Email spams are not new. Infact, they are as old as one can recall. Despite repeated attempts at securing data, there has always been a loophole somewhere that made way for email spams.
After the recent WannaCry Ransomware attack, Google quickly followed suite to tighten security for Gmail enterprise users. It has incorporated machine learning technology to detect phishing bugs and spams in Gmail. While Gmail and other mailbox providers are still coping up with the impact of the biggest cyberattack that hit 150 countries back to back, Microsoft faced the wrath of common people. It is believed that Microsoft could have stopped the WannaCry attack.
All of these boils down to one simple fact: To combat email spam attacks, it is essential to know the what-why of the same. Unless you are aware what redirects your emails to the spam folder, you cannot resolve the issue.
Email Spams and Phishing attacks: Global Overview
Reports from research companies state that spam comprises of about 73% of all emails globally. The U.S. takes lead in being one of the generator of spam emails, closely followed by Korea. According to a recent comparison of data spanning from January 2014 to March 2017, the spam emails have accounted for 56.87% email messages across the world recently.
Similarly, Kaspersky Lab Spam Report has revealed:
- Email spams have seen a 3.03% rise in one year (2015-16).
- The US remains to be the biggest source of spam (12.08%), followed by Vietnam (10.32%) and India (10.15%).
- Spam ads soared with the rise of small and medium businesses in China in 2016.
- About 29% unique users were attacked by phishers.
After the spam attack on Google Docs and the recent WannaCry Ransomware attack, the internet industry has been shaken from the roots. But the show must go on.
We, on the other hand, have to do everything in our knowledge and power to combat such attacks. The first go-to-point is: Stay alert. Trusting any unreliable source or unknown email address is a strict NO.
Turning the tables, if you are the one sending out emails to a considerably long list of subscribers, how will you make sure your emails are not spammed?
Three Reasons Emails Land in the Spam Box
When you are sending out emails, various factors contribute in deciding the fate of your emails. Today, mailbox providers have made security immensely tight. There are various filters to every mailbox provider, and not all mailbox providers function similarly. For instance, popular mailbox providers like Gmail, Yahoo and Outlook have separate ways of dealing with emails and identifying spam emails.
To put it simply, there are three main reasons why your emails may get redirected to the spam folder.
- When you have errors with your technical setup
- When your content is irrelevant and includes various spam words
- When you avoid personalisation of your Mailbox
Like they say, where there is a problem, there is a solution too!
How to Stop Your Email Campaigns from hitting the Spam Folder
You know the three major reasons that can reroute your emails to the spam folder. Now, here’s how you can avoid that. Let’s go over the steps one by one.
I. Getting everything right with your Technical Setup
Technical setup happens once, and you need to get the basics done correctly. Usually, the one-time technical setup can be divided into two parts: The Core and The Advanced.
The core technical setup begins with setting up SPF, DKIM and DMARC records. Here are the steps to do the following:
Confirm whether the SPF, DKIM, and DMARC records are properly setup for the domain. To set up these records, you can refer to our documentation here. These three records, if configured properly, helps in enhancing the reputation of the sending domain with the email delivering ISPs, thus increasing the delivery rate (in the recipient’s inbox) of sent emails.
What is SPF, DKIM, and DMARC?
An SPF (Sender Policy Framework) record is published by the domain owner, stating which email servers (IP Addresses) are authorised to send an email for the specific domain name. The recipient email server verifies the sender address with the information published by the domain name owner to make sure that the email is coming from the authorised servers. Only when the details match, the email will be delivered. If your domain name has correct SPF record, you can be sure that an unauthorised entity is unable to send emails on behalf of your domain name.
A DKIM (Domain Keys Identified Mail) record adds a digital signature to your outbound email headers. It uses a private domain key to encrypt your outgoing email header and adding a public version of the key in the domain’s DNS records. The recipient email server can retrieve the public keys and can decrypt the received email’s header and can make sure that the email sent from the particular domain has not been changed on its way. The digital signatures are invisible to the end users and are verified by the servers rather than the email senders or receivers.
A DMARC (Domain-based Message Authentication, Reporting, and Conformance) record allows the sender of the email to publish a policy while sending an email stating the mechanism (DKIM, SPF or both) which is employed and how the receiver of the email should deal with authentication failure for emails. Additionally, it provides a reporting mechanism of actions performed under those policies. DMARC record helps combat phishing and email spam.
What else to take care in the core technical setup?
Add Email sending Domain to Google Postmaster – Make sure that you have added your email sending domain to Google Postmaster.
Use organisation’s email address to send emails – Avoid using any free or personal email addresses to send marketing emails as emails from a free email account can be marked as junk or spam by the receiving email server. Using the organisation’s email address enhances the sent email’s reputation as being sent from a responsible organisation which is not equivalent to sending emails from a free email address.
Verify your technical set up – Once the technical setup is done, you can verify the efficiency and effectiveness of your technical setup from the website mail-tester.com. To verify your technical set up, what you need to do is to send a marketing email campaign to the email address “email@example.com.” Once the email is sent, you can go to the site “mail-tester.com” and check your technical set up report. The report describes in detail the do’s, do not’s, the correct setup and what is not right with your setup.
IP Warmup – When an ISP (Internet Service Provider) notices a sudden outflow of emails in large volumes from an IP Address, which was not sending emails earlier and was dormant, they immediately begin monitoring the emails from that IP Address, thinking them to be spam messages. IP warming is a term used to describe the process of starting with a low email volume initially and then slowly build up the email volume over time. The goal of IP warming is to create reputation with the ISPs as a genuine and legitimate email sender. This is the recommended process for new customers with a new dedicated IP Address. Starting slowly also gives time to debug and resolve any reputation related issue which can impact the sender’s email sending reputation of the IP Address in the long run. It is recommended to start the warming process with a low email volume and slowly keep on increasing the email volume. Normally, the warmup period is between 6 to 8 weeks. It is best to divide your peak volumes by 8 and keep on increasing your email volume by 1/8 of the peak volume every week for the next eight weeks.
How mail-tester.com works?
Mail-tester basically gives you a score out of 10, indicating the spam-content in your newsletters. The more you score, the better it is. Since it is not possible to ensure that each and every one gets your emails, what you ca do is- improve your chances to get to the maximum users’ inboxes.
PS: Even i you get a great score, your email might still land in the spam folder. This may happen because each mailbox provider has different spam filtering processes. Also, if your users somehow hit ‘this is spam’ button, you will have to re-work on your emails.
- First, you will need to visit mail-tester.com homepage. Copy the URL provided on the homepage.
- Next, you go to the Newsletter design page in MailPoet. Paste the URL in the preview panel and hit ‘send preview’.
- Now, come back to the homepage and click on ‘Then check my score’.
The snail starts moving, calculating your score all the while.
PS: It moves pretty fast!
Once it is done, it will flash your score. Higher the score, better it is. Check below for score page samples:
What if Sending Method does not work?
In that case, the snail stops midway. In other words, it gets stuck; like this-
This indicates that your current sending method has some errors.
What does a bad score mean?
It can point to any of these four reasons:
- You are blacklisted
- Your SPF record is not set up properly
- Your DKIM needs proper set up
- You have used bad words or spam words according to SpamAssassin
What is SpamAssassin?
Apache SpamAssassin is an open-source platform that helps system administrators to filter and block spam emails. It implements a scoring framework. By running several analytical tests on email headers and text body, it filters out spam emails seamlessly.
- Identifies spam signatures by implementing wide variety of local and network tests.
- Easy to configure and add new rules.
- Abstract but well-designed API, offering immense flexibility.
- Mail::SpamAssassin classes can be used on several email systems including sendmail, qmail, procmail, and others.
What if you don’t copy paste the URL in the first place?
Opps! Then there will be no result at all. In fact, you will see a message like this-
This brings to the end of the core technical setup. Let’s quickly move on to the advanced part.
Advanced Technical Setup
Advanced technical setup includes checking of-
- Domain blacklist status
- DKIM/SPF pass or fail status
You can also use two tools in this regards-
Mxtools: Mxtools helps in identifying fraudulent signups and account hijacks on your system. It spits spams faster and blocks about 95% of the infected messages on IP connection data. Mxtools provide trusted IP and Domain data feeds that secures your infrastructure and system.
Mxtools have several products that lists:
- IP Block Lists
- Domain Block Lists
- Delivery Mechanisms
- Blacklist Informant
To make this possible, Mxtools partners with Spamhaus, URIBL, 250OK, and dnswl.org.
Senderscore: Senderscore helps in understanding the health of your email program. It identifies the health condition through scores between 0 to 100. It represents your sender reputation and shows how the mailbox providers might view your IP address. Since, every mailbox provider have different filtration processes, it takes a lot to understand how your Ip address will be perceived by a particular mailbox provider. Senderscore takes into account sender reputation that includes spam complaints, mailing to unknown uses, blacklists, and more.
II. Focus on your Email Content
Your email content plays a major role in deciding whether a mailbox provider will mark your email as spam or not. Starting with the email header to text body and signature, everything in your email must adhere to the spam laws. Below are few tips to follow:
No Spam Words
Avoid using words specifically marked as “spam” words. To get a list of such blacklisted “spam” words, please check the links as mentioned below.
Link Shortners can cause trouble
Avoid using link shortners (e.g. bitly.com). Shortened links in an email body increase the chances of the email to be marked as a spam email. This is because the shortened links cannot be verified at the receiving email server’s end for security breaches.
Manage your email sending reputation with the ISPs
Your email sending reputation can be enhanced by minimising the email bounce rates as well as the complaints. To ensure the same, make sure that your email list is up to date and only interested subscribers are listed. Sending emails to uninterested subscribers or wrong and old email addresses increases the chances of a bounce or subscribers complaining. An “unsubscribe” link at a prominent place in the email body and easy steps to unsubscribe from the list can reduce the email bounces as well as complaints to a large extent.
Say NO to broken links
Never use any broken links. Broken links let the receiving email server suspect your email to be spam. They are more likely to mark them as spam and not deliver the email at all.
Unsubscribe Link is a MUST
Add Unsubscribe link, Physical Postal Address and Web version in the email body. Adding these details to an email body enhances the trust factor of the email as being sent on behalf of a responsible marketing organisation.
Some more handy tips:
- These codes increase the probability of an email to be marked as a spam email.
- Add the “alt” tag to all the images in the HTML template of the email body.
- Avoid any attachments with the email to prevent the spam trap.
- Avoid using any external image links in the email body which can mark an email as spam.
How to test email body content for spam free emails, mention about services
The email body should not have any broken or unidentified links. The ratio between text and image should ideally be maintained at 60-40. Use of a single large image should be avoided. The email body should have as much text as possible instead of images. Services like “Litmus” or “Email on Acid” can be used to verify the email contents are compliant. Email builders like “Stamplia” can also be utilised for the same purpose.
Investigate the email body contents with “mail-tester.com” which can help point out the deficiencies in detail as well as the action required to be taken to sort out those shortcomings.
All advertising emails should carry a Disclaimer clause in the email body to enhance trust and reputation in the eyes of the ISPs. This clause is also required from the legal perspective.
III. Personalisation of Mailbox
To fight the spam menace, the different email boxes have done their own personalisation of the mailboxes. Some of the most common personalisation are as mentioned below:
Automated filtering of emails
Email boxes are automatically taking decisions on which emails to filter as spam based on the actions taken by the email box users. Suppose from the historical data; a mailbox gets to know that a certain user deletes a particular type of emails (e.g. emails on travel) without even opening them, the email box automatically places such emails in the spam box instead of placing them in the inbox.
Adding Sender Email Address in Recipient’s Safe List
Marketer should request the recipients/subscribers to add their email address to their safe contact list so that such marketing emails from the marketer should land in the recipient’s inbox rather than the spam box.
Text Only variation of Marketing Emails
For every marketing email sent, there should be a text only alternative of the email in case the recipient’s email box does not allow the HTML variation. Offering Text-Only alternative of the email improves the sending email address reputation helping emails land in the inboxes.
Automated Email Filtering based on Trends
Some email boxes are personalised in such a manner that even if a small percentage of the emails (let us say 20%) out of the total send by a particular IP Address lands in the spam box, the remaining 80% will automatically be made to land in the spam folder, instead of the inbox. This also applies in cases where a small percentage of the emails are reported for being spams by the recipients.
Email spams are the most common way of data breach practiced by hackers. With time, spams have become sophisticated to the point where it becomes difficult to identify one. The only solution we have in hand is to protect our data and adhere to laws as much as we can. If you have any other input that can add value to this article and to our readers, share it with us in the comments section below. We’d be happy to update our post. 🙂