Do You Send Emails Right? Email Delivery Concepts Explained

In this article, I give a little bit of theory about email delivery so that you can get a general idea about email concepts, good and bad sending habits, tools you can use to monitor your reputation and deliverability and determine possible causes of deliverability issues if they happen.

To make it easy to read and comprehend, I broke it down into three chapters:

#1. Email Base: 
- Legal Requirements 
- Authentication
- Sender Reputation
- Feedback Loops

#2. Email Structure:
- Segmentation
- Decline Policy
- Monitoring Tools
- Spamtraps
- Blacklists

#3. Email Education:
- Right Message
- Right Person
- Right Time
- Right Frequency

#1. Email Base.

Let’s start up with legal requirements.

CAN-SPAM is a US legislation that protects consumers for email marketing, transactional and other types of emails the consumer wants to receive. CAN-SPAM stands for “controlling the assault of non-solicited pornography and marketing”.

Some of the requirements to be complied with CAN-SPAM are:

- no false or misleading header information;
- no deceptive Subject lines;
- identify the message as an advertisement;
- provide the location of the business or physical address at the bottom of the message;
- inform the recipients how to opt-out from future messages by adding the unsubscribe link or link to the preference center;
- honor opt-out requests promptly;
- monitor messages sent on your behalf so all people sending emails on behalf of your brand are following the same requirements.

CAN-SPAM does not require that senders have permission to send mail, but sending mail without permission to recipients in jurisdictions with opt-in rules such as Europe or Canada may open up the sender to legal liability.

CASL, a Canadian anti-spam legislation, has these requirements where the sender must:

- have the recipients’ consent to send messages to them;
- clearly identify the sender of the message;
- provide the recipient with a way to contact the sender;
- provide a functioning unsubscribe process;
- track and store the type of opt-in, example of the signup page, date of opt-in, and connecting IP address.

Almost every country has email legislation to protect the recipients, and most of them require an operational unsubscribe link, processing of unsubscribe requests within a reasonable amount of time (typically 10 business days or less), and physical address of the organization sending the email.

And in many countries, senders must have permission to send marketing and commercial email:

Argentina — Explicit consent is required. Argentina has a public do not contact list — the DNPDP — that must be honored.

Australia — Explicit consent is a must. Australia has very strong laws regarding permission and data privacy. Australian ISPs are very responsive to consumer issues.

Belgium — Opt-in is required and the sender is responsible for refer-a-friend consent and managing those opt-outs, making this practice dangerous.

Finland — All marketing messages must be clearly marked as advertisements. Plus, a Finnish law requires that senders store the date of subscription and IP address the subscription was made from.

France — Consent is required for e-mailing. French ISPs historically accept fewer connections making email delivery times slower.

Germany — Strong laws requiring opt-in. If a recipient opts-out of a mailing, all data must be erased from the sender’s database.

Hong Kong — Expressed consent is required and it must be different from T&C acceptance. Consent must be clearly differentiated and easy to understand.

Italy — Prior consent required for marketing messages. End-user consent is required for cookie use and senders must disclose if any data will be shared with a 3rd party.

Netherlands — Pre-checked boxes are not allowed as a mode of consent.

Russia — There are no current electronic privacy laws. Russian ISP such as can be challenging. Having a local presence is very helpful.

Spain — Maintains a government “do not mail” list.

Japan — All emails must contain clear and visible information for the sender name and title and the correct address for an opt-out (must be at the top of the email). The sender’s address and phone number must also be displayed.

Canada — The Canadian Anti-Spam Legislation (CASL for short) took effect July 1, 2014. The full provisions roll out over three years. Explicit permission and private right of action are the most important measures.

Singapore — All messages must contain an unsubscribe link, phone number, and a postal address. This information must be in English. Unsubscribes must be handled within 10 days.

Our next point is authentication.

Authentication allows the mailbox provider to confirm that the sender is the one who he pretends to be.

There are four primary methods of authentication:

1. DKIM is DomainKeys Identified Mail. This is what the recipient uses to determine that the message has not been altered in transmission. So, the public key and private key have to match to ensure that nothing happened to the message in transit.

2. SPF is Sender Policy Framework which states which IPs are authorized to be sending on behalf of the “From” domain and allows the receiver’s host to verify that the email is being sent from the server it asserts it’s sent from.

3. Reverse DNS which implies determining what host and domain name belong to a given IP address. If a Reverse DNS Lookup returns a “no domain associated”, then the email will likely bounce to the sender, or will be deleted or filtered.

4. DMARC is Domain-Based Message Authentication, Reporting, and Conformance. DMARC ensures that the legitimate email is properly authenticating against established DKIM and SPF standards and that fraudulent activity appearing to come from domains under the organization’s control (active sending domains, non-sending domains, and defensively registered domains) is blocked.

DMARC allows you to use policies to protect your brand and email. The policy you select in your DMARC record will tell the participating recipient mail server what to do with mail that doesn’t pass SPF and DKIM, but claims to be from your domain that contains the DMARC record.

There are three policies you can set: p=none, p=quarantine, and p=reject.

“p=none” tells the receiver to perform no actions against unqualified mail, but still send email reports to the mailto: in the DMARC record for any infractions.

“p=quarantine” tells the receiver to quarantine the message that does not pass the authentication. Quarantine means “set aside for additional processing”.

“p=reject” tells the receiver to completely deny any unqualified mail for the domain. With this enabled, only mail that is verified as 100% being signed by your domain will even have a chance to get to the Inbox. Any mail that does not pass is blackholed, not bounced, so there’s no way to catch false positives.

The reports of any policy that you set up allow you to see what other IPs are using or abusing your brand.

Additional concepts from the Email Base chapter you should be aware of are sender reputation and feedback loops.

Sender reputation involves monitoring the reputation of your IP address and sending domain: who is using the domain on your behalf, shared IP or dedicated IP, and what impact that can have on your reputation.

All the ISPs do correlate your reputation back to engagement, sending domain, and sending IP.

The factors that determine your sender reputation (and consequently impact your email deliverability) are:

- How often your server sends email messages to invalid email addresses.

- How many recipients mark your emails as spam.

- How many email messages you sent from that IP address.

- Whether or not your server’s IP address is blacklisted anywhere.

- Whether or not your server’s IP address dedicated and static.

- Whether or not your server’s IP address have authentication records.

- Whether or not others used your server or IP before you.

Feedback loops are how ISPs report complaints back to the sender. It’s critical for any successful email campaign to remove all users who are complaining or are not interested in receiving your messages any further. By not removing them, you jeopardize your reputation.

You can find the links to FBL signup pages with different ISPs here.

Next, we’re going to cover email structure and talk about segmentation, decline policy, monitoring tools, spam traps, and blacklists.

One Last Thing…

Mind if you do me a sweet favor, and tap the ♥ if you learned something new? It’d mean so much to me.

Thanks again for spending part of your day here. Hope to see you come back. :)

To continue reading the article, click here