, and HTML optimization)
Usually, your sender reputation is attached to your domain’s IP address, or the number that computers use to identify your website on the internet. However, this can be problematic because the IP reputation is lost if a domain changes IP addresses.
Spammers can exploit this by switching IP addresses periodically, and companies with good IP reputations can lose their good standing if their IP address changes. To address these issues, domain reputation is becoming more common.
Domain reputation is measured the same way that IP reputation is measured, however, the reputation is not lost if the IP address changes. So companies can take their good reputation with them if they need to move to a new ISP, and spammers can’t wipe their bad reputation by simply changing their IP address.
However, using domain reputation means that these email best practices are more important than ever before:
- Always send transactional emails from a different domain and IP address than your marketing emails. This ensures that even if your marketing emails have a bad reputation, your order confirmation, order receipt, and other critical emails will still make it to the inbox.
- Keep the content of your transactional emails strictly transactional. If your transactional emails get spam complaints, they’ll start going to spam folders instead of inboxes.
Domain reputation is a bit of a double edged sword. On one side, if you’ve built good domain reputation, you can take that reputation with you to a new ISP. On the other side, if you make a mistake and damage your domain reputation, it’s much more difficult to repair, and cannot be reset with an IP address reassignment.
How to Check Your Domain and IP Reputation
There are several tools for checking your domain and IP reputation. Here are three ways to check your domain reputation right now:
Simply enter your domain name (i.e. rejoiner.com) in the search field, and you’ll get a quick domain and IP reputation score.
Keep in mind that even though domain reputation is becoming more popular, ISPs still evaluate IP reputation, and any IP address attached to your domain will have its own reputation score.
Sending Limits and Proper IP Warmup
Email providers also evaluate IP addresses based on their email volume, and most ISP have send limits for the number of emails they will handle per hour. If a particular IP address is sending too many emails per hour, it looks suspicious and that IP address could be flagged or blacklisted. Use email throttling to ensure that your email campaigns don’t exceed send limits.
Fortunately, you can purchase additional IP addresses if your email list is large enough that your email marketing requires high send volumes. When you start sending emails from a new IP address, it’s important that you don’t just start blasting emails from the new IP address. This looks like spammy behavior to most ISPs. New IP addresses should be warmed up before maxing out their send limits.
IP address warmup is simply a process of gradually increasing the daily number of emails sent from an IP address each day until you’ve maxed out that IP address, or you’re sending all the emails you need from that address. This usually takes about three weeks, and the goal is to gradually build a sending reputation for the IP address without raising any red flags.
This is a general IP warmup schedule that will work for most businesses.
Many spam filters and email providers also grade emails on the quality of their HTML code. This evaluation can be avoided by sending plain text emails. If you are using HTML in your emails, double check to make sure the HTML markup is well formed, and that there are no open or missing tags in your email HTML.
Checklist: 5 Steps to Improve Email Deliverability
Here’s how to get the best deliverability rates for your email campaigns:
- Setup SPF, DKIM, DMARC, and Reverse DNS Lookup records with your ISP.
- Warmup all your new IP addresses, and use email throttling to avoid exceeding send limits.
- Send quality emails with content that is relevant to your subscribers, and uses good HTML optimization.
- Monitor key email marketing metrics to determine whether or not your emails are hitting subscriber inboxes, and—if not—identify what deliverability issue you’re having.
- Periodically cull your email lists of unresponsive inboxes.
What to Do Now
- Subscribe here for future post alerts.
- If you’d like your email program to follow the email deliverability best practices outlined in this post, sign up with Rejoiner and we’ll take care of the entire process for your company.