5 best practices to improve your email delivery success rate

Current Job Listings

To reduce spam, viruses, malware and phishing ploys, ISPs try to verify the legitimacy of senders attempting to send email to their customers. But legitimate email senders can get caught in the crossfire, resulting in their emails not being delivered. Here are five things you can do to increase the delivery success rate of your organization's legitimate email.

I recently helped a client conduct a marketing campaign via email. This company sent an email message to more than 2,400 people and had a dismal response rate of 14 people. Looking back, we now see that at least part of the problem could be that the message was blocked from recipients' inboxes for various technical reasons.

In the modern world of email delivery, recipient ISPs place a great amount of emphasis on verifying the legitimacy of senders attempting to send email to their customers. As email volume increases, so does the abuse of email by illegitimate senders using bots and other techniques to send spam, viruses, malware, phishing ploys, and so on. As ISPs continue to clamp down on their war against these illegitimate senders, legitimate email senders can easily get caught in the crossfire, resulting in their emails not being delivered or being delivered to the spam folder.

STRAIGHT TO THE SPAM FOLDER: Astonishing email messages you'll never open

There are important best practices and principles that must be followed by legitimate senders to avoid the crossfire. These principles apply to anybody running an email server that delivers outgoing email messages, regardless of the volume or content of those messages. If your company does any sort of email marketing or customer communications, your email administrator needs to be cognizant of the settings listed below, which have been provided to us by Heath Morrison, vice president of technology for SMTP.com, a service provider focused on email delivery.

Each of the following gives recipient ISPs a means of evaluating the legitimacy of a mail server that is attempting to send them email:

DKIM settings 

DomainKeys Identified Mail (DKIM) is a modern Internet standard for authenticating the delivery chain for email messages. It operates by signing messages with a special cryptographic signature that can be verified but not counterfeited by a third-party source. The signature, which is included in the message by a relay server in the delivery chain, proves that the message passed through that server. This helps prevent spammers and scammers from creating fraudulent messages appearing to come from that source.

DKIM does not prevent spam from passing through a network, but it gives recipient servers confidence in the source of the message. Recipient servers can then more confidently use the reputation of the delivery network in order to judge whether a message is legitimate or not.

Configuring DKIM requires the functionality to be enabled in the outgoing mail server, and it requires a small TXT record to be added to the DNS configuration of the sending server's domain. The simplest way to check whether a mail server is sending DKIM-signed messages is to deliver a message from the server to a yahoo.com or gmail.com address. Once delivered, you can check the Full Headers of the message received to determine if the message passed the DKIM checks of that recipient ISP.

Here is a Wikipedia article for further reference.

Here's a tool that SMTP.com provides for checking a domain's DKIM records in DNS.

SPF records 

The Sender Policy Framework (SPF) is another Internet standard for authenticating email messages. Unlike DKIM, however, SPF allows recipient ISPs to authenticate the sender listed on the From header of an email message. It does this by giving domain owners a means of specifying which IP addresses on the Internet are allowed to send email on their behalf. Recipient ISPs check the IP of a sending server against this list of valid sending IPs to determine if the sender is legitimate or not.

To configure SPF, domain owners must create a special TXT record in their DNS configuration listing the valid IPs for relaying email. The great thing about SPF is that it is not necessary to make any changes to the outgoing mail server.

Reverse DNS 

A standard, forward DNS record is the association of a hostname with an IP address on the Internet. The corollary to this is reverse DNS, which uses an IP address to look up a hostname. Despite their similarities, these two records are independent. Forward DNS is configured by the owner of the domain. Reverse DNS, however, is configured by the ISP that controls the IP address.

In the world of email it is important for everything to match. When a mail server receives a connection from a particular IP address, it performs a reverse DNS lookup for that IP address. This yields a hostname. The server then performs a forward lookup on that hostname and checks whether the resulting IP address matches the original IP address used. This is called forward-confirmed reverse DNS (FCdDNS). If these records do not match it can impact the delivery success for messages from that IP address.

Here's a Wikipedia article for further reference.

Here's a tool that SMTP.com provides for checking FCdDNS for an IP.

MX records 

In the world of email, MX records are DNS records that designate the servers handling incoming email for a particular domain. This is part of the basic framework of the Internet that allows senders to successfully route email to recipients. Surprisingly, in the modern world of email, the MX record of a domain plays an important role not just in incoming email but also in outgoing email.

Recipient ISPs place a huge emphasis on the legitimacy of the sender and server attempting to deliver email to their users. To that end, when looking at the From address of a message, some recipient ISPs evaluate whether reply messages for that From domain can successfully be delivered. If an email address contains an invalid domain, or if the domain does not have the basic facilities for receiving a reply message, recipient mail servers may choose to reject or delay messages to their users.

It is important to always use a valid email address on the envelope of email messages, and to ensure that MX records for the domain are configured in a way that allows that address to successfully receive replies.

Here is a Wikipedia article for further reference.

IP blacklists 

An IP blacklist is a third-party service that tracks IP addresses that people may not want to receive email from. Servers receiving email can subscribe to the blacklist service to help them determine IPs that they should reject email from. Blacklists may include IP addresses that have previously sent spam or viruses, or even IPs that simply represent computers on the Internet that don't have normal reasons to be emitting email.

There are a few common ways for a normal, well-managed mail server to find itself on a blacklist: infected computers with access to send email through the server, bad behavior by users of the server, or pre-existing conditions.

It is important to always check the status of a fresh IP against all major blacklists, to ensure that previous tenants on the IP had not behaved in a way to land it on a blacklist. It is also important to periodically check the blacklist status of an IP, particularly after any incident where spam email may have been sent from the network.

Here is a Wikipedia article for further reference.

For more information about the practices listed above, contact SMTP.com. One of their resources that might be useful to you is the "The CAN-SPAM Act: A Compliance Guide for Business" white paper. Even legitimate email can be considered spam if you don't follow the law.

Linda Musthaler is a principal analyst with Essential Solutions Corporation. You can write to her at LMusthaler@essential-iws.com.

Essential Solutions researches the practical value of information technology, and how it can make individual workers and entire organizations more productive. Essential Solutions offers consulting services to computer industry and corporate clients to help define and fulfill the potential of IT.

Learn more about this topic

Phishing attacks down dramatically in 2010, says IBM

Cisco: Facebook security more important as email spam levels drop

Spam nation: US tops list of spam-relaying countries

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Now read: Getting grounded in IoT