How to master the essentials of email security for optimal campaign reach and inbox placement
Crafting the perfect email marketing campaign is hard work. And, nothing is more frustrating than a perfectly crafted campaign not performing because the emails were delivered to the the spam folder.
In 2023, Validity found that one in every six legitimate, permission-based marketing emails never reached the inbox. While there are various reasons for poor deliverability, one of the most overlooked, foundational ways to improve it is through domain authentication.
Domain authentication verifies the legitimacy of an email, ensuring that it comes from the claimed sender. This signals to mailbox and internet service providers that your emails are authentic and warrant reaching the inbox. In this article, we’ll break down why domain authentication is crucial for making sure your emails get where they need to go and why it matters for your marketing success.
The essential role of domain authentication
While email serves as the primary communication channel for most industries, the landscape is not without challenges. The volume of unwanted emails – ranging from spam to phishing and malware threats – is staggering. Every day, approximately 3.4 billion phishing emails flood inboxes.
Why is email so vulnerable to attacks? Well, it doesn’t have security built-in.
In October 2008, the Network Working Group officially labeled SMTP (Simple Mail Transfer Protocol), the internet standard for transmission of electronic messaging, as ‘inherently insecure’. They said that anyone could impersonate a domain and use it to send fraudulent emails pretending to be the domain owner. To fix this, a number of authentication protocols have been developed over the years.
The holy trinity of authentication protocols
There are three key domain authentication standards: SPF, DKIM, and DMARC – let’s explore what they do at a high level.
What is SPF? (Sender Policy Framework)
SPF is like a guest list at a party. When someone RSVPs, you check if they are on the approved list of guests. Similarly, SPF allows the recipient’s mail server to verify if the sending mail server (i.e. Yahoo, Mailchimp, etc) is on the approved list for the sender’s domain.
What is DKIM? (DomainKeys Identified Mail)
DKIM is akin to putting a wax seal on an envelope. It adds a digital signature to the email header, like a unique wax seal for each sender. If the wax seal (digital signature) is intact when the recipient receives the email, it validates the integrity of the message.
While SPF and DKIM might help to authenticate emails, they don’t tell recipient servers what to do with the emails that fail authentication.
What is DMARC? (Domain-based Message Authentication, Reporting, and Conformance)
Enter DMARC, the protocol that uses the authentication that SPF and DKIM provide to enforce a policy. This means that only emails that pass SPF or DKIM authentication will pass DMARC validation and reach your recipient’s inbox.
Think of DMARC as the event organizer. It not only checks the guest list (SPF) and validates the wax seal on the invites (DKIM) but also sets clear rules on how to handle guests who don’t meet the entry (authentication) standards.
For unauthorized emails, DMARC will deal with them based on the DMARC policy you set. Here are the policies and what each means for unauthorized emails:
p = none – this means no policy is set, so all emails will be able to reach the recipient, regardless of whether they pass authentication or not
p = quarantine – this tells recipient servers to send any emails that fail DMARC validation to the junk/spam folder
p = reject – this is the most powerful policy, and it tells recipient servers to block any emails that fail DMARC validation
Why is DMARC so important for successful email marketing?
As well as offering vital security and anti-phishing benefits, DMARC and deliverability actually go hand in hand. This is because by implementing DMARC correctly, you’re telling all recipient servers that the emails you send are definitely from your organization. So, your reputation improves, your deliverability can increase and even the inbox placement of emails can get better.
That’s not all though – from February 1, 2024, DMARC will be required.
Google and Yahoo will be rolling out authentication standards for bulk senders (those who send 5000+ emails daily) to guarantee delivery to email addresses ending in gmail.com or yahoo.com.
What does this mean? Prepare, don’t panic
Given that this news was announced in October 2023, most experienced marketers will have battened down the hatches already. However, if you’re not sure what these changes entail and what you can do to get ready, check out our recent article that explains what the Google and Yahoo requirements mean for marketers.
In summary, the requirements cover three core areas – implementing domain authentication standards, keeping spam rates low, and ensuring you include one-click unsubscribe functionality in your emails. Failure to comply can result in emails not being delivered or ending up in spam.
| Ready to check your Google Yahoo bulk sending compliance in less than 60 seconds? Check your readiness now |
Let’s dive a little deeper into the additional reasons DMARC is an indispensable asset for email marketers.
- DMARC boosts deliverability
When DMARC is set up correctly at a policy of p=reject, senders signal to ISPs that they are actively taking measures to authenticate their emails and improve their domain security. This builds trust with ISPs, reducing the likelihood of legitimate emails being mistakenly marked as spam or phishing attempts.
| “Since achieving full DMARC implementation, Wise has managed to up its average monthly email deliverability rate from approximately 90 percent of emails to 99 percent, equating to circa 450,000 additional emails making it into customers’ inboxes.” Shan Lee, Information Security Officer Read the full story |
- DMARC helps you stay out of the junk folder
The solution to getting out of the junk folder and into your customer’s inbox is to get SPF, DKIM, and DMARC properly configured for your domain. Once you have DMARC set up correctly, you’re actively telling every receiving email server that the emails you’re sending are authorized and not junk. Once you fully implement DMARC, you will see that your open rates will automatically increase as more people are receiving your emails and interacting with your offering.
- DMARC increases customer confidence
In this day and age, customer trust is increasingly important. When recipients receive emails from brands they trust, they are more likely to open and engage with the message. But should the brand experience a data breach – which happens far more frequently than you think – trust can be lost in seconds. Dusted found an eye-watering 81% of people reported they’d stop engaging with a brand online following a data breach.
Because DMARC stops bad actors from spoofing your domain, it demonstrates a commitment to email security and means recipients can be more trusting of your emails.
| For a more in-depth read on the impact of consumer trust, read more in our whitepaper: “The value of safeguarding consumer trust in the retail sector.” |
- DMARC lets you show your logo on the emails you send
While DMARC plays a significant role in ensuring your emails land in the inbox, motivating a recipient to open and engage with an email is a different task altogether. Whether it’s emoji-packed subject lines or tempting discount deals, businesses worldwide are desperate for the edge when it comes to being recognized and opened in the consumer inbox. Almost 86% of e-commerce marketers say the primary business objective of their email strategy is increasing brand awareness. That’s where BIMI comes in.
BIMI is a standard that lets you attach your verified logo to any DMARC-authenticated emails you send using a VMC. Think of it almost as a reward for having DMARC in place!
Studies have shown that BIMI can improve open rates by 39% and increase brand recall by 44%, so it’s no surprise that an increasing number of marketers are implementing the standard.
| “The ability for brand recognition to happen in the inbox is always a good thing. That’s why BIMI was a no-brainer for us.” Marc Sirkin, EVP of Product and Technology, Third Door Media Read the full story |
7 ways your emails can make it into more inboxes
There are a host of ways to level up the success of your email marketing, both from an email security perspective, as well as by employing general deliverability best practices.
We’ve prepared a list of what you should do to stand the best chance of your carefully crafted campaigns landing in the primary inbox.
- Prepare for Google and Yahoo’s bulk sender requirements
Why? It was only right for us to start this list with the Google and Yahoo requirements as from February 1, they will have come into effect. Compliance is critical as it’s the only way to ensure your emails make it to your recipient’s inbox and don’t land in spam!
How? Over half of the Google & Yahoo requirements involve setting up domain authentication protocols. Unless you’re email security savvy, you should seek assistance from your IT team. However, before you do, check the current status of your email-sending service by using our free Google and Yahoo Compliance Checker, Red Sift Investigate.
If you’re looking for guidance on how best to work with your IT team to meet the new requirements, check out our article.
- Implement DMARC at a policy of “p=reject”
Why? Though Google and Yahoo are mandating a policy of “p=none” for their bulk sender requirements, progressing to a policy of “p=reject” is the only way to fully block exact domain impersonation, safeguard brand reputation, and improve email deliverability. It’s better to get ready now, especially if Google and Yahoo enforce stricter requirements later in the year.
How? Getting to “p=reject” requires close collaboration between a company’s IT team and a DMARC vendor. Depending on the size and complexity of your organization’s email setup, DMARC implementations can take anything from 24 hours up to 10 weeks, so the sooner this kicks off, the faster you’ll be protected.
Red Sift OnDMARC, our automated DMARC application, has helped 1000+ global organizations reach “p=reject” swiftly and smoothly. It offers a 14-day free trial so your IT team can get started right away!
- Segment and clean email lists regularly
According to research by Hubspot, segmented emails drive 30% more opens and 50% more clicks throughs than unsegmented ones. This kind of positive interaction with emails sends signals to mailbox providers that the content is relevant and valued.
In light of this, put time aside to regularly clean your subscriber lists and keep them free of inactive subscribers so you reap the rewards of engagement in the inbox.
- Monitor (and build) your sender reputation
Sender reputation is a combination of your IP and domain reputation as evaluated by ISPs and mailbox providers. A positive sender reputation is crucial for achieving high deliverability rates but isn’t a quick win – it is built up over time and is achieved by authenticating your emails, managing lists, sending quality content and monitoring your email-sending sources on an ongoing basis.
You can check your sender reputation with Google’s Postmaster Tool or Sender Score.
- Check blocklists
A blocklist (also known as a blacklist) is a database or list of email servers or domains that are identified as sources of spam or malicious content. Mailbox providers and spam filters use these blocklists to filter out unwanted emails and prevent them from reaching recipients’ inboxes. If your email server or domain is on a blocklist, it can significantly impact your email deliverability, causing your messages to be marked as spam or rejected outright.
- Personalize, personalize, personalize!
Email personalization involves tailoring your email content to individual recipients or specific audience segments – think personalized salutations, subject lines, and dynamic content. The goal is to create a more personalized and meaningful experience for each recipient, increasing the likelihood of engagement and conversion. Personalization isn’t just a way to improve email performance; 96% of marketers say personalization leads to repeat business.
- Encourage subscriber feedback and preferences
Email preference centers allow subscribers to control their email experience – whether it’s type of content or frequency. So although a universal unsubscribe option needs to be offered as standard, this option allows recipients to opt down instead of opting out altogether.
What to do if you’re deliverability is suffering
So, you’re seeing deliverability drop offs and you’re trying to figure out what is going on.
Certain email sending providers like SendGrid and Mailgun will surface SMTP error messages to accelerate troubleshooting. Here’s an example of an SMTP error that relates to the new bulk sending requirements with guidance on what to do.
DKIM failing authentication
421 4.7.30 This mail has been rate limited because DKIM does not pass. Gmail requires all large senders to authenticate with DKIM. Authentication results: DKIM = did not pass.
This message is the result of DKIM not being configured correctly. Remember that unlike DMARC, Google and Yahoo now require bulk senders to have both SPF and DKIM implemented. And, users must have SPF or DKIM alignment.
Get more detail on what’s going wrong by sending a test email from your bulk sending tool to Red Sift Investigate and check out our bulk senders’ configuration matrix for more information.
Where to go from here?
One undeniable truth stands out – email marketing success demands more than just compelling content. The journey from creating the perfect email to ensuring its successful delivery relies on an ongoing commitment to embracing security, building trust, and staying vigilant as industry standards shift.
| Ready to check your Google Yahoo bulk sending compliance in less than 60 seconds? Check your readiness now |
