The Guide to Email Deliverability
Email Marketing Done Right
The very first condition of great marketing is to make sure your message actually reaches your audience. We know that many companies struggle to land their emails in their customers’ inboxes. If you're one of them, you will find this guide to be a lifesaver. We used our knowledge and experience to create a complete set of guidelines to help you achieve a better email deliverability and maintain a healthier sending reputation.
Basic Email Deliverability Guidelines
Separate the types of emails you send
If your company sends "Transactional Emails" and "Newsletters, Receipts, Reminders, etc." use a dedicated IP and domain name for each type. For regular corporate transactional emails, use the domain "your_company_name.com" and for all other emails use a different domain but similar with the main one such as "your_company_namenews.com". Each domain needs to mail out on separate dedicated IPs. When different types of mailings are mixed, Google and other ISPs will tend to combine/group your corporate emails under the "Promotional" and "Other" tabs.
Use reCAPTCHA from Google on your registration screen.
Google's reCAPTCHA is used to prevent automated bots from signing up or registering on your site, subscribing to your newsletters and so on. Sending e-mails to bot registrations or to people that exist but have been registered by a bot can hurt your emailing metrics. For example, if you email 100 bot registrations to an ISP and none of them are opened and/or clicked through, this tells the ISP that overall not too many people are interested in your emails, hence your emails are seen as junk/spam.
Can sign up real people. Emailing people who didn't confirm to receive emails will hurt your inbox rate
Use double opt-in confirmation for all of your emails.
This requires the user's confirmation that he has actively joined your email list. When a user registers on your site or subscribes to your newsletter, you need to send them an email. The subscriber needs to click a link in the email in order to confirm that he is the owner of the email address and does want to receive emails from you. Remember, we talked about how bots can sign up real people in step #2? Emailing people who didn't confirm to receive emails from you will very possibly get your email marked as spam, and that will hurt your inbox rate.
Use a real-time API that verifies emails on registrations and signups
Remember, we talked about how bots can sign up real people in step #2? Emailing people who didn't confirm to receive emails from you will very possibly get your email marked as spam, and that will hurt your inbox rate.
Here's an example of a place that provides "disposable" e-mail addresses:
Learn more about ZeroBounce Real-Time API here: Real-Time API Documentation Real-Time API Documentation
Authentication
Use SPF authentication
Also known as "Sender Policy Framework", this is an authentication protocol that states whether an IP is authorized or not to send emails for a domain.
Use DKIM Authentication
Also known as "DomainKeys Identified Mail", this is a protocol that allows other mail servers to verify whether the email you sent has been tampered with or not. Basically, it verifies whether the email received from a specific domain was indeed authorized by the owner of that domain.
Use DMARC authentication
Shortcut for "Domain-based Message Authentication, Reporting & Conformance", this is an authentication method that prevents phishing attacks and reduces spam. It enforces a policy that tells the ISP what to do when it receives emails, apparently from your company, that fail either SPF or DKIM.
Use a reputable DNS Provider
Mail delivery depends a lot on being able to retrieve records from DNS.
- DYN Managed DNS - Provides a lot of tools and options to secure your DNS Properly.
- Cloudflare - Provides DNS Management and a suite of optimization tools.
- DNS from large registrars should be fine, although we have seen slowness in some registrars applying DNS changes.
Mail delivery depends a lot on being able to retrieve records from DNS.
Use a reputable CDN for static content
Also known as "Content Delivery Network", it caches versions of your content around the world.
- To provide faster load times for images included in the emails you send.
- ISP Providers won't block them since they are known and reputable.
- You will also benefit from DDOS protection which keeps your website online even if it`s attacked.
- You will benefit by default from an advanced firewall that can help mitigate some of the classic attacks looking to exploit your website.
- Cloudflare - We are a registered partner of CloudFlare.
- Microsofts Azure CDN
- Amazon Cloudfront
DNS Example
A Record (1.2.3.4) > "Points To " > PTR Record > "Points to" > Hostname (example.com)
(Forward)
Hostname (example.com) > "Points To" > PTR Record > "Points to" > A Record (1.2.3.4)
(Reverse)
ISP Providers won't block content from CDNs since they are known and reputable.
Use PTR records (Reverse DNS Lookups) for your sending IPs
This is mandatory. Most ISPs require FCrDNS (Foward Confirmed Reverse DNS). It sounds complicated, but it's really not.
Warming up your IPs
Warming up IPs is important
Don’t send too many emails at once. If your sending platform supports it, use limits per hour or per day for each of the IPs per domain. If you send too many mails at the beginning, you can get bounces and/or deferrals.
- Yahoo: 200 emails/day/IP (for at least 5 days), then you can double every day.
- Gmail: 200 emails/day/IP (for at least 5 days), then you can double every day.
- Hotmail: 200 emails/day/IP (for at least 5 days), then you can double every day.
- AOL: 200 emails/day/IP (for at least 5 days), then you can double every day.
- Cloudmark (all domains): 50 emails/day/IP
- Time Warner: 100 emails/hour/IP
- Cox: 100 emails per connection per IP, up to 5 IPs
You should always visit the postmaster website of the domains you are trying to send to in bulk. A lot of times you'll find the sending limits published within their bulk sender guidelines.
- Start a new warm up for the existing IP.
- Send only to subscribers who have opened at least one of your emails in the past 30 days.
- Limit your starting volume to 3,000 subscribers.
- Keep sending to those subscribers only, for the first 3 days, before increasing the volume.
- Increase the volume by 1,500 subscribers with opens in the last 30 days. Your new total volume should be 4,500 subscribers.
- Keep sending to the new volume of 4,500 for two more days.
- Follow this strategy to increase the volume every two or three days by 50% of the actual volume.
- After 10 days, you can start increasing the volume by doubling it.
Feedback Loops (FBL)
Register to all FBLs
Also known as complaint feedback loop, it is a service offered by some ISPs that report back complaints (when a subscriber hits the spam or junk button in their inbox) to the sender. It's provided to aid senders in keeping a clean list and preventing the subscriber from getting unwanted mail.
Feedback loops are provided by some ISPs to aid senders in keeping a clean list and preventing the subscriber from getting unwanted mail
Gmail has a feedback loop that is only available for ESPs who are MAAWG members and are approved by Google as good senders.
Companies most often use the same blacklist providers… being listed on a single blacklist can affect your delivery to many different ISPs.
Delivery Monitors and IP/Domain Health monitors
Some of the largest ISPs provide tools to monitor your IPs, domain health and delivery.
Google Post Master
- Spam Rate
- IP Reputation
- Domain Reputation
- FeedbackLoop Identifiers
- Authentication (DKIM/SPF/DMARC) rates
- Encryption (e.g. if you send emails using TLS) rates
- Delivery Errors (for example, if you retry to fast)
- IP Reputation
- Complaint Rate per IP
- Traps per IP and the date
- Ehlo/Helo and mail from used when sending emails.
Email Blacklists
Make sure your domain/IPs are not on any blacklists before you send
Many companies use the same blacklist providers, so being listed on a single blacklist can affect your delivery to many different ISPs.
There are a few different types of blacklists
- Public - These blacklists are published so any ISP can use them. They are the easiest ones to monitor using automated tools.
- Private - These are paid blacklists - The only way to actively monitor these is to use inbox testing tools to check your delivery.
- Internal - These are maintained by the ISPs directly. They can be monitored with inbox testing tools, as well.
Some ISPs use multiple blacklists, so it's very important to monitor all aspects of your sending using the different tools available.
- multirbl.valli.org - The fastest and easiest to use
- ZeroBounce - Blacklist Checker - If you scan your domain name it will provide you a list of all associated IP's you should scan as well.
- Zerobounce - Blacklist Monitoring Service - Protect your domain, IP address, and mail server reputation with our powerful blacklist monitoring
- Barracuda Central
- Sophos Threat Center
- Mcafee Threat Intelligence
- Symantec IP Reputation
- Cloudmark IP Remediation Portal
- Proofpoint IP Reputation Lookup
- Trend Micro IP Lookup
- GoDaddy's Secure Server
- Hetzner Online
- Invaluement
- Manitu
- Linux Magic
- Weighted Private Blacklist
- SURBL Blacklist
- HRBL Blacklist
- FortiGuard
- Cyren IP Reputation
- (Cisco) Talos Reputation
- ICORP
- KISA RBL
- WIFI4INDIA Blacklist Lookup
- Clean MX
- Death 2 Spam
- SonicWall
- Postmaster.Free.FR
- CenturyLink - [C10] RBL restriction: Blacklisted by Internal Reputation Service - Send an email to "postmaster [at] embarqmail.com" with the subject line "Please investigate for spamlike qualities" and list your Ips
- Hotmail - Fill out this form
- United Online (Netzero/Juno/Bluelight) - Fill out this form
- Vade Secure - Fill out this form
Whitelisting Services
Whitelist your IPs after 90 days of sending
The reason you have to wait 90 days, is that some whitelisting services require to see your sending history.
- Increased inbox rates
- Increased Sending Volumes
- Less restrictive spam filtering
- Return-Path - This is one of the best whitelist programs.
- CSA (Certified Senders Alliance) - Based out of the EU.
- ISIPP - Helps with places that use SpamAssassin.
- Emailreg.org - Helps with places that use Barracuda Spam Filters.
Email List Quality / Sender Score
Try to avoid buying and renting an email list, even if it’s from a reputable provider. ESPs have ways of detecting if a list is bought or rented and they can/will reject it when you will try to import it into their mailing platforms. No email validation company can help you here and the reason has nothing to do with the validity of the email recipients.
Try to get an open rate of at least 20% and a click-through of at least 1%.
We also recommend removing all non-opener emails after 6 months. These emails are probably valid, but not in use.
A lot of domains use Sender Score as a determining factor to allow emails from your IPs. If your Sender Score is less than 90 you should take action to improve it.
Monitor Your Sender Score
Domains use Sender Score to determine wether or not to allow emails from certain IPs. If your Sender Score is < 90 you should take action to improve it. You can monitor you Sender Score: Here to find more about senderscore
Before you send, clean your list of bounces, traps, and complainers
By reducing these three components from your email lists, you will increase your list quality, your Sender Score, your domain and IP reputation. All these factors increase your delivery and inbox rates. We provide this service at an excellent price. Get your email list cleaned with us today.
Verify your email is set up and configured correctly for sending.
There's really only one way to do this accurately. You have to use ZeroBounce - Mail Tester. With a ZeroBounce Deliverability Tools Subscription you'll get a very detailed technical report of your email server configuration highlighting any problems.
Create abuse@ and postmaster@ email addresses at your sending domain
ISPs rely on these two addresses for feedback loops and complaints. Not having these two accounts set up is a red flag and they are also required by the RFC Standards.
Content
Use the recipient's name in the subject line and in the header of the html (e.g.: "Dear John"). Make sure you check for spam words and domains in the HTML. (for example, if you use a domain in any of the links in the html that is present in a DBL (Domain Blacklist), your email might bounce). Inbox Test every campaign you're going to send and make adjustments where needed.
A Few Industry Best Practices
Remove inactive emails
We recommend removing non-opening emails or non-clicking emails after 180 days. A lot of ISP algorithms are based on user engagement. The more non-openers and non-clickers, the worse the statistic gets and the worse your inbox rate becomes. After six months, you can also retry sending to these email addresses to see if the recipients open or click.
Make sure you don't use too many connections per IP when sending your emails.
Every ISP limits the number of connections per IP. Always view the Postmaster Guidelines of the different ISP regarding Rate Limiting.
- AOL - 150 Connections/IP
- ATT - 5 Connections/IP
- Comcast - 35 Connections/IP
- Charter - 150 Connections/IP
- Earthlink - 150 Connections/IP
- Gmail - 150 Connections/IP
- Hotmail - 150 Connections/IP
- Italia Online - 1 Connections/IP
- Lycos - 150 Connections/IP
- Mac.com - 150 Connections/IP
- Mail.com - 150 Connections/IP
- Orange - 3 Connections/IP
- RoadRunner - 150 Connections/IP
- Swisscom - 5 Connections/IP
- TDC - 10 Connections/IP
- Telefonica - 5 Connections/IP
- Telenor - 5 Connections/IP
- United - 5 Connections/IP
- USA.net - 150 Connections/IP
- Yahoo - 150 Connections/IP
- Verizon - 150 Connections/IP
For all small domains, we recommend using no more than 2 connections/IP.
Make sure you don't use too many connections per IP when sending your emails.
Every ISP limits the number of connections per IP. Always view the Postmaster Guidelines of the different ISP regarding Rate Limiting.
Make sure you retry temporary errors
One of the most common ways that ISPs use to reduce spam is called "Greylisting" or Temporary Errors, also known as SMTP 451. When these conditions occur, the ISP expects your mail server to re-attempt delivery of that email at a later time. When attempting to send the email again, you must use the same IP as rotating the IP will just get the email greylisted again.
- First Retry - 15 Minutes
- Second Retry - 45 Minutes
- Third Retry - 2 Hour
- Forth Retry - 6 Hours
- Fifth Retry - 12 Hours
This will also help if you have a configuration issue, so you won't have too many retries. If you have too many, this can affect your sender score in an adverse way.
Monitor your brand for compliance
For larger companies, it's worth looking into using tools like Lashback that specializes in brand protection and compliance.
Use a Reply-To header that is valid
We all receive emails from noreply@, but it's actually better to have a functional Reply-To that's monitored and customers enquiries are responded to. The more engagement between you and your customers, the better your deliverability.
Send 1 email per connection
You should only send emails to 1 person. You've seen those emails where you have a large number of "CC" or "TO" recipients. This is a huge spam flag. When sending out bulk emails, ensure each email is addressed to a single person and not multiple contacts at once.
Enable outgoing TLS connections
Mail servers are supposed to be opportunistic in nature and what that means is they all prefer to use the most secure protocol when accepting mail - TLS 1.2, TLS 1.1, TLS 1.0, NO TLS in that order. Some mail servers will refuse all non-TLS transmissions, so in order to achieve maximum deliverability, you should always enable TLS when sending email.
Ensure that your abuse/complaint rates remain low
Once you sign up to the FBLs (Feedback Loops), as discussed earlier in this document, you need to actively remove those subscribers from your mailing list when you receive the alerts, in order to keep your abuse/complaint rate low. When these metrics get too high, they will affect your deliverability.
Here are some guidelines to keep your abuse/complaint rates below per destination ISP
- Hotmail < 0.1%
- Yahoo < 0.2%
- AOL <= 0.3%
- Comcast <= 0.5%
Do not use private WHOIS for your domains
All registered domains are required to have accurate information by ICANN. Hiding behind private WHOIS can hurt your domain reputation and, in some cases, it is even illegal (CAN-SPAM Act).
Have a functional and complete privacy policy on your website
When asking for ISPs to whitelist your IPs/Domain, they do look for your privacy statement and verify it.
Use DNSSEC
DNSSEC is a technology that was created to protect the hijacking of DNS Lookups. This is not a requirement. However, it's a good security procedure.
Remain consistent in your sending behavior
Send your newsletters, promotional, marketing materials on the same day, every week/month. Being consistent proves you have a real business and keeps your IPs warm.
Do not segment emails per destination ISP
Separating your e-mails based on destination, unless under special circumstances, has a detrimental effect. Some domains will use SenderScore for reputation lookups, but those IPs will never get their sender score increased because they don't report back to Return-Path.
Do not send affiliate email marketing
Most ISPs blacklist the subject lines and content for this type of email. Remember, everyone is sending the same affiliate promotion. ISPs have AI that learn subject links and content, and your IPs will get blacklisted or are going to be limited to only being able to send to the spam folder. Normally, ISPs will accept and won’t complain if you add an advertisement to your normal newsletter.
Laws and Compliance
Honor all unsubscribe requests
Whether it's through an automatic unsubscribe link or manually requested, honor it. The sooner you honor it, the better. Never wait more than 10 days to do so, this is a requirement of the CAN-SPAM law.
When you're in compliance with the law, everything becomes much easier to whitelist
Comply with the law: CASL for CA, CAN-SPAM for US, DPEC for EU and other local anti-spam laws
When you're in compliance with the law, everything becomes much easier to whitelist and managing your reputation will be free of obstacles.
Here are the links to some of the major e-mail laws:
MX Records
Your domain has to have valid MX records
Although the RFC states that if the MX record is missing, one should use the A record as the mail server. We noticed that many ISPs don't follow the standard and they check the validity of your MX Record before allowing email from your domain. If you're looking for a good mail service provider (ISP) for your domain, we recommend using G-Suite from Google.
Conclusion
Inbox testing
We mentioned this before and we cannot stress enough how important it is. Different ISPs use different spam filters, and what might inbox at Yahoo, might land in the spam folder on Gmail. Without inbox testing you can ruin your reputation and not get your emails delivered to the inbox with certain ISPs.
The best tool for inboxing testing is ZeroBounce - Inbox Tester.
Contribute
This information was provided to you by several experts with many years of experience in email deliverability. If you would like to contribute, please contact us and let us know.
We also offer professional help in implementing all of the above, please contact us for details.
Contents
The best verification and cleaning starts with ZeroBounce
Validate 100 emails now for free!
