Ah, the whitelist… A widely used, but misunderstood term. Many people believe that an email whitelist is a permanent, direct path to the inbox at an ISP, with no filtering applied. That may have been true at one point, long long ago, when mail systems were less sophisticated. Today, for the most part, whitelists are a little more flexible and have varied benefits. They are certainly worth understanding and considering, but they may not be the magic bullet you are hoping for.

What is a whitelist?

A whitelist is a list of IPs or domains associated with a good sending reputation. It is employed by ISP mail systems (generally after the gateway) to provide benefits associated with increased trust in the mail coming from the IPs or domain in question.

Why do whitelists exist?

Whitelists were initially developed back when systems receiving email (ISPs) were less sophisticated. As we know, the majority of the email out there is spam (I’ve read statistics between 85% and 95%), so anti-spam systems were overly aggressive in order to protect email users. Having a whitelist in place is a way to give your system a leg-up on correctly categorizing mail that people want.

What are the benefits of being on a whitelist?

There are various types of whitelists out there and the benefits vary depending on the 3rd party provider or ISP. While at one point, a whitelist might have placed your mail directly in the inbox with zero filtering, that is not very common today. Whitelist benefits might include some of the following:

  • Increased throughput limits (ability to send more mail faster)
  • Fewer levels of filtering
  • A bump up during the calculation of reputation

How do you get added to a whitelist?

Not just any sender can get themselves whitelisted. You have to meet the criteria of the whitelist provider, which generally align with email best practices:

  • Low complaint rates
  • Low/no spam trap hits
  • Low percentage of invalid addresses
  • Authenticated mail
  • Etc.

If you meet the criteria for being added to a whitelist, you must then apply for approval.

What are the available whitelists?

Here is a list of the more commonly known whitelists:

  1. Yahoo Bulk Sender (free)
  2. AOL Whitelist (free)
  3. Return Path Certification (paid, 3rd party)
  4. Certified Senders Alliance (paid, 3rd party)

Do you need to be on a whitelist?

As I mentioned above, to get on a whitelist, you have to meet (and maintain) certain standards and follow best practices. As a result, the argument is generally made that if you are a good sender and you are in tune with what your subscribers want, you shouldn’t need to be whitelisted.

At SparkPost, we consider it a standard practice to subscribe to the free, publicly available whitelists (AOL, Yahoo) as a precautionary measure. The decision of whether or not to pay for the 3rd party whitelisting services (Return Path and CSA) is a personal decision for our customers.

As I alluded to earlier, mail receiving systems have gotten more sophisticated over the years, and it’s easier for them to determine whether or not you are a legitimate sender based on the way users interact with your mail. Therefore, they largely no longer employ whitelists in a blanket, “direct to inbox” fashion. Some providers, like Gmail, don’t offer a whitelist at all as they are so confident in their system’s ability to correctly categorize the mail based on user behavior.

Things to note…

Even though you may have been accepted onto a whitelist, ISPs and 3rd party providers are constantly monitoring your traffic and you can be kicked off if you break the rules (e.g. You decide to mail to users who haven’t engaged in a very long time, resulting in tons of complaints, invalid address, and spam trap address hits.) You don’t always get notified when this happens, so it’s important to maintain good sending practices.

While the whitelists I’ve been talking about here apply to domain/IP level filtering at the ISP level, there is also personal whitelisting, which takes place at the user level, and can have a positive impact on your mail program… Stay tuned for a blog on personal whitelisting coming up.
Confused on how to be a good sender? SparkPost has Deliverability experts that can help.

Clea Moore
Deliverability Lead

9 Things ISPs Really Want Email Marketers to Know

What’s the magic pass/fail standard that decides whether your email reaches a recipient’s inbox or their spam folder…or even gets delivered at all? Sender Reputation, determined by a bevy of metrics and measures that include authentication via SPF, DKIM and DMARC protocols, complaint rates, the number of spam traps hit, bounce rates and, ultimately, user engagement metrics: if you’re badged spam by the addressee, it’s a rough road back to the inbox.

But your Sender Reputation – and, therefore, your deliverability — may not be the same across the ‘Big 4’ major inbox providers.  Yahoo, Gmail, AOL and Hotmail don’t share their data with each other.  They also vary in how they implement authentication protocols, user engagement metrics and other practices.

So it’s obviously useful to understand how each of them gatekeeps deliverability.  Here’s a rundown of some of the key considerations about each, condensed from An Email Delivery Report for 2013: Yahoo, Gmail, Hotmail & AOL, as researched by EmailDirect, a small Sacramento, CA ESP:

Yahoo!

  • Yahoo! checks for SPF, DKIM and DMARC flags.
  • SpamGuard, their proprietary filter, learns to flag spam via user complaints and lack of engagement.
  • Yahoo! maintains a whitelist, but it doesn’t ensure delivery, since all senders are still subject to SpamGuard.
  • Good reputation metrics and getting subscribers to put you on their “safe” lists will protect your deliverability.
  • Yahoo! references block lists at The Spamhaus Project – so being listed there will result in a block.

AOL

  • DKIM authentication is needed with AOL.
  • AOL uses an IP-based whitelist; mailers with good reputation scores in the AOL Feed Back Loop program qualify for it.
  • Their spam filter is proprietary and custom-built, influenced by metrics like complaints, unknown users, content, bounce processing and spam traps.
  • AOL references the block lists maintained at The Spamhaus Project.
  • If you’ve been routed as junk mail or bounced, good luck!  Getting back into the Inbox is tough, though a form to request delisting from AOL’s internal block list is available.

Gmail

  • Unlike other inbox providers on this list, Gmail doesn’t employ a feedback loop or whitelist.
  • They’re very aggressive in blocking bulk commercial email compared to the other major inbox providers.
  • Poorly-optimized creative content can prompt junk mail routing.
  • Once you’re sent to the junk folder, it’s hard to get back to the Inbox.  Requests to be removed from Gmail’s internal block list can take several months – or longer.

Hotmail

  • Microsoft releases more reputation data than these other inbox providers via its Smart Network Data Services (SNDS) program.
  • Windows Live Hotmail has switched to SPF authentication.
  • They filter email using Symantec/Brightmail Probe Network and Smartscreen filtering, along with proprietary content-level filtering.
  • Blocking may result from being listed with Brightmail; removing blocks requires contacting Symantec, not Hotmail.

Looking for more information about email best practices that can get you into the inbox? Download our free eBook, Email Best Practices 101.

Email Best Practices eBook