Over the years it has become evident that there’s a major disconnect between email senders (email marketers) and ISPs on how engagement is measured. There is not one single engagement metric. In fact, marketers are not privy to the metrics that receivers collect and receivers don’t have access to sender data. Where marketers are interested in opens and clicks, an ISP is more interested in complaints, deletes, and spam designations.
As email marketers it is important for us to understand the positive and negative signals an ISP sees as an engagement. For example, if a recipient moves your email from the spam/junk folder to their Inbox, that’s viewed as a positive signal. But if they delete the message without opening or reading it, that’s considered a negative signal.
ISPs want marketers to understand more than just recognizing positive and negative signals. View the abridged slide show below or download our eBook on 9 Things ISPs Really Want Email Senders to Know.
Much thanks to Franck Martin at LinkedIn and Josh Aberant at Twitter for providing technical guidance on this post.
Most countries require visitors to have a passport and valid visa at the point of entry – whether at the border or airport. These requirements, however, do not always prevent people from entering illegally. Malicious individuals may impersonate someone by stealing their passport and claiming their identity in order to gain access at checkpoints and deceive the border police. As a result, immigration officers now implement more advanced security and background checks to secure the borders.
Unfortunately, the Internet and the global email system have a lot in common with immigration and border security. While the main purpose of inventing the Internet in 1960s was open communication between universities, colleges and government agencies, cybercriminals have undermined that openness for the rest of us. Just like identity thieves, they subverted the system by using techniques like email spoofing and phishing, and as a result, the major Internet services providers (ISPs) have had to establish anti-abuse departments.
From botnets to malware, phishers to 419 scammers, malicious mail accounted for 85% of Internet traffic by 2012. In order to protect their members from these cybercriminals, major ISPs began to require stricter email security measures such as SPF and DKIM. Finally, DMARC was conceived in 2012.
DMARC or Domain-based Message Authentication, Reporting and Conformance is a security technique that fights cybercrime, including domain spoofing, phishing and spear phishing, that relies on SPF and DKIM authentication in order to guarantee message integrity. It’s a mutual reporting protocol whereby domain owners – email senders – can indicate to ISPs that their emails are protected by SPF and/or DKIM, and tell the receiver (the ISP) what to do if neither of those authentication methods passes. Through their DMARC policy, senders can request ISPs to reject non-compliant email outright, or to quarantine it for further review. In fact, there are three “report modes” for DMARC: report mode (p=none), reject (p=reject), and quarantine (p=quarantine) – more on this below.
DMARC is specifically designed to combat one of the most common types of phishing attacks, where the “from address” in an email is forged. We see this when cybercriminals create emails that appear to be from prominent Internet brands or financial services companies, and usually contain links to malicious websites. We also see this in spear phishing attacks where criminals impersonate close contacts of their intended victims. Email recipients who fall for these kinds of scams can inadvertently download and install malware, or hand over sensitive account login information or passwords, or become a victim of identity theft. Of course, the damage is most severe for the individual, but service providers and brands suffer as well.
DMARC is a powerful tool to combat this kind of activity, and the major ISPs have been steadily implementing it over the past two years. It should be pointed out that DMARC does two things, really, both a) protecting mailboxes from receiving phish and forgeries, and b) stopping criminals from using your domains. Because 85% of mailboxes in the USA are now protected by DMARC (60% worldwide), applying a DMARC policy on your domain is a very effective way to project your brand and make the email a more difficult channel for criminals to exploit.
Earlier this month, Yahoo took the bold step of changing their DMARC policy from report mode (p=none) to reject (p=reject). Yahoo’s SVP of Communications Products Jeff Bonforte explained the change in a Tumblr post:
“On Friday afternoon last week, Yahoo made a simple change to its DMARC policy from “report” to “reject”. In other words, we requested that all other mail services reject emails claiming to come from a Yahoo user, but not signed by Yahoo.
Yahoo is the first major email provider in the world to adopt this aggressive level of DMARC policy on behalf of our users.
And overnight, the bad guys who have used email spoofing to forge emails and launch phishing attempts pretending to come from a Yahoo Mail account were nearly stopped in their tracks.”
This policy now rejects and blocks traffic coming from yahoo.com email users who are on other networks, and not on Yahoo servers. The change will only affect traffic coming from Yahoo.com (not Yahoo hosted domains, it is up to each customer to decide whether or not to apply a DMARC policy on their hosted domain) based on the “From Address” that is not signed by Yahoo. This new policy has stopped millions of phishers already. This was a necessary move and no doubt there will be some education needed in the field to encourage small businesses to register and use their own domain if they haven’t already. But at the end of the day, these little challenges are a necessity, because email phishing has become one of the major channels for initiating cybercrime. After all, this was the reason DMARC was created, to give senders and receivers the power to define policies and protect the Internet from the criminals.
No doubt, Yahoo’s new policy is a disruption for small business owners and mailing list owners who send email on behalf of individuals. Yet DMARC has been embraced by many of the major Internet brands, and the effort to create a more secure messaging environment is likely to keep progressing. This is good for everyone who enjoys email and surfing the web. We encourage our ESP clients to only allow traffic from the domains they control to leave their network. We at Message Systems fully support Yahoo’s new DMARC policy and any effort to make the Internet a better and safer place. Our in-house expertise is available to assist any of our clients who use our core engine, Momentum, which provides for email authentication and is fully equipped to face any challenges in complying with Yahoo DMARC acceptance policies.
Find out more about DMARC email authentication in the The Benefits of Adopting DMARC Email Authentication in the joint webinar by Return Path, Groupon and Message Systems.
Email Marketing News Digest
In this edition of email marketing news, we’re looking at the issues of conversions and ROI when it comes to email and social. Email emerges as a clear winner,which brings us to the issue of data security. With the world’s biggest brands relying on DMARC email authentication, you’re soon going to be out of luck if you’re trying to get into the inbox without DMARC. Now guess what that’s going to do to your conversion rates… But never fear, we’ve featured a how-to guide to contacting ISPs!
Analytics guru, Avinash Kaushik, has thrown his hat into the rink with this one. As expected of a digital marketing evangelist for Google, he shares some stats to back up his bold statement that email far outperforms social when it comes to conversions, by nearly 40 times. Here’s the graphical proof.
But wait… it’s not game over with social, and that’s because social excels at entertainment and building relationships. It’s just not the platform you turn to when you research or want to make a purchase.
Gmail, Hotmail, Yahoo and AOL all have different rules when it comes to accepting or rejecting your mail, which is why your deliverability is not the same across the major inbox providers. Adaptive Delivery® can solve deliverability issues by automating and auto-tuning outbound email delivery parameters and traffic shaping in real-time, but if you’re not a customer, here’s a guide to the kind of information to provide when you contact your local ISP. Hint: Include the sending IP address in all correspondence!
Data Privacy Day may be over, but that doesn’t mean we can all forget about data security! While millennials most often engage in bad habits when it comes to data security, they are also the most informed on security risks. That calls to mind a statistic presented by the Online Trust Alliance where 89% of data breach incidents could be avoided with simple security best practices. Ironically, the IT and Finance departments tend to be the worst offenders, when they should have the most to worry about. The nonchalance of millennials when it comes to data security also coincides with the rise of people who work remotely and need to access work files there and then.
In the world of email, DMARC comes to mind when thinking about data security. The good news is that both senders and receivers are seeing a significant reduction of malicious emails in inboxes with DMARC adoption. The bad? Senders without DMARC will find themselves increasingly locked out of the inbox. Here is what our customers have to say about DMARC:
“DMARC protects more than 85% of the people who receive email from Facebook. That level of adoption has significantly diminished the financial incentive for criminals to spoof our domains, so they’ve moved on to other targets. People can trust their inboxes more as a result. We’re proud to have been one of the first companies to deploy the DMARC specification at scale, and we’re excited to see so many others achieving great results.” – Michael Adkins, Production Engineer at Facebook
“DMARC was eye-opening for our security team at Twitter. We found massive amounts of abuse from both our domains and look alike domains we’d claimed. Using DMARC to protect these domains and stop forgeries is a core component of how we protect our users.” – Josh Aberant, Postmaster at Twitter
“As awareness of DMARC prompts more senders to make the protection of consumers and brands a priority, Return Path has seen a 130% increase in both clients and domains publishing valid DMARC records over the last twelve months alone, and that growth is only accelerating,” – Matt Blumberg, CEO of Return Path.
Backing up Avinash Kaushik’s statement on email is a survey of marketers who felt that email provides the clearest ROI among a variety of channels. 36% of marketers indicated that email provided a clear ROI, while only 12% felt social had a clear ROI.
Millennials may well learn a thing or two about data security by reading the How DMARC Is Saving Email eBook. And hey, if you aren’t a millennial, read it anyway! Find out why the world’s biggest online brands are turning to DMARC for email authentication.
2013 has been an eventful year for the email marketing industry, filled with ups and downs, and many heated discussions. Yea, we know, because we’ve documented all the changes and upheaval, both good and bad through our weekly Message Exchange blog posts. We all have our personal favorites of course, but which topics and posts did you, dear reader, like? Well, we’ve got the list as indicated by none other than you, and we’re going to be counting down with the top 10 best email marketing blog posts !
DKIM email authentication makes the list at number 10! Our Director of Product Policy, Kate Nowrouzi, expounds upon the importance of not only implementing DKIM, but rotating your DKIM keys once every three months. Don’t leave your email security to chance… when was the last time you rotated your DKIM keys?
It’s hard not to come into contact with our email software if you’re a regular user of social media platforms and other online services – after all, our digital messaging software, Momentum powers 20% of the world’s legitimate email! We’re glad you enjoyed our infographic illustrating the different ways in which Momentum powers your online communication in your daily life.
Groupon provides us with a great example of how to stand out in the inbox with a unique email subject line. Talk about a successful email marketing strategy for an effective email marketing campaign… we’re honored to be chosen by Groupon to power their daily deals!
Email deliverability has, and always will be, an issue for email marketers. Here’s a quick guide to how some of the major Internet Service Providers, and email gatekeepers, determine whether your sending reputation is good enough for their customers’ inboxes.
And once again DKIM proves to be popular among our readers, or was it just the awesome Grandma graphics? Whatever the reason, the How to Explain DKIM To Your Grandmother infographic certainly went viral on social media!
And that’s it for the posts that our readers have ranked in positions 10 to 6! Watch this space next week for our top five best email marketing blog posts! In the meantime, how about enjoying a free read about DMARC on us with the Don’t Deprioritize DMARC webinar? Enjoy!
As any email industry veteran can tell you, deliverability is equal parts art and science. Yes, there are a number of technical processes or settings that need to be in place in order to achieve high inbox success rates, like getting authentication (DKIM, SPF, DMARC) in place, setting up feedback loops (FBL) with the ISPs that provide them, applying to get on whitelists and so on. There are also a number of operational processes or practices – here’s where the “art” comes in – that have a big impact on deliverability. These include managing traffic shaping rules and parameters based on ISP’s acceptance policies, FBL and bounce management.
Because deliverability is such a complex subject (and many people hold strong convictions on what constitutes best practices) we often encounter confusion or uncertainty when we talk to potential customers about our Adaptive Delivery (AD) capability. Really briefly, A.D. is a module within the Momentum platform that automatically optimizes message delivery settings to reduce bounces and blocks while ensuring fastest speeds and highest throughput. It does this by:
- Auto-tuning delivery and traffic shaping parameters in real-time to avoid blocks and safeguard reputation.
- Proactively slowing, suspending and restarting / ramping-up delivery to avoid problems and optimize sends.
- Warming up new IP address to build and maintain a strong sending reputation.
- Shaping outbound traffic according to rules issued by ISPs worldwide – and continually updating the system as rules change.
This last point regarding ISP rules and continual updates is something that sets A.D. and Momentum completely apart from other messaging solutions. The way email delivery over the Internet works, each ISP has wide latitude to set their own inbound handling rules, practices and rate limits. For instance, the number of concurrent connections they’ll allow, messages per hour/per domain, and so forth. Many ISPs will have rate limits that vary based on time of day. They’ll also impose different amplitude, frequency and volume limits when you’re sending mail from a new IP address, limits that are completely different from the ones for existing IP addresses.
Some ISPs publish their rules to help guide senders into optimal sending practices. Others don’t publish rule sets at all. Some change their rules frequently, others seldom do. Given there are more than 12,000 ISPs worldwide (about 7,000 in the U.S. alone) and millions of IP domains, it’s impossible for senders to a) keep track of rules worldwide, and b) continually tweak/update their sending infrastructure to reflect constant changes. So that’s where A.D. and the Message Systems Live Rules Update service comes in.
Meet the Message Systems Deliverability Team
A.D. was very much designed to help senders navigate a deliverability landscape that’s in a constant state of flux. A key element within A.D. is its Live Rules Update service. Whenever an ISP issues a rules change, that data is collected and passed along to the Message Systems user base. New system rules are continually refreshed, automatically downloaded and installed to optimize A.D. and the Momentum platform.
When A.D. debuted in 2011, the system included rules for all the world’s major ISPs that account for the vast majority of global email traffic. Yet many senders using the Momentum platform send a significant portion of their messages to receivers in markets such as South America, Australia or remoter parts of Eastern Europe where much traffic is handled by smaller ISPs. For that reason, the Message Systems deliverability team has worked methodically to bring virtually all the world’s major ISPs (and many minor ones as well) into the Live Rule Updates network. That effort has progressed to the point where we’ve reached approximately 90% ISP domain coverage in North America, South America, Europe, APAC and Australia. In the weeks ahead, we’re going to provide a running tally of the ISPs and new geographies we’ve brought online and continue to bring online. Keep an eye on the Message Systems Twitter feed for the latest updates. Or download our brochure on Adaptive Delivery!
In this whitepaper, email expert Len Shneyder introduces Message Systems Adaptive Delivery – The first solution of its kind specifically designed to automate the monitoring of bounces and complaints, and adjust connection rates and throughput accordingly.
By Kim Matz & Kate Nowrouzi
Message Systems’ Adaptive Delivery® solves the ongoing deliverability management issues faced by Email Service Providers (ESP) today.
It’s the only solution that monitors temporary failure codes, hard bounces and spam complaint rates, and automatically manages your traffic flow. Adaptive Delivery slows traffic when a receiving domain returns warning messages or bounce and complaint rates rise. When warning indicators lower, Adaptive Delivery slowly and automatically raises traffic rates. Over time, Adaptive Delivery builds the traffic volume the receiver is willing to accept. Momentum ensures issues with one domain do not impact the rest of the traffic by managing traffic to each receiving domain independently via the most sophisticated and comprehensive queue management and traffic shaping capabilities that are core to our solution.
Here’s an example of an alert generated by Adaptive Delivery:
The alert pertains to:
Trigger: 421 4.7.0 [TS01] Messages from 255.225.255.255 temporarily deferred – 255.225.255.255;
Action: adjusting throttle down
The system provides SMTP notifications to staff members when conditions are met that warrant human involvement. Not every bounce or deferral requires immediate attention – understanding the difference between normal delays and critical blocks is key to off-loading manual monitoring duties from already overloaded staff… only Adaptive Delivery can do this.
Without Adaptive Delivery, ESPs leave money on the table and their very valuable deliverability team spends time on reactive tasks like:
- Updating bounce definitions;
- Monitoring hard & soft bounces;
- Monitoring Feedback Loops for complaint spikes;
- Adjusting throughput, connection rates and throttling to comply with ISP requirements; or,
- Creating and executing ramp up/warm up plans to build positive reputation on new IPs.
Only Message Systems’ Adaptive Delivery allows them to focus on strategic projects that drive serious revenue.
Watch the video below to see how some of our clients have benefited from using Adaptive Delivery.
About The Authors:
Kim Matz is VP of enterprise sales, US East at Message Systems. An experienced technology industry executive, Kim heads up Message Systems’ email services provider practice, working with many of the largest ESPs in North America. Kim writes frequently on issues and trends in the ESP space.
Kate is director of Product Policy at Message Systems. A recognized authority on email deliverability and anti-spam practices for the past 14 years, Kate worked for many years on the anti-abuse team at AOL and was also a network engineer at the pioneering ISP UUNet/ Verizon Communications (credit proulx). Kate is a member of M3AAWG and OTA and continues to be an active voice in the worldwide messaging community.
Want to find out more about what Adaptive Delivery can do for your business? Download our free white paper on Improving Delivery & Reducing Costs Through Automation!
Today we’re looking at the daily life of a postmaster. No, not the ones in post offices (snail mail anyone?), but an email postmaster for major brands like Macy’s and the American Cancer Society. What better topic for National Email Week right?
And who better to talk about the topic than Jill Resnick, our Solution Consultant, who formerly worked for these brands! On 12 June, Jill Resnick shared her postmaster insights with a global audience in the Proven Tips for High Volume Sending webinar. Together with Global Solutions Consulting Director, Mike Hillyer, they discussed key concerns around high volume sending, especially during times like Black Friday, where retailers usually ramp up their sending activity.
If you missed the live webinar, here are some of the highlights.
- A postmaster’s daily concern includes dealing with graymail, blocks on IP addresses, ensuring high sending scores and that queues are not overloaded.
- Other challenges include IP warm up, protecting the brand and maintaining email infrastructure.
- It is important to set up PTR records and ensure reverse DNS is recognized.
On Email Authentication
- One of the postmaster’s prime concerns is email authentication and ensuring the set up of SPF, DKIM and DMARC practices. These help to indicate that the brand is not responsible for any fraudulent activity.
- Emails should be authenticated and verified through double opt-ins.
- Start with list acquisition, provide opt-outs on sign-up forms and have double opt-ins.
- Self inspect messaging practices and adhere to best practices.
On Feedback Loops
- When many people are marking your emails as spam and there is a lot of feedback loop action, you need to evaluate the relevance of your campaign.
- The reality is that sending to inactive subscribers is a risk to your reputation.
- Unsubscribe users who click that spam button. If they click it repeatedly they don’t want that email.
- Feedback loops can be a security tool and enables businesses to find compromised servers and shut them down.
On Internet Service Providers (ISPs)
- All ISPs have different policies. It is best to work with them rather than around their rules and set up bounce codes as needed.
- Sign up to get inside information on ISP’s whitelisting practices.
- Use tools to ensure list hygiene as it really helps your brand when it comes to maintaining good ISP relations.
On IP Addresses
- Certain ISPs such as AOL will tell you what is wrong with your IP address, but not all.
- There are instances when you might be on a shared IP and that often occurs when you are a company that is sending for different business units or if your volume of sending is not that high.
- When using a shared IP space, there is a possibility that the entire space might be blocked if someone is sending to bad lists; place bad addresses on a suppression list
- Set some IPs aside for big campaigns that need to reach the entire database. ie. IP warm up
- Know where your next IP address and server is coming from. Plan ahead for future campaigns.
- It is absolutely possible to be successful without a direct relationship with an ISP as all ISPs provide validation tools for testing.
On Open Source and Cloud Providers
- Cloud vendors are definitely good for specific use cases like transactional messaging and triggered messages.
- However, if a business is sending in the tens of millions a month, it is a good idea to consider the price carefully, and look into inhouse solutions.
On Message Systems
- Message Systems is carrier grade system and we work with a lot of carriers.
- Adaptive Delivery® which is integrated into the Momentum platform helps automate traffic shaping and throttling based on ISP responses, which saves postmasters a lot of time which would otherwise be spent manually managing it.
Above all, it is good to remember that quality is better than quantity when it comes to high volume sending!
Watch the full webinar replay for more insights into high volume sending!
In one of the early posts on this blog, Mike Hillyer, our head sales engineer here at Messages Systems, discussed the reasoning around why some growing companies might want to consider bringing their email sending capabilities in house. As Mike points out, a lot of senders start by using an email service provider (ESP) for their sending, and smartly so. ESPs have the infrastructure and know-how to handle enormous messaging volumes, and they can do so at good prices, which saves on the cost of deploying and maintaining an email infrastructure.
Where that equation changes is when companies reach such high messaging volumes, or their messaging needs become so complex, that it becomes more economical to bring their sending operations in house, or at least some of their messaging. This is a pretty common scenario we encounter here at Message Systems. And for our customers who are bringing some or all of their capabilities in house, there are lots of issues to consider beforehand. In this short video, Mike talks about what these issues are and explains why a hybrid insourced + outsourced model works so well for a lot of Message Systems clients. He also talks about how clients can use our Message Central campaign origination system to integrate data from various sources to create more effective email programs.
Many email marketers are unaware of the importance of message queuing to the successful delivery of their email. As a component of their messaging infrastructure, queuing is something that marketers typically defer to their IT department to manage. Yet, the reality is that queuing and the segregation of message streams can make the critical difference between the success and failure of a company’s messaging programs, and therefore, should be of concern to both the IT and marketing departments. (more…)