Looking past the ABCs of Email Deliverability

A few weeks ago, everyone was wondering if email deliverability had something to do with soft December online returns. M+R was the first to suggest this could be a factor and asked the question. In a quick follow-up, they suggested it wasn’t. Yes, email revenue was down in December, but response rate was similar – without some context, this stat may not be the best metric of email deliverability. (Also, the sample size was small and many of the respondents had already been cleaning up their lists. Perhaps we’ll know more as M+R collects more data for their larger benchmarking report.)

In my last blog on email deliverability, I outlined a few simple ways to start cleaning up your email program to improve inbox placement. This blog is for those of you who want to delve a bit deeper into the subject – or have tried all those tactics and still don’t see any improvement.

Email Deliverability 201 (I should really rename this the syllabus for Email Deliverability 201. I’m going to highlight some major factors in deliverability that reside behind the kitchen doors. But just like a restaurant, all you’re really seeing is the amuse bouche.)

1.       Authenticate your email and your organization’s domain. Yup. I’m getting all techie right out of the gate. But these steps are probably the most critical because if all your authentications aren’t properly aligned, you’re on your way to tanking your sender reputation (think of it like a credit rating—the higher the better and a critical factor in email deliverability).

Why? Because fully authenticated outbound emails (the ones you send) tell inbound email platforms (Gmail, Yahoo, Hotmail, etc.) that you are who you say you are. In other words—you’re not the Prince of Africa needing $3 million wired to a bank account in the Cayman Islands (i.e., you’re not being spoofed or phished).

Even if no one is taking unauthorized control of your domain, unproperly aligned authentication will still send a signal to email platforms and they’ll immediately start moving your emails right into spam (if they deliver them at all). So, what does authentication include?

a.       SPF – Sender Policy Domain Keys. SPF allows the email platform to verify that the email it receives addressed to one (or many) of its users that claims to come from your organization is really allowed to send messages on behalf of your organization. How? Because organizations list which IP addresses are authorized to send email on behalf of the domain (organization). It’s your first line of defense against spoofers. Want more? Go here: openspf.org

b.       DKIM – Domain Keys Identify Mail. Domain Keys are two keys – public and private – that the email platform uses to make sure the email sender’s message didn’t get changed in transit. When folks talk about DKIM, you’ll hear a lot about “signing”—because whatever is signed with DKIM (a few fields in the header, the whole message) must remain unchanged when it arrives at the email provider. DKIM is complicated and can lead to a lot of authentication failures. Have lots of fun reading more about it here.  😊

c.       DMARC – Domain Message Authentication Reporting & Conformance. Ah, my favorite. DMARC is an added layer of protection over SPK and DKIM. Do you need it? Absolutely. Most of the major email platforms now require that you’re DMARC compliant. It allows valid senders (us) to work with email platforms to weed out spoofers and phishers.

DMARC also tells email platforms what to do with specious messages and provides daily reports back to you on any specious activity. (Although I’ve tried to read some of these reports, it ain’t easy. I’ve had flashbacks to my Organic Chemistry classes in college.) Here’s all you need to know (and more) about DMARC.

Whew. That was A LOT. But, it’s important. You FAIL (all caps deliberate here – open up any of your email headers and if you fail SPF, DKIM or DMARC, it will be in all caps) and you’re in spam and your reputation starts free falling (cue Tom Petty here!).

Most of this is taken care of by your IT department, but when email is a big source of your online revenue, it’s worth knowing about and making sure your always authenticated (just like your BRE account is always full).

2.       Create sub-domains. Sub-domains are great ways to separate different types of emails that may be sent out from your organization. Subdomains allow you to keep your organization’s branding consistent, while protecting the deliverability of your different email streams. At a minimum, you may want to create two subdomains – one for your direct response list and one for your main organization. Or, you could create many – based on how many departments send to their own mailing lists.

Note: If you are going to move to sub-domains, make sure you warm each one up just like you would any IP address (i.e., slowly and patiently—around 3-6 weeks) and authenticate the subdomain.

Creating and moving to a subdomain needs to be thought through very thoroughly – there are some very good reasons why you may not want to move to a subdomain – at least not yet.

3.       To share or not share IP addresses? My favorite question. When you use an ESP with shared IP addresses, then your reputation could be affected by the reputation of the other senders. When you’re sending off a dedicated IP address, your mistakes are all your own – and there are no other senders to help you boost your reputation.

The answer is complicated and based on your current reputation, your list size and future growth plans, your internal infrastructure and your dedication to implement today’s and future best practices.

In short, smaller organizations may benefit from shared IP addresses that are known for the quality of their servers. (Want to know if an ESP has quality servers? Ask how many clients they’ve let go because of dirty email lists – you want an ESP that polices their customers’ lists.) Larger organizations may benefit from a dedicated IP address – if they have the infrastructure and the organizational buy-in to adopt the best practices.

SPF, DKIM and DMARC are the areas you turn to after you’ve pared down your list to just actives, stopped engaging in poor hygiene and acquisition practices, and started providing interesting and relevant content. Basically, you know your mail got onto the postal truck, but it just wasn’t delivered (sorry—flashback from 1998).

Sub-domains and moving to a new IP address are options after you’ve tried to repair your reputation and you remain stuck with a low sender score, soft open rates and more emails hitting spam than the inbox.

Regardless, after many years of analyzing organizations’ digital programs, I can still say that email deliverability is one of the top three reasons that a digital program isn’t growing at the rate it should be. And email should be the workhorse of your digital program—so if you can’t get your emails into your donors’ inboxes, then you’ve already lost before you hit send.