I read blogs, as well as write one. The 'blogroll' on this site reproduces some posts from some of the people I enjoy reading. There are currently 4 posts from the blog 'Postmark.'
Disclaimer: Reproducing an article here need not necessarily imply agreement or endorsement!
One of our most popular tools is the DMARC Weekly Digests we provide to anyone (for free!). We process the XML reports from major ISPs about your domain’s DMARC alignment, and turn them into easy-to-read weekly email digests (if you’re not sure how DMARC can help to monitor and secure your email, check out our DMARC Guide).
The problem is that DMARC reports can be difficult to understand — and it’s even more difficult to figure out what actions you need to take based on the information. The most frequent support question we get about DMARC reports is, “Should I be worried about this?”
So we decided to take our DMARC reports a step further. Instead of just showing you synthesized DMARC information, we now include helpful tips on how to address each of the possible issues you might see on the IP addresses that are sending on your behalf. In this post I want to provide a brief overview of the biggest changes we made to the report.Better IP address grouping
We used to group sending IP addresses by what we called “trusted” and “untrusted” sources. This created a lot of confusion. We now group domains a bit differently:
- Your sources are IPs that we know belong to you based on various DNS checks we do.
- Other sources are IPs that are sending email on your behalf, but we can’t verify that they belong to you. In general this isn’t something to be concerned about, but we also give you tips on how to make sure there is no malicious activity going on.
Instead of just telling you if SPF/DKIM passed or failed on your domains, we now also give you tips on what to do to address some common issues with DMARC alignment. In the example below, we know you are sending mail through Postmark, so we can give you very specific recommendations.
In scenarios where you don’t send through Postmark we still give you some general advice and documentation to help you resolve issues:Those pesky email forwards
Another question we get a lot in support is, “Why is DKIM passing on this source I don’t recognize?” While it might be tempting to assume this is due to someone getting access to your DKIM key and spoofing your domain, odds are it is due to a more benign reason — email forwarding. We now include information about email forwards in the digests as well:Existing DMARC policy details
Some customers have DMARC policies set up to reject or quarantine emails from unknown sources (see our DMARC guide for more information on this). Your report will now show your current policy if you have one:Let us know what you think!
For those of you who are already signed up for DMARC reports, we’d love to know what you think about the new format. What other information would be useful? Is there anything missing for you? Just reach out to the support team with your suggestions.
And if you don’t use our DMARC tool yet, now would be a great time to sign up for this great resource.
In this blog series we’ll discuss how we came to the conclusion that manual account approval will help us maintain the best deliverability for all of our customers. In Part 1 we discuss how ISPs establish and track your email’s delivery reputation . Part 2 focuses on things you can do from your side to make sure your email gets delivered reliably . And in part 3 we discuss how all senders share the responsibility for good delivery, and how that led to our decision to move to a manual approval process.How sharing reputation and responsibility can improve delivery
As we explored in a previous article, reputation is tied to both your domain and IP address. While your domain is something you own, you’re likely to really only be renting your IP address. Building reputation on your domain helps protect your brand and makes your reputation more portable between providers. Additionally, with the onset of IPV6, IP addresses are becoming increasingly disposable, and so inbox providers are shifting some of the weight of reputation towards domains. Nonetheless, your IP address will still contribute meaningfully to your reputation.
...pushing customers towards dedicated IP addresses is also a means for ESP’s to retreat from their overall responsibility for delivery while charging customers more.
The standard solution for a better reputation and improved delivery is to use a dedicated IP address so that you’re not sharing your reputation with any unsavory senders. While this makes sense on the surface, pushing customers towards dedicated IP addresses is also a means for ESP’s to retreat from their overall responsibility of delivery while charging customers more. A dedicated IP can help insulate you from delivery problems, but it’s not a silver bullet.
There are a few caveats to dedicated IPs that are worth considering:
- If you don’t have enough volume to establish a solid reputation, a dedicated IP address won’t help as much.
- If you have a significant increase in sending volume in a short period of time, it could hurt your sending reputation. With shared IPs, these sending increases can be absorbed and spread across IP addresses so your reputation isn’t affected.
- IP addresses have to be warmed up. If something does happen to hurt the reputation of your IP address, warming up a new IP takes time. You may be limited in the volume you can send for some time while you build reputation on the new IP address.
- Dedicated IP addresses usually cost more. Providers advertise really cheap rates for sending, but then ask you to pay extra for “improved deliverability” so the rates aren’t always as appealing as they look. In a way, this also gets them off the hook for delivery by pushing that responsibility on to you.
- If you send both bulk and transactional, you’ll want multiple dedicated IPs in order to compartmentalize the reputation. So your costs are increased even more.
For these reasons, and others, we believe that a pool of well-policed shared IP addresses is the best bet for the vast majority of senders. Of course, once you reach a point where a dedicated IP makes sense, we’ll handle that for you free of charge.
The key with shared IP addresses is that messages must be very well-policed. This means that bad senders need to be detected ahead of time or shut off quickly when they misbehave, and affected IP addresses need to be taken out of rotation. Moreover, customers should never have to request that their provider move them to a different IP address. It should be the provider’s responsibility to ensure that customers are on healthy IP addresses.
So, what does a shared IP with Postmark mean to you as a sender?
- First and foremost, we take full responsibility for your deliverability. If there’s a problem, it’s our job to handle it. If it turns out that it’s a problem that’s not our fault, we’ll still help you troubleshoot and work closely with you to find a solution.
- If there is a problem with an IP address in our pool, we can quickly take it out of rotation, and we bear the burden of fixing the problem. You keep on sending without skipping a beat because we won’t leave you sending form an unhealthy IP address.
- You share in the benefit of great delivery while simultaneously bearing the burden of maintaining high standards for your email. It’s our responsibility to close monitor abuse and misuse so you can focus on sending instead of worrying about whether something is negatively affecting your reputation.
- You can relax knowing that we aren’t pushing deliverability responsibility off onto you by making you pay extra and warm up a dedicated IP address.
- You don’t have to bear the burden of warming up an IP address. You can hit the road running knowing that your emails will get there quickly.
At Postmark, we’ve built a community of customers that care deeply about their email and deliverability. They embrace email authentication and only send transactional emails. The way we do this is by being extremely careful about the emails that are sent from Postmark since our reputation, and by extension your reputation, is only as good as the other senders using Postmark.
We all have a shared responsibility to uphold to ensure great delivery, but, as your email provider, we also have a responsibility to you to ensure that you’re surrounded by only the best senders. We take that responsibility seriously, and we have to closely monitor and approve who sends email through Postmark, and that means that you can always be confident we’re taking the best possible care delivering your emails.
In this blog series we’ll discuss how we came to the conclusion that manual account approval will help us maintain the best deliverability for all of our customers. In Part 1 we discuss how ISPs establish and track your email’s delivery reputation. Part 2 focuses on things you can do from your side to make sure your email gets delivered reliably. And in part 3 we discuss how all senders share the responsibility for good delivery, and how that led to our decision to move to a manual approval process.Differences in delivery between transactional and bulk email
When you’re sending emails, engagement matters, and engagement differs significantly between transactional emails and bulk emails. The effect on your reputation is significant enough that Gmail officially recommends sending your bulk and transactional email from different domains.If you send both promotional mail and transactional mail relating to your organization, we recommend separating mail by purpose as much as possible. You can do this by:
- Using separate email addresses for each function.
- Sending mail from different domains and/or IP addresses for each function.
By using these tips, it's more likely that the important transactional mail will be delivered to a user's inbox. Our guidelines are meant to help you build a good reputation within the Gmail system, resulting in continual delivery to Gmail inboxes. Why is engagement so different between transactional and bulk?
Transactional emails like password resets and receipts see significantly higher open, read, and click rates than bulk promotional emails like newsletters do. When you consider the context, this makes more sense. When someone requests a password reset, they immediately go to their inbox to find it, open it quickly, and follow the link inside. It doesn’t get much high engagement than that.
Now consider bulk emails like newsletters and marketing announcements. Even if your entire list is double-opt-in and carefully curated, people aren’t sitting there waiting for these emails. With a consistently great newsletter they may look forward to receiving them, but those emails are rarely time-sensitive, and so they’re lower priority in recipients’ inboxes. In many cases, they simply won’t be opened at all. The result is lower engagement, and your reputation is lower as a result.
Simply put, your customers place more value on your transactional emails than your bulk emails, and the higher engagement means more reliable delivery for those emails.What do the differences mean for you?
If a newsletter goes missing, you probably won’t receive any complaints, but if a password reset email or receipt goes missing, you’re guaranteed the customer will reach out to support. If delivery is bad enough, it could literally be costing you money through customer support and lost customers. Your transactional emails are simply too valuable to let your marketing emails affect your sending reputation.
If you’re sending them from the same domain and IP address, your bulk emails may even drag your domain reputation down to the point that your transactional emails get sent to the spam folder. You need to protect the reputation of your transactional emails, and you want to be confident they’ll get to the inbox.Tools of the trade
Beyond delivery, transactional and bulk email simply have different needs in terms of tools. Due to the importance of transactional emails, tools that help you track and troubleshoot specific missing emails are critical. With bulk, however, it’s unlikely you’ll ever need to track down a lost email. That’s where benefits like storing the full content of every email for 45 days comes in handy. If there’s a delivery issue, you can track down and see every detail of the life cycle of that email.
Being totally honest, as an email service provider, there’s more money in sending bulk email. When you make money off quantity, bulk is always going to generate more revenue than transactional. For most providers, transactional is an afterthought. It’s an add-on to their marketing-centric toolset, and it’s usually treated as such. With Postmark, we’ve decided to forgo sending marketing emails and focus exclusively on transactional emails.
Finally, while tools for sending bulk email can largely stand alone, a transactional email provider is a key piece of your infrastructure, and you need to be able to closely integrate with your systems. This means seamlessly handling details like bounce handling, open tracking, link tracking, and processing inbound emails. For a bulk email provider, you may be able to tolerate a simple API and developer tools, but for a piece of your infrastructure, nothing beats a provider that’s focused purely transactional email for applications rather than trying to do both transactional and bulk marketing email.Separating and protecting your reputation
The first step to improved delivery for your critical emails is separating your bulk email sending from your transactional email sending. With some providers, you could do this via dedicated IP addresses, but often times, that’s not enough. ISPs are smart enough to look not only at individual IP addresses but also at ranges of IP addresses. Having a dedicated IP address simply isn’t a silver bullet.
In addition to dedicated IP address, sending from different domains, subdomains, and email addresses can help further separate your bulk and transactional reputations so the inbox providers don’t penalize your critical emails due to the lower reputation of your bulk emails.
In our next article on delivery and reputation, we’ll dive into IP reputation and our beliefs about how a well-policed set of shared IP addresses will lead to more reliable and resilient delivery than dedicated IP addresses.
In this blog series we’ll discuss how we came to the conclusion that manual account approval will help us maintain the best deliverability for all of our customers. In Part 1 we discuss how ISPs establish and track your email’s delivery reputation. Part 2 focuses on things you can do from your side to make sure your email gets delivered reliably. And in part 3 we discuss how all senders share the responsibility for good delivery, and how that led to our decision to move to a manual approval process.Establishing and tracking email delivery reputation
With email, reputation matters. A lot. If you want outstanding deliverability, you need an outstanding reputation, and unless you’re really familiar with the ins and outs of email delivery, your own mail servers probably won’t get you there. Reputation can mean the difference between landing in a recipient’s inbox, being quarantined in the spam folder, or just outright deleted by the provider without being delivered at all.
Unfortunately, inbox providers’ approaches to reputation are complicated. They’re constantly improving their algorithms, and they necessarily keep them a secret so spammers can’t adapt to work around them. Fortunately, there’s plenty of information that’s publicly available, and a basic understanding of what’s happening can take you a long ways.
There's one underlying truth to remember about reputation: it's difficult to earn a good reputation but easy to destroy it.
There's one underlying truth to remember about reputation: it's difficult to earn a good reputation but easy to destroy it. Reputation revolves around trust, and building trust takes time. It can’t be faked, but in some ways, it can be shared. (More on that in a bit.) So let’s take a look at how inbox providers establish and track reputation.
So how do inbox providers establish and track reputation? As time goes on, inbox providers are becoming increasingly savvy about how they determine a sender’s reputation. These days, the most significant factor is engagement, but other factors like using email authentication standards and a variety of other signals combine to collectively influence whether your emails are delivered to the inbox.
While there are technical aspects of modern spam filtering and reputation tracking, few things matter as much as whether your recipients want and expect your emails. There are multiple factors and metrics that contribute to this, but few matter as much as whether recipients are explicitly reporting your emails as spam. The only way to prevent that is to send great emails that people want.
Spam reports aren’t the only metric. They’re just the safest and most explicit metric. But providers pay attention to other engagement factors as well. Are people opening your emails? How long are they reading them? Are they clicking on links? Are they replying to the emails? Are they deleting them without opening them? All of these factor into engagement, and the inbox providers use them to classify your emails somewhere on the spectrum of wanted and unwanted.
Even using a no-reply address can indirectly hurt your engagement because recipients won’t reply. The result is that you miss an opportunity to increase your reputation through additional engagement on the part of the recipients.
You can’t fake engagement. Your recipients either open and read your emails, or they don’t. If your engagement is high, your reputation will be solid. If it’s low, your emails could very well end up in the spam folder or not delivered at all. Ultimately, engagement is entirely in the hands of your recipients. So higher quality and more useful emails are the only way to lift engagement.Authentication and IP Addresses
For the most part, reputation is tied to IP addresses, IP address ranges, and domains. For example, one of the initial attempts to mitigate spam was that ISPs considered whether an email originated from a commercial IP range or a residential range with the idea that they could effectively drop email from residential ranges.
Now, with the move to IPV6, as IP addresses become even more disposable, providers are increasingly tying reputation to domains by relying on DKIM authentication. With reputation, there’s incredible value in controlling your own reputation because your reputation can move between providers, but at low sending volumes, you simply don’t send enough to establish a reputation. That’s where using an established email service provider like Postmark can help you get started quickly and ensure great delivery.
The first step with sending email is to ensure that you’re using a domain that you control. The second step is ensuring that you use DKIM and SPF to authenticate the messages you send. This enables inbox providers to begin to associate reputation with your domain. So when you switch providers, you can maintain that reputation even though your IP address may change. This will also help avoid markers in email like "via" tags, question mark avatars, and similar visual cues that make your messages look less legitimate.
The other piece of reputation tracking revolves around IP addresses and IP ranges. You can maintain control of these by running your own mail servers, but unless you’re sending significant volume, you may not be sending enough to establish a reputation for your IP address. In these cases, you can either use a shared IP address with a provider or get a dedicated IP address from the provider.
At Postmark, we don’t believe that "improved deliverability" should be an up-charge.
With shared IP addresses, your reputation can only be as good as the other senders using the same IP address. Depending on how well your email service provider polices their IP addresses, that could mean delivery issues.
With most providers you can send from their shared IP addresses for a very low cost, but those IP addresses will be poorly policed. You'll inevitably run into delivery issues, at which point those services will recommend you upgrade and pay extra for a dedicated IP address. Unfortunately, without significant volume, a dedicated IP address may not guarantee improved delivery. You'll also bear the responsibility for warming up your dedicated IP address, and that can be a tedious and error-prone process. Moreover, many corporate email providers also tie reputation to IP ranges. So if you’re on a range that’s suspected of sending spam, a dedicated IP address still may not help, and your delivery could still suffer.
At Postmark, we don’t believe that "improved deliverability" should be an up-charge. If a customer reaches a volume where a dedicated IP address makes sense, we set them up on a dedicated IP address at no charge. We stand by our shared IP addresses, and you'll receive the same high quality of delivery regardless of how much or how little you spend. For lower volume senders, you’ll see better delivery on a well-policed set of shared IP addresses than you would on a dedicated IP address.