Set up DMARC and see who's sending email using your brand's domain.

The false promises of dedicated IPs

I have to admit, I am disappointed in the false promises that companies are giving when it comes to offering dedicated IPs for their customers to “improve email delivery.” The reality is, dedicated IP addresses are not a sure way to improve delivery, and sometimes, can actually hurt email delivery

Before I jump in, let me first explain how IP addresses play a role in mail servers and sending email. When confronted with the task of setting up an outbound mail server, there are a lot of things you have to consider. The first and foremost is making sure that all of your outbound emails are always sent from a consistent public IP address. This IP becomes the unique identifier that ISPs, accreditation services and blacklists use to track your activity and your IP reputation as you send. Once you have a dedicated IP, you can then continue the process of making sure you have proper reverse DNS records, adding it to your SPF records, setting up feedback loops and so on. I wrote a short guide on this back in 2007, most of which has stayed the same.

When it comes to Email Service Providers (ESPs) like Postmark, we go through this process on behalf of our customers and use a range of dedicated IP addresses that are shared amongst all of our customers. The other approach is to provide a dedicated IP address for each customer. I think this is a bad idea.

Need a quick refresher? Read this guide about the difference between a shared and a dedicated IP.

Why offer a single customer their own dedicated IP? #

It’s pretty common for ESPs to offer dedicated IPs to a single customer. When we first launched Postmark this was one of the options (as a coming soon) when you created a new server. The idea behind a dedicated IP is to isolate reputation, throttling and blacklists to each customer. This helps with diagnosing issues and can avoid one customer killing the reputation of another if something goes wrong. The other advantage is that the customer can create a custom sub-domain for the dedicated IP, essentially looking like it is coming from their own servers.

From the ESPs side, it is a point of protection as well. If a customer decides to start spamming and the IP gets blocked, it will not hurt other customers on the system (only half true - covering this next).

Why offering dedicated IPs is a bad idea. #

A dedicated IP sounds like something exclusive and attractive when customers look at what ESPs offer. In reality though, it’s a means of retreating from the overall responsibility of being an ESP.

By offering a dedicated IP for the majority of customers the ESP is basically saying “You do what you want, if you get blocked it’s your fault.” It also places a lot of heavy lifting on the customer, which defeats the purpose of paying for an infrastructure product in the first place.

In addition to this, new dedicated IPs are just as bad as IP addresses with a bad reputation, since they have no reputation at all. In order for an ISP (Gmail, Hotmail, etc) to trust email traffic, they need to know your history. If an ESP just gives you a new IP and you start sending a bunch of email through it, you’ll need some serious good luck. In most cases a new IP address gets “warmed up” first. Basically you take a new dedicated IP address and send a small number of emails out over time, slowly increasing it each day until it has a good reputation. If the ESP does not do this for each new dedicated IP, the customer is going to have problems.

The other misconception with dedicated IP addresses is that each one is completely independent. For instance, if one customer gets blocked, all other IPs are fine, right? Wrong. ISPs and blacklists will monitor entire IP ranges and domains. If one IP causes enough problems, traffic from the entire subnet or domain could be blocked.

The final reason, and this one is important, is that ISPs are starting to place a lot of weight on domain reputation, not just IP reputation. My guess is that over time IP reputation will slowly fade away while more weight is given to domain reputation along with authentication standards like DKIM. This allows you to take your reputation with you and ties the reputation to the brand (your domain) which is a lot less disposable than an IP address. In a recent post from Laura Atkins, a highly respected consultant in the industry, she stated:

Domain reputation is where delivery is going. And I think a lot of senders are going to struggle with delivery as they find that IP reputation is not enough to get into the inbox.

We feel the same. And that is why we push DKIM and SPF so much in our setup process. It’s also why we are thrilled that over 60% of our customers use DKIM or SPF on our service, a huge accomplishment for us.

Why we decided to stick with shared IP addresses. #

For the reasons above, we decided earlier this year to remove dedicated IPs as a feature available to everybody, and only have them available for customers sending 300k messages a month or more.

Our goal at Postmark is to make email delivery dead simple. Developers, designers and system administrators already have enough things to deal with and email delivery should not be one of them. We also have a very acute focus on our email delivery rates. If emails are not getting to the inbox, using Postmark is not justified, no matter what additional features we offer.

To make sure our delivery is rock solid it’s our job to take 100% accountability of our IP addresses and our reputation as a sender to the ISPs. So instead of offering a dedicated IP address to a customer and send them off, we carefully and cautiously monitor a set of shared IP addresses for all customers. This helps in several ways:

  1. We have a very high volume across each IP address, which gives a proven history of good sending practices with each ISPs. High volume with great sending practices means fantastic inbox rates.
  2. We avoid the problem of constantly warming up new dedicated IPs, risking delivery issues for new customers. A customer can hit the ground running.
  3. We take full responsibility for the reputation of our IPs, giving us extremely high reputation and delivery rates.
  4. We can encourage our customers to use DKIM to focus on domain reputation, instead of IP reputation.

This also means we actively kick customers out if they are not following our sending guidelines or terms of service. We have a very low tolerance for spam complaints, 10 in 10,000 emails. If a customer throws any alerts and does not clean up the problem we act fast. Some might think our tolerance is too low. However, spam complaints should be almost non-existent for most transactional email, and anything that could hurt our reputation is not worth the extra money that the spammy customers bring us.

Joining Postmark is like being part of the “good senders club”, with all the benefits of emails to the inbox.

When dedicated IPs make sense. #

Obtaining a dedicated IP (or many of them) can still make sense, but the decision is directly related to volume. For instance, we can’t just send on a single IP address. There is a point where too much volume can cause throttling at the ISPs, so you need to spread out that traffic across multiple IP addresses.

In some cases we will recommend a dedicated IP address for customers who send an extremely large volume. This only works when the customer sends a lot of emails to all of the major ISPs. If you send a ton to Gmail but not Hotmail, you’re going to have issues delivering to Hotmail. Each ISP can only build a reputation on what they receive. Another benefit of a dedicated IP is getting accredited from services such as Return Path and ISIPP, allowing customers to track their individual reputation. In reality though, the majority of customers never have to worry about this. They leave it to us and we take care of it.

Summing it up #

While a dedicated IP address for an email service might sound sexy, it’s not a true solution for getting to the inbox. ISPs only care about proper sending practices and a solid reputation. Instead of requiring every customer to build that reputation from scratch we feel it is better to allow approved customers to leverage our reputation, helping them get to the inbox immediately and without the hassle or care of how it works. Sure, this means we spend more time policing our customer’s sending practices and kicking the trouble customers out, but that just means better email delivery for the rest of you.

Chris Nagele

Chris Nagele

Love to travel with the wife and kids. Wannabe race car driver. Not so healthy obsession with Building Science.