Maximizing inbox placementPublished on 18 Oct 2005
Email Deliverability: maximizing inbox placement
Current figures show that in excess of 60% of all email in North America is spam. Over the past 24 months very real advances in spam filtering technology have ensured that the majority of this is blocked or delivered directly to spam folders. The downside of this efficiency is that a significant amount of legitimate email is not arriving in the intended ‘inbox’. Successfully ensuring inbox placement and that your email reaches your customer’s inbox is a fundamental requirement of any email project. However, recent survey results performed on a test group of 100 companies indicate that:
- 54% of companies were impacted by false positives (legitimate email stopped as spam).
- Over 33% of the companies paid for accreditation and/or certification programs. These programs did not provide protection against false positives – in fact the companies using them noted an increase in false positives.
- Half the companies surveyed out-sourced the deployment of their emails and had a slightly lower false positive rate than those who deployed from in-house systems.
- 73% of the companies impacted by false positives had SPF (Sender Policy Framework) authenticationimplemented.
The only way to gain maximum email deliverability is to continuously action, monitor and implement all possible technical and strategic penetration tools available. In today’s Newsflash we highlight a handful of the most important tools:
‘Maximizing inbox placement’
The following are some of the major technologies and techniques used to block spam and prevent fraudulent email from being delivered. It is essential to have a detailed understanding of each and take the necessary actions to ensure that your email campaigns are compliant.
- Sender ID: The Sender ID Framework is a type of email sender authentication. As sender authentication does not currently exist in today’s standard SMTP logic for email, spammers can easily disguise their identity and locale. Without sender authentication, email users have seen huge increases in email domain spoofing (falsifying the “from” address/domain) and phishing (fraudulent spam that attempts to capture private information or credit card numbers).
- SPF: SPF fights return-path address forgery and makes it easier to identify spoofs. Domain owners identify sending mail servers in DNS. SMTP receivers validate the envelope sender address against this information, and can distinguish authentic messages from forgeries before any message data is transmitted.
- Domain Keys: Domain owners digitally sign outgoing email and publish the corresponding public keys in DNS. Yahoo and GMail make use of Domain Keys for authentication.
- Identified Internet Mail (IIM): IIM applies cryptographic signatures to email messages to demonstrate that the sender was authorized to use a given email address. Message recipients can consult the sender’s domain to verify that the signature was authorized by that domain for that address.
- DomainKeys Identified Mail (DKIM): DKIM validates the identity associated with a message while being transferred over the Internet, holding it accountable for the message. DKIM uses public key cryptography to let users verify and maintain message integrity, and identifies legitimate messages. The proposed standard uses DNS in the same manner as DomainKeys. DKIM also leverages IIM header-signing technology, ensuring signature consistency as messages are sent through networks.
- Whitelisting/Accreditation: Whitelists are lists of trusted, opt-in emailers. Generally speaking, if you appear on the relevant whitelist or accreditation program, your emails will be delivered successfully. Very few ISP’s have their own whitelisting mechanism at a server level and tend to rely on users to whitelist at the mailbox level.
- Greylisting: Each time a given mailbox receives an email from an unknown contact, that mail is rejected with a “try again later” message. (This happens at the SMTP layer and is transparent to the end user.) This results in all mail getting delayed at least until the sender tries again. Most spam is not sent out using compliant mailers and therefore the spamming software will not try again later.
- Tarpitting: Tarpitting is the practice of inserting a small sleep in an SMTP session for each RCPT TO after a certain number of RCPT TO’s. The idea is to thwart spammers who would hand your SMTP server a single message with a long list of RCPT TO’s. If a spammer were to attempt to use your server to relay a message with, say, 10,000 recipients, and you inserted a five-second delay for each recipient, after the 50th, the spammer would be “tarpitted,” and would most likely assume that their connection had stalled and give up.
- Blacklisting or Real-Time Blackhole Lists (RBL): Blacklists are lists of known or suspected spammers that include their IP addresses and perhaps their domain name. RBL is a list of IP addresses whose owners refuse to stop the proliferation of spam. The RBL usually lists server IP addresses from ISPs whose customers are responsible for the spam and from ISPs whose servers are hijacked for spam relay. Subscribers to the RBL will know from which IP addresses to block traffic. Most traffic blocking occurs during the SMTP connection phase.
- Throttling: The email server will only accept a certain number of simultaneous connections from any particular mail server.
- Content filtering: A major goal is to ensure that the spam filters don’t reject or place the email in the Bulk folder based on message content. Spam filters block messages that are detected to match program-specified or user-specified criteria, such as words in the subject line like “FREE”, or messages that are detected to be machine-generated, part of a bulk mailing, or from a known source of spam. Other spam filters, such as Bayesian and heuristic programs, take a more complex approach to detecting spam.
Strategies and technologies exist to take all of the above into account, but lack of reporting is your biggest hurdle. It is a pre-requisite of any email project that you have the tools to accurately measure not only your true delivery rate, but also certainty that your customers received, read and actioned your email. While this short Newsflash is by no means conclusive, it’s aim is to highlight the intense and complex levels of effort required to ensure maximum inbox penetration. Striata offers highly advanced Email Deliverability Services as an integral part of every secure email bill presentment & payment project. Our average North American delivery rates continue to exceed 97%, which is well above the industry average.
Improve the customer experience with secure document delivery today