Getting to a Google user’s inbox can be a complicated maze to navigate. Some of your emails arrive fine while others seem to hit only the Spam folder. The biggest factor is Google’s Bulk Sender Requirements. If you adhere to those rules, your email is most likely to make the Inbox. DMARC compliance, of course, is a base requirement.

But, what if you are still hitting the Spam folder?

Google is Judging Your Content

Remember that Inbox Providers are trying to provide a service to their customers. Part of this service is to improve the quality of their inbox experience by reducing spam emails and surfacing only email that their customers want to receive. Google categorizes emails in several ways:

• Primary – Person-to-person email, direct business correspondence, etc.
• Promotions – Newsletters, ad campaigns, sales circulars, etc.
• Social – Notifications and invitations from social media platforms.
• Transactional – Receipts, order confirmations, order updates, etc. Transactional can end up in Primary or Social.
• Bulk – Email sent to a significant number of Google inboxes. Promotions are a bulk form of email.

As a marketer, you will want to land in the category most likely to get opened: Primary. However, Google and their customers want your email to be properly categorized so that they can prioritize their email. What folder or category your email ends up in is largely due to the content of the message!

What Content Gets You to the Spam folder?

Google is also judging your content versus other email content and user sentiment about those emails.

Google has four main reasons for marking your email as spam:

1. Content is similar to other messages marked as spam.
2. Content is similar to yours was used to steal personal information.
3. Links in your email were suspicious.
4. Emails from your Domain have been marked as spam in the past.

You can see the messaging Google uses in their web UI, in the screenshots below

What can you do if you have Content Reputation Issues?

The good news is that you control your content. You have the option to make changes to your emails before you hurt your domain reputation.

MxToolbox recommendations:

1. Send separate and distinct emails for transactional and marketing purposes and do not mix marketing messages into a transactional email.
2. Use distinct subdomains for Person-to-person, Transactional and Marketing emails. This will solidify the separation to Google and given their algorithm a clue into proper categorization.
3. Review your Marketing lists regularly and prune outdated contacts in order to reduce the likelihood of your email being categorized as spam.
4. Review your Marketing content for spammy/histrionic language.

How can MxToolbox help?

MxToolbox Delivery Center provides the email delivery management and monitoring that you need to keep your messages flowing.

• Monitor DMARC compliance rates across all senders. DMARC is key to making the Google Inbox.
• Closely monitor your Gmail Spam rate. Being reported as spam by a few senders will get you marked as spam in all Inboxes.
• Check your email for 1-Click Unsubscribe, a requirement of Google, Outlook.com and Yahoo! bulk sender rules.
• Analyze your campaigns for other potential reasons to miss the inbox with Inbox Placement. Our MxTips ™ give you insight into potential Content Reputation Issues by analyzing your campaigns before you send them.
• Alert you to issues while they’re occurring to enable quick resolution and damage control.

For over a decade, Gmail users online and in mobile devices have been using the “Promotions” tab. With the release of iOS 18, Apple device users will now have a similar experience in the Apple Mail application.

Apple Mail introduces Categories

With iOS 18, Apple Mail will categorize all incoming email into four separate buckets:

• Primary: Most important messages from contacts and time-sensitive mail
• Transactions: Receipts and order confirmations
• Updates: Newsletters, social notifications, and all other messages
• Promotions: Marketing and sales emails

In addition, the Apple Mail client will adopt BIMI support to append icons to DMARC and BIMI compliant email and provide extended Snippets to allow users to get a more in-depth, quick view of the email content.

How does this affect Senders?

Around 55% of iOS users manage their email in Apple Mail, while around 30% use the Gmail application. In addition, historically the majority of iOS users adopt the latest operating system upgrades quickly. Senders can expect near immediate adoption of the new Apple Mail meaning changes to (probably reductions of) Open Rates, Click Through Rates and probably increased Unsubscribe Rates. Email Senders, especially marketers, will have a new landscape to navigate. Making the Inbox may no longer be sufficient to get your message across – “Primary” may be the new goal.

What can Senders do?

• Adopt DMARC – You message has low chance of making the Inbox without DMARC
• Get your DMARC to a Reject posture – Adopting DMARC is not enough. You need to actively manage your email senders and get your email in a position so that a Reject policy protects your brand.
• Adopt BIMI – The new Apple Mail application will feature BIMI support. Having your company’s icon/logo next to your email will give customers comfort and trust, making them more likely to open it.
• Stop Cold Outreach Email – Our article, The Days of Unsolicited Email are Over, goes into detail about why this practice will destroy your ability to send email.
• Improve your email targeting and content – Learn more: Does email content affect your email delivery? | MxToolbox Blog.
• Use separate subdomains for marketing and transactional email – This can help Apple Mail and Google classify your email better. You want your users to find your Transactional email in the Transactions folder and your Promotions in Promotions. This gives them comfort and will cut back on Unsubscribes.

How can MxToolbox help?

MxToolbox Delivery Center is our suite of tools and monitors to actively manage your email deliverability across all Inbox Providers. We enable you to:

• Setup DMARC quickly and easily
• Actively manage your response to DMARC reports and DMARC compliance rates to help you make the Inbox
• Migrate to a DMARC Reject policy
• Adopt BIMI
• Monitor and alert on Spam Rates to protect your email delivery
• Proactively test your email for Inbox Placement issues
• Parse your message for common issues like spammy content, broken links and link shorteners
• And much more…

If managing your email delivery sounds complicated… We even over a Managed Services option. We’ll work with you, make suggestions, help with configuration and proactively monitor your email delivery to enable you to concentrate on your business.

In the early days of the Internet, purchasing a list of email addresses was a legitimate business tactic. Lists were a new thing, sending an email was basically free, email servers accepted almost all email and spam was not much of a problem.

Spam – Unsolicited email that is sent in bulk.

Let me say this unequivocally, if you purchase and use email lists, You Are A Spammer. Any email sent in bulk that was not opted into by the recipient is considered spam. If you have zero prior contact with this email address, you are spamming it. It does not matter if you have a legitimate business and that you are not trying to scam the recipient, your email is still unwanted. Think of email spam as equivalent to the pile of unwanted ads in your regular mailbox. You didn’t ask for it and it wastes your time and resources to get rid of it.

Inbox Providers Have Ramped Up Spam Defenses

The main goal for Inbox Providers is to protect their users by eliminating irrelevant, unwanted and dangerous emails. Over the last 20 years, Inbox Providers have applied multiple layers of defenses around their inboxes:

• Checking senders against Blacklists/Blocklists
• Refusing non-TLS encrypted email
• Checking SPF, DKIM and DMARC configurations and then bouncing non-compliant email
• Scanning email attachments for malware
• Scanning email links for potential malware websites
• Checking content for known spammy verbiage
• Deprioritizing email campaigns sent to closed, unused, or non-existent accounts
• Aggregating sentiment across recipients

Now, using Aggregate Sentiment algorithms and AI, Inbox Providers can detect campaigns that have low relevance, start from purchased lists, or are likely to be marked as spam and drop the entire campaign in the spam folder. Further, some senders dependent on purchased email lists have reported all email from their domain being binned – essentially burning out their sending domain.

What can you do?

The first thing you need to do it stop depending on purchased email lists for prospecting, continuing to do so could burn out your domain reputation. To do this, you need to look at other methods for lead generation:

• Online advertising
• Word of mouth
• Social media advertising
• Opt-in email newsletters

How can MxToolbox help?

If you have burned out your sending domain, MxToolbox can help you setup a new email sending domain, configure email best practices, etc. however, you must change your email practices or this will happen again. DMARC, and a DMARC management tool like MxToolbox Delivery Center will help your sending domain achieve the best possible email delivery. In addition, our Inbox Placement feature will tell you if your campaigns are being dumped into the spam folder or making it to the Inbox and analyze your email for potential inbox placement issues.

Blacklists have been around for over two decades, meaning that blacklists (blocklists or deny lists) existed before most humans were on the Internet. The goal of blacklists is to remove Spam email from the Internet, however, the implementations and algorithms vary dramatically. A few of examples:

• Spamhaus ZEN CBL reports the IP address of sources of email that have been infected with Viruses or Malware. Even if your email was not used for spam, your computer could be.
• NoSolicitado reports sources of Spanish language spam. There are many other language-based blocklists.
• CASA CBL reports source of spam received by the China Anti-Spam Alliance.
• FABELSOURCES reports entire networks that are the source of spam. There are several similar lists, including UCLPROTECTL2 and L3.
• Open-Relays Verifying Engine Database List (ORVEDB) lists IP numbers of hosts that the Open-Relays Verifying Engine (ORVE) verified that are Open-Relays machines. Open relays are basically a purposeful or accidental email server misconfiguration that promotes spamming.
• The Abusix Domain Blacklist contains domain names that have been identified being used in spam, phishing, or malware. Note: There are very few actual domain blacklists so the MxToolbox SuperTool also checks the IP address in the A record for the domain to see if the server has been compromised.

The Topic of Coin – How do Blacklists Make Money?

Early on Blocklists were free subscriptions for anyone to use to help reduce spam email to their servers. Since the lists were small, these were setup to be shared via FTP and then as the lists grew bigger via Realtime DNS. Many smaller blacklists are still free to query.

Eventually, security companies started to develop their own proprietary Blocklists or Deny Lists and integrate these into network appliances like firewalls, routers or email gateways. The primary economic model for blacklists is to sell their data to security-focused companies and automatically maintain the lists through remote syncing data feeds. Security services then update their hardware and software email filtering to include these lists. Often, weighing each blacklist differently but sometimes using them as a binary filter – if the sending IP is listed, deny the email.

Do blacklists charge for delisting?

MxToolbox recommends that you should never, ever pay to be delisted. All legitimate blocklists have a free method of delisting, that while sometimes slow, is still free. Fix the problem that caused you to be listed and wait it out. Delisting usually takes a week or so depending on the blocklist.

There are both for-profit and non-profit blacklists. For-profit blacklists make money by selling their lists to security companies or security minded companies for use in their products. For example, MxToolbox purchases subscriptions to some blacklists to enable our customers to lookup their blacklist status in the SuperTool.

Non-profit blacklists offer the option to donate to support them. This should never be conditional on the delisting of the IP address.

Some blacklists may offer an expedited delisting option for a fee. Sometimes this might seem like an enticing option, but, remember, MxToolbox does not recommend paying for delisting. It is your decision to pay, however, we have a few considerations:

• Have you fixed the issue causing you to be classed as spam? If you have not fixed the issue causing you to be listed, you will be re-listed almost immediately. Paying doesn’t fix your systems or cause you to be whitelisted.
• Do you do own the network? If you don’t own the entire network, in the case of a network or ASN listing, then you can’t stop your network or ASN neighbors from getting the entire network re-listed. It’s best to contact the network owner, ISP, datacenter provider, etc.
• Has being blacklisted affected your email deliverability? If not, then you can wait it out. If so, then how many emails were affected? Is a small email delivery problem worth the expense?
• Are you ready to be treated like a spammer? Blocklists with expedited pay setups sometimes assume that anyone willing to pay is a spammer. Spammers make all their money from email, so a block is potentially fatal. Legitimate businesses have other methods of customer communication. Paying could get you additional scrutiny in the future.
• Is your IP address on multiple blacklists? If you are listed on multiple blacklists, do you want to pay multiple times or wait it out? Can you even pay to delist from all of the blocklists? Multiple listings means a serious problem, so we recommend taking care of the issue and waiting for delisting.

How do you prevent being blacklisted?

There is no one simple way to prevent blacklisting. Owning your own email servers requires constant adjustment and maintenance to prevent your systems from being used for spam or perceived as spam. Outbound email filters can help, but many companies, large and small are abandoning the idea of hosting their own email and adopting 3rd party email senders to improve email delivery. Google Workspace, Microsoft Office365, Yahoo!, Mailgun, Constant Contact, MailChimps, etc. all offer reduced risk of blacklisting by spreading email out over a large network of sending IP addresses and providing outbound email filtering.

New Technologies – DMARC, DKIM, SPF

Email delivery technologies are rapidly changing and the key to good email deliverability is actively managing your online reputation. Blacklisting is just one piece of the puzzle. SPF, DKIM and DMARC are now the most important factors at getting your email to the inbox. These technologies help identify you as the owner of the email and enable you to elicit feedback from Inbox Providers about problems with your email.

To maintain the highest levels of email deliverability using DMARC, businesses like yours need a proven Email Delivery management system like MxToolbox Delivery Center.  Delivery Center provides you with valuable insight into your email delivery posture and the ongoing maintenance necessary to maintain peak performance:

• Manage SPF, DKIM, and DMARC (and BIMI) to improve compliance and reduce the threat of fraud and phishing using your domain.
• Review daily volume and SPF, DKIM, and DMARC compliance rates to ensure the best email deliverability.
• Implement Feedback Loops to gain unique information on how your recipients view your emails and when they mark you as spam.
• Gradually move your DMARC policy to Reject to enable better inbox placement opportunities and reduce the risk of Phishing and Fraud using your domain.
• Manage the on-going requirements of maintaining high levels of email deliverability

Microsoft recently announced their plan to support plus addressing in Office365 accounts, so we thought we would discuss how useful this technology is. Hotmail and Gmail have had this feature for several years, but with the addition to Office365, the majority of business inbox providers now support it.

What is Plus Addressing?

Plus addressing is a way to leverage your existing email inbox to create multiple email addresses that point back to your email box. For example, if your email is “[email protected]”, then email to “[email protected]” or “[email protected]” will also go to your inbox. “a” or “b” are considered a +tag.

How can I use it?

Plus tag addressing is highly useful, especially to those of us in highly technical environments. A few things you can do with it:

• Create a +tag for your test accounts and segregate each days testing by the date
• Create a +tag for different newsletters and filter based on the tag
• Create a +tag for registrations and follow the distribution/sale of this tag to different “associated” websites

The permutations of +tags are truly infinite, allowing you greater control over your inbox and emails you receive.

Follow our Blog for more useful email delivery tips.

You configured all your email senders.  SPF, DKIM and DMARC seem to be well-tuned.  Email compliance appear to be good.  Email is being delivered and most email appears to make it to your customers’ inboxes.  Open rates look reasonable.  You’re done, right?

Steps to a “Complete” Email Delivery posture

To get to an optimal email delivery posture, you need to finely tune the components of your email senders.

1. Identify all your email senders.  Who is sending email on behalf of your domain? This may sound trivial, but it’s not.  IT setup your main outbound servers, but is Marketing using Marketing Automation, Sales using a CRM, or Order Management a separate Invoicing and Order Fulfillment system?
2. Include all your senders in your SPF.  If not, most inbox providers will automatically deny your email.  Google, Office365, Yahoo! and many other inbox providers automatically refuse email if the sending domain’s SPF record does not include the sending servers.
3. Setup DKIM on all your email senders.  DKIM allows you to cryptographically sign your emails so recipients know they are from you.
4. Setup a DMARC record and direct RUA and RUF to a service, like MxToolbox’s Delivery Center, that can analyze and provide feedback on DMARC compliance.
5. Monitor DMARC compliance across your senders.  This may mean revisiting steps 1, 2, 3 & 4 as you discover new senders or the configurations need updating.
6. Gradually change your DMARC policy from None to Quarantine to Reject.  Stricter policies will help prevent fraud and phishing using your domain which will improve your overall email deliverability.

I’m at a Strict DMARC Policy, I’m done.  Right?

Nope!  Strict policies will help prevent fraud and phishing using your domain, but this can also deny legitimate email from new or misconfigured sources.

You need to have an on-going maintenance plan.

MxToolbox recommends:

• Regular monitoring of SPF, DKIM and DMARC configurations.  If your senders change their configurations, it can cause issues with your email delivery.
• Regular monitoring of your senders blacklist status.  If you or your senders are blacklisted, then your email will be blocked before ever reaching an inbox.
• Regular monitoring of SPF, DKIM and DMARC compliance rates.  A low compliance rate means that legitimate email may be blocked.
• Adoption of new technologies as they arise.  For example, BIMI, ARC or VMCare beginning to be adopted by inbox providers and email senders.
• Regular monitoring for new email senders.  Some of these may be emerging threats to your brand while others may be legitimate senders adopted by other departments without your knowledge.

MxToolbox Delivery Center provides everything you need to manage the on-going maintenance of email delivery.  Learn more about Delivery Center and how we can help you with email deliverability!

Phishing attacks have become an unfortunately common occurrence.  A relatively new wrinkle is called spear phishing where the phishing email targets a specific individual, business, or organization.  Spear phishing is used for two main purposes:

1. Steal data for malicious purposes
2. Install malware on the target’s computer for use in against another organization

Regardless of intention, if executed properly, a spear phishing ploy is bad news for your company.

How Are Spear Phishing Attacks Performed?

Here’s a general rundown of how spear phishing scams work:

• An email arrives in a colleague’s inbox, seemingly from a trustworthy source like a supplier, vendor or even your own corporate website. Spear phishing emails often use clever tactics like matching logos, verbiage and even similar looking URLs to those you would find normal to get the victim’s attention.)
• The message leads the unsuspecting recipient to a well-designed bogus website either with a login portal or with a hidden cache of malware that they attempt to download and install.
• Hackers will then sell the login credentials or malware networks to governments, private entities or other hackers for further exploitation.

Cybercriminals use tailored approaches that leverage social engineering techniques to encourage victims to act before they think to personalize messages and websites used in their scams. According to a March report on spear phishing from cybersecurity firm Barracuda Networks, these attacks are frequently researched in advance and intended to capture data, such as login credentials or other highly sensitive information. Analyzing 360,000 emails that involved spear phishing over a three-month period, the company’s researchers found that 83% of these attacks involve brand impersonation of companies users know and trust.¹

Moreover, to increase success rates, spear phishing messages often contain urgent explanations on why sensitive information is needed. The combination of realistic branding and urgent need to act pushes users to act before they think.  This kind of social manipulation is “becoming the key ‘attack vector’ in cybersecurity attacks.”²  Victims are usually asked to open a malicious attachment or click on a link that takes them to a spoofed website where active passwords, account numbers, PINs, or access codes are requested. 

How to Fight Spear Phishing

Since spear phishing attacks are becoming more difficult to detect, protecting your business email is even more important. Traditional security can stop some of these scams but not all because of the clever customization. A single mistake enables fraudsters to gain access to commercially sensitive intel, forever damaging your company’s brand. In addition, spear phishing attacks can deploy malware to hijack computers, organizing them into enormous networks (botnets) that can be used for denial of service attacks.

To fight spear phishing scams, employees need to be aware of the threats, such as the possibility of bogus messages landing in their inbox. It’s a simple answer, but informed employees are the first line of defense in combatting malicious online attacks. Besides education, technology that focuses on email security is necessary.

In addition, it is important for email senders to protect their brands from use in spear phishing attempts.  Big brands like American Express, Amazon.com and PayPal were once often leveraged by fraudsters because of their wide usage, credibility and access to financial and personal information.  Now, large corporations are deploying technologies to prevent use of their brands so fraudsters are forced to use smaller, less protected brands.

Protecting Your Brand – MxToolbox Delivery Center

To protect your brand from use in phishing and fraud emails, you need to deploy new technologies like SPF, DKIM, DMARC and actively manage the information your receive from inbox providers about your email delivery status.  MxToolbox’s Delivery Center  provides your business with the email deliverability insight you need.  Our Experts combine best practices on email delivery with new technologies and our own experiences to give you best-in-class incite into the deliverability of your known email senders and early warning on emerging threats emails like spearphishing.  We can even manage your email delivery with our Managed Services program.

^{1, 2} Gizmodo, Privacy and Security. https://gizmodo.com/spear-phishing-attacks-are-on-the-rise-security-firm-s-1833455812