It’s easy to take email delivery for granted. At least, until the moment you realize messages you’ve been successfully delivering to the inbox for weeks are suddenly hitting the spam folder or are being discarded altogether. Correcting this problem can take a bit of troubleshooting, usually with some trial and error.
We help our customers troubleshoot these kind of email delivery problems all the time. This guide will offer you tips we've learned about deliverability in five big areas. There's also a bonus section of resources and tools at the end to help you as you work through any delivery issues you encounter.
Authenticating email from your domain is the first thing to check when troubleshooting email delivery. The four big things you want to configure to cover email authentication are SPF, DKIM, Return-Path (if available), and DMARC. These give you the ability to tell the Internet where email from your domain should originate. They also give postmasters tools to verify incoming messages from you are authentic, and give you options on actions postmasters can take if messages aren’t from you. Your ESP should make setting up and managing each one of these protocols easy. In this guide, we’ll cover each one briefly, and link to our bigger guides on each topic if you’d like to learn more.
Sender Policy Framework, or SPF, is a way for you to tell the world where email for your domain originates. You can create an SPF policy for your domain with a DNS TXT record. Each source of email is added to the existing SPF record, and Postmark provides this default record in our app. You can learn more about this protocol in our SPF guide. Some providers, like Postmark, do not require that you add an SPF record to begin passing SPF.
DomainKeys Identified Mail, or DKIM, cryptographically signs outgoing messages to stop impersonation and make sure messages aren’t altered in transit. You setup DKIM a bit like SPF, by adding a new TXT record to DNS for your domain. You’ll need to add a unique public key for each source of email for your domain. Postmark and other ESPs manage DKIM by generating a private key and giving you the public key for your DNS records. Our DKIM guide can give you more details about how it works to secure your email.
The Return-Path on the emails you send is used in determining if your email passes DMARC SPF alignment. DMARC requires that your Return-Path domain match your From domain to pass SPF alignment. Getting set up with a custom Return-Path on emails sent through email service providers usually involves adding a CNAME record to your DNS. Some ISPs and spam filters also like to see that your Return-Path domain matches your From domain, so it is always a good idea to set up your Return-Path on emails sent through third party providers, if possible.
Domain-based Message Authentication, Reporting, and Conformance, better known as DMARC, uses SPF and DKIM to provide an extra layer of security for your domain’s email. It also generates a report from ISPs that will show you where mail for your domain originates across the web. You can learn how DMARC was built to address some of the weaknesses of SPF and DKIM, how it authenticates your domain’s email and generates reports in our big DMARC guide.
The content of your message is critical, and there are a few things you can check when you hit a delivery snag.
- Use Postmark’s Spamcheck to look for security triggers
- Check your message by sending a test message using Litmus Putsmail
- Perform in-depth testing for messages on Litmus
- Always include a plain text option when sending HTML emails
- Avoid using shortened URLs, especially from bit.ly
- Avoid using too many images
Make sure your HTML is compliant and well written. Avoid using too many images with your messages, and be sure to create a plain-text version for every email. You can also grab the email headers and run your messages through Postmark’s Spamcheck tool. This check uses SpamAssassin to score your message. It won’t tell you exactly why an ISP quarantined your message, but it can give you an excellent idea on updates you can make to improve your deliverability.
If a message was being delivered to the inbox and you suddenly see it start getting diverted to your spam folder, it’s time to do some testing. If you’ve made any changes to the content of the messages, the first thing to do is remove your recent changes and see if your messages reach the inbox. You’ll want to give extra attention to any updated links, new attachments, or major changes to your text. These are all parts of a message we’ve seen trigger deliverability problems in the past. Avoid using shortened URLs in your messages because spammers love to use redirects to mask their true intent with links. ISP spam filters will often quarantine messages because of a single shortened URL. As another example of how a small content change can have big effects, one of our customers added a phone number to an email which immediately led to their messages being flagged as spam in Gmail. To fix the problem we tried sending the message without the phone number they added, and it fixed their spam problem immediately. As you can see, testing content is tricky.
You should only spend your time troubleshooting small changes if a message has a track record of hitting the inbox. It’s a good idea to run new messages through a service like Litmus to catch red flags for specific ISPs and security providers. This will save you from hunting down issues one by one, and help make sure your content meets all the current best practices.
One of the most important factors for deliverability is how people engage with your emails. ISPs and email security services build a profile of your domain over time. The biggest key for engagement is to make sure you only send useful emails your recipients want and expect. Using DKIM is another part of your reputation and includes factors like open rate, bounce rate, and spam rate to build a domain reputation profile over time.
- Avoid sending to invalid addresses by removing email addresses that bounce
- Never send from a “noreply” email address
- Keep an eye on bounce, spam, and open rates
Modern spam filtering rarely relies on keyword filtering, favoring adaptive filters to protect users from threats. This works a little different between providers, but as an example, Gmail incorporates user actions. Marking a message as spam, consistently ignoring and not opening emails from your domain, or marking a message as not spam all play a significant role in determining how mail is handled for your recipients. If you see low engagement with your transactional email, you should consider auditing what you send your customers or users. Sending too many emails, even if they’re valid messages, can lower your overall engagement and do damage to your domain’s reputation over time.
The impact of each of these signals can vary, but here are some examples of things ISPs watch and use to protect their users.
- Opens — obvious engagement
- Replies — signifies a conversation
- Mark as Not Spam — big noise that the ISP has got it wrong
- Move to a folder — signals value in the email’s content
- Add to address book — signals value in the sender
- Delete without opening — signals no interest, not equal to marked as spam
- Mark as Spam
There’s one engagement factor ISPs don’t track and that’s clicks. This is self-policing on their part, with the belief this would be a breach of privacy. ESPs report click data through redirects, but ISPs have recently shared this isn’t something that impacts deliverability.
Beyond these adaptive signals, you need to closely monitor your bounce rate. You should be able to keep your bounces under 5% for your entire domain. Anything above 5% will impact your delivery rate because ISPs see this as a signal you’re sending to poorly qualified recipients. A good way to combat this is to filter out email addresses that consistently bounce your messages.
Good transactional email shouldn’t generate any spam complaints. Your spam rate for transactional email should be 0.1% or less. It might seem extreme to target a one spam complaint for every 1,000 messages, but if you send quality transactional messages this should be easy to achieve.
Most ESPs (like Postmark) work to help you manage your bounce and spam rates by deactivating recipients after a hard bounce or spam complaint. In some cases, they’ll also deactivate email addresses after a series of consecutive soft bounces.
ESPs handles this type of list hygiene for you, but it’s important you keep your contact lists clean across your domain. On top of removing recipients after a bounce or spam complaint, make sure you aren’t sending to an email list someone bought. Also, make sure your emails meet your users expectations. If your application is something people only expect to use once, you shouldn’t be sending welcome emails or adding them to an email list unless they’ve opted-in.
There are two important aspects of managing your reputation for deliverability. The original reputation check used IP reputation. ISPs keep track of the type of traffic from IP addresses, and this means looking for bulk and spam messages.
While we’re on the subject of IP reputation, there’s a common myth that dedicated IP addresses are a reliable way to address deliverability issues. Our experience has shown a well-managed pool of shared IP addresses is more reliable. A dedicated IP is a way for ESPs to lower their support overhead by not having to monitor this traffic too closely and squeeze a little extra revenue out of their customers. You can learn more about what we see as the false promise of dedicated IP addresses here if you’re interested.
Realtime Blockhole Lists, or RBLs, are third party resources that report suspicious activity from IP addresses to ISPs and postmasters.
In recent years, ISPs have also incorporated domain reputation into their testing methods and they are starting to rely on that more heavily. This has led to RBLs that supplement their IP address lists with additional lists for domain activities. Large services like Gmail gather enough traffic data to assemble their proprietary lists of IP and domain reputation as well. By using some of the authentication standards we mentioned earlier, it will help build reputation on your domain that is portable across any ESP.
The negative side of this is if you have a poor domain reputation. In this case, the poor reputation will travel with you no matter what ESP you use. We recently helped a customer troubleshoot emails going to spam at Gmail. It turned out that, after looking through Gmail Postmaster Tools, that their domain reputation was low or bad due to their marketing emails at another ISP. By sending transactional email from the same domain, it still caused these message to land in spam. The important lesson here is that it is just as much up to you to manage good practices on your domain as it is for an ESP to manage their reputation.
- Monitor your domain through Gmail Postmaster Tools
- Investigate using different From address subdomains for transactional and bulk
- Check your domain reputation against blacklists
- Check your IP reputation against blacklists
There are tools you can use to check your domain and IP reputation. This MX Toolbox test can check your IP or domain for RBL activity. Additionally, Gmail and Outlook.com provide postmasters similar tools you can use to monitor the activity they’ve seen for your domain.
If you’re running your own email stack the first thing you should worry about is infrastructure. This is stuff like IP reputation, feedback loops, reverse DNS, and a bunch of other low-level protocols you need to get right. Thankfully, every good email service provider (ESP) will handle all this stuff for you. If you landed here looking for help with any of those topics, we’ve selected a few good resources to help explain how to setup each one.
- Email providers keep close track of IP address reputation and use it to determine when a message should be marked as spam or discarded. The importance of IP reputation has decreased slightly as domain based reputation tools have emerged, but it’s still an important factor for long-term deliverability. Sending from an IP with your web host can still be a huge problem because IP addresses from AWS and shared VPS providers may have a poor reputation.
- Feedback loops give mailbox providers a dedicated way to report spam activity back to ESPs. Properly configured feedback loops include information for each IP address and have an email address parsing the inbound reports for actionable data. Word to the Wise keeps a page updated with a bunch of ISP information, including where you can sign up for feedback loops for specific ISPs.
- reverseDNS, or rDNS, is used to verify the IP addresses associated with a domain. Spammers have changed their tactics to make rDNS a less effective way to quarantine spam by moving away from sending their campaigns through botnets, but it’s still important to have this properly configured for your email infrastructure. This article can help if you need to configure your own rDNS.
- Use a mail transfer agent, or MTA, that supports DKIM. Postfix or PowerMTA are a couple of good choices that meet this requirement.
Getting it all to the inbox #
There’s no silver bullet for email deliverability. ISPs and security companies can’t make explicit guidelines to get email to the inbox because they’re in a constant game of cat and mouse with spammers. Even though there’s no way to guarantee delivery, following these steps will help get your email to your customers.
Tired of missing or delayed emails?
Switch to the provider that Asana, 1Password, and LiveChat trust to deliver their transactional email.
Resources and tools #
- AOL Postmaster — tools and articles for sending to AOL users
- DKIM.org — official home for the DKIM project
- DMARC.org — official home for the DMARC project
- Gmail Postmaster Tools — analysis and tools for sending to Gmail users
- Litmus — suite of tools for testing design and spam probability
- Litmus Putsmail — free tool from Litmus to test your HTML emails before sending them
- Mail-Tester — free tool to check the spammyness of email you're sending
- MX Toolbox — test for blacklists and DNS records, along with other email related resources
- OpenSPF.org — official home for the SPF project
- Outlook.com postmaster tools — information about sending to Outlook.com and tips to resolve issues
- Port 25 authentication email verification — email report that checks SPF, SenderID, DomainKeys, DKIM and Spamassassin
- Postmark’s SPF, DKIM, and DMARC guides — a set of email authentication guides from Postmark
- Postmark’s free DMARC setup and reports — easy to setup DMARC and human readable reports
- Postmark’s SpamCheck — Free JSON API to instantly check the spam score of your email messages
- Word to the Wise ISP information — ISP sending limits and other deliverability info
- Yahoo Postmaster — tools and article for sending to Yahoo users
- 250ok Postmaster Tools — tests for DNS, Gmail Tab placement, and more