NETWORKWORLD www.networkworld.com April 1, 2011 The Leader In Network Knowledge Five best practices to improve your email delivery success rate In the modern day world of email delivery, recipient ISPs place great amount of emphasis on verifying the legitimacy of senders email to their customers. By Linda Musthaler, Principal Analyst with Essential Solutions Corp. I recently helped a client conduct a marketing verified but not counterfeited by a third-party source. campaign via email. This company sent an email The signature, which is included in the message by a message to more than 2,400 people and had a dismal relay server in the delivery chain, proves that the response rate of 14 people. Looking back, we now see message passed through that server. This helps that at least part of the problem could be that the prevent spammers and scammers from creating message was blocked from recipients' inboxes for fraudulent messages appearing to come from that various technical reasons. source. In the modern world of email delivery, recipient ISPs DKIM does not prevent spam from passing through a place a great amount of emphasis on verifying the network, but it gives recipient servers confidence in legitimacy of senders attempting to send email to their the source of the message. Recipient servers can then customers. As email volume increases, so does the more confidently use the reputation of the delivery abuse of email by illegitimate senders using bots and network in order to judge whether a message is other techniques to send spam, viruses, malware, legitimate or not. phishing ploys, and so on. As ISPs continue to clamp down on their war against these illegitimate senders, Configuring DKIM requires the functionality to be legitimate email senders can easily get caught in the enabled in the outgoing mail server, and it requires a crossfire, resulting in their emails not being delivered small TXT record to be added to the DNS configuration or being delivered to the spam folder. of the sending server's domain. The simplest way to check whether a mail server is sending DKIM-signed There are important best practices and principles that messages is to deliver a message from the server to a must be followed by legitimate senders to avoid the yahoo.com or gmail.com address. Once delivered, you crossfire. These principles apply to anybody running can check the Full Headers of the message received to an email server that delivers outgoing email messages, determine if the message passed the DKIM checks of regardless of the volume or content of those messages. that recipient ISP. If your company does any sort of email marketing or customer communications, your email administrator Here is a Wikipedia article for further reference. needs to be cognizant of the settings listed below, which have been provided to us by Heath Morrison, Here's a tool that SMTP.com provides for checking a vice president of technology for SMTP.com, a service domain's DKIM records in DNS. provider focused on email delivery. SPF records Each of the following gives recipient ISPs a means of evaluating the legitimacy of a mail server that is The Sender Policy Framework (SPF) is another Internet attempting to send them email: standard for authenticating email messages. Unlike DKIM, however, SPF allows recipient ISPs to DKIM settings authenticate the sender listed on the From header of an email message. It does this by giving domain owners DomainKeys Identified Mail (DKIM) is a modern a means of specifying which IP addresses on the Internet standard for authenticating the delivery chain Internet are allowed to send email on their behalf. for email messages. It operates by signing messages Recipient ISPs check the IP of a sending server against with a special cryptographic signature that can be this list of valid sending IPs to determine if the sender Copyright 2011 by Network World, Inc., 118 Turnpike Road, Southborough, MA 01772. This article originally appeared in the Network World IT Best Practices newsletter, April 1, 2011. Reprinted with permission from Network World.
is legitimate or not. It is important to always use a valid email address on the envelope of email messages, and to ensure that MX To configure SPF, domain owners must create a special records for the domain are configured in a way that TXT record in their DNS configuration listing the valid allows that address to successfully receive replies. IPs for relaying email. The great thing about SPF is that Here is a Wikipedia article for further reference. it is not necessary to make any changes to the outgoing mail server. IP blacklists Reverse DNS An IP blacklist is a third-party service that tracks IP addresses that people may not want to receive email A standard, forward DNS record is the association of a from. Servers receiving email can subscribe to the hostname with an IP address on the Internet. The blacklist service to help them determine IPs that they corollary to this is reverse DNS, which uses an IP should reject email from. Blacklists may include IP address to look up a hostname. Despite their addresses that have previously sent spam or viruses, or similarities, these two records are independent. even IPs that simply represent computers on the Forward DNS is configured by the owner of the domain. Internet that don't have normal reasons to be emitting Reverse DNS, however, is configured by the ISP that email. controls the IP address. There are a few common ways for a normal, well- In the world of email it is important for everything to managed mail server to find itself on a blacklist: match. When a mail server receives a connection from a infected computers with access to send email through particular IP address, it performs a reverse DNS lookup the server, bad behavior by users of the server, or pre- for that IP address. This yields a hostname. The server existing conditions. then performs a forward lookup on that hostname and checks whether the resulting IP address matches the It is important to always check the status of a fresh IP original IP address used. This is called forward- against all major blacklists, to ensure that previous confirmed reverse DNS (FCdDNS). If these records do tenants on the IP had not behaved in a way to land it on not match it can impact the delivery success for a blacklist. It is also important to periodically check the messages from that IP address. blacklist status of an IP, particularly after any incident where spam email may have been sent from the Here's a Wikipedia article for further reference. network. Here's a tool that SMTP.com provides for checking Here is a Wikipedia article for further reference. FCdDNS for an IP. For more information about the practices listed above, MX records contact SMTP.com. One of their resources that might be useful to you is the "The CAN-SPAM Act: A In the world of email, MX records are DNS records that Compliance Guide for Business" white paper. Even designate the servers handling incoming email for a legitimate email can be considered spam if you don't particular domain. This is part of the basic framework follow the law. of the Internet that allows senders to successfully route email to recipients. Surprisingly, in the modern world of email, the MX record of a domain plays an important role not just in incoming email but also in outgoing email. Recipient ISPs place a huge emphasis on the legitimacy of the sender and server attempting to deliver email to their users. To that end, when looking at the From address of a message, some recipient ISPs evaluate whether reply messages for that From domain can successfully be delivered. If an email address contains an invalid domain, or if the domain does not have the 255 Harvard St. #305 basic facilities for receiving a reply message, recipient Brookline, MA 02446 mail servers may choose to reject or delay messages to Phone: 1-877-705-9362 their users. www.smtp.com