By Chris Arrendale of Inbox Pros
This blog post is part 1 of a 4-part series on reaching the inbox with your marketing emails. Be on the lookout for parts 2, 3, and 4 in the upcoming weeks on how to ensure your emails are landing in the inbox.
One of the most overlooked aspects of email marketing is making sure that your emails actually get to the recipient’s inbox in the first place. There are many factors that influence email deliverability, and over the course of this blog series I’ll explain how you can best insure that people are actually receiving the messages that you’ve sent to them.
The first step to reaching the inbox is ensuring that your infrastructure is configured correctly with the email authentication records for SPF (Sender Policy Framework), DKIM (Domain Keys Identified Mail), and DMARC (Domain-based Message Authentication, Reporting, and Conformance).
I equate these types of email authentication to showing your passport to airport security before you get on the plane. SPF and DKIM are email authentication technologies that are essentially your “passport” to the network you are sending to. These technologies validate that you have permission to send using your supplied IP address and domain. If you are not passing these records, the recipient’s mail server will not be able to authenticate you and the email could be bounced due to lack of authentication. Even more importantly, if you do have these records in place, make sure they are passing and not failing. Below, I’ll break down what each of these email authentication records means.
SPF (Sender Policy Framework) is an email authentication standard that specifies what IP addresses can send mail for a given domain. This is the easiest authentication standard to implement and is the most widely used. Making sure that you add all of your outbound sending IP addresses to this record is crucial to passing SPF when emails are deployed. Your internal IT department should have access to all of your outbound sending IP addresses that you can combine into 1 SPF record. You can always review the email header of your outbound marketing program emails to see if you are passing SPF.
DKIM (Domain Keys Identified Mail) is the most comprehensive email authentication standard that signs each outgoing message with an encrypted key. Your ESP will keep the private key on their mail server, while you will update your DNS records with the public TXT record key. When you receive the TXT record, you will want to pass this information to your IT department so that they can update the domain’s DNS record with the TXT record.
DMARC (Domain-based Message Authentication, Reporting & Conformance) is a technical specification that aims to help reduce the potential for email-based abuse by solving operational, deployment, and reporting issues related to email authentication protocols. DMARC does so by utilizing ISP reports to identify possible phishing attempts on your brand. Through updating your domain’s DNS record, you can choose to not deliver emails that don’t pass a certain DMARC compliance that you have set up. There are 5 steps to getting started with DMARC:
1. Deploy DKIM & SPF. You have to cover the basics first.
2. Publish a DMARC record with the “none” flag set for the policies, which requests data reports. These reports will be sent back to you, in XML format, with details relating to other senders using your domain. There are tools out there, like dmarcian (can we include the link?), that allow you to send the XML reports to them for parsing and understanding.
3. Analyze the data and modify your mail streams as appropriate.
4. Modify your DMARC policy flags from “none” to “quarantine” to “reject” as you gain experience and review the reports. Doing so will adjust the emails, that don’t meet your domain’s criteria, to either be delivered to the spam folder or be bounced.
In the next post, we will talk about Step 2 of getting to the Inbox. Our focus in that post will discuss allow listing, suppression emails via a feedback loop, as well as researching your reputation.