Exchange 2013/2016 Cumulative Update Issues

Email Deliverability: Best Practices for having your emails actually end up in the Inbox

Here is what you need to know how to correct email deliverability issues and avoid losing sales.

What is Email Deliverability?

Email Deliverability is a measure of how well your email system delivers emails to recipient inboxes. Emails that do not end up in the inbox are usually directed to the spam folder, bulk email folder, or completely blocked by an email service provider.

Email Deliverability Best Practices

Customer interaction is key to ensuring that your clients believe your emails are legitimate and valuable. But email deliverability best practices focus mainly on ensuring the computers can tell that your emails are legitimate.

Here are ways you can ensure email deliverability:

Setup Email Authentication Standards

Proper email authentication does four things for your email campaigns:

  • Identifies the origin of your emails
  • Confirm that the source of your emails is legitimate
  • Proves that your emails have not been altered during transit
  • Communicates to email providers which authentication protocols are supposed to be used to authenticate the emails.

Your email authentication infrastructure enables spam filters to separate your emails from spam and malicious emails like phishing campaigns.

The best email authentication system involves multiple email authentication protocols. And all of these protocols must be applied to each domain that you send emails from.

Setting up multiple emails has its benefits once implemented in that:

  1. Some Internet Providers do not support all authentication standards. If your emails are not authenticated using a standard that a receiving ISP supports, then your email may be rejected, flagged, or spammed altogether.
  2. Using more than one authentication standard protects your emails better from being used in email attacks.

In most cases, your ISP or email provider can set up any email authentication you need upon request. These are the authentication standards you should use:

SPF Authentication:

Sender Policy Framework checks emails with the sender’s IP Address. SPF verifies that the email sender is who they say they are. Most of the information used for SPF authentication is invisible to typical email subscribers. The “From Address” is visible to the email recipient. But this address is only involved in SPF authentication if it matches the SMTP MAIL FROM address.

A simple SPF record should look like the below:

v=spf1 ip4: -all

SPF also limits the number of DNS lookups an email server is allowed to make to 10. This limit is imposed in order to protect domains from denial of service attacks.

In order to know if your domain’s SPF records are valid, click here to run a check.

DKIM Authentication:

DomainKeys Identified Mail, shortened to DKIM uses an encryption key to authenticate emails. DKIM ensures that the emails have not been modified in transit from the sender to the recipient.

DKIM basically encrypts messages with an authentication signature. This signature tells the receiving domain where the decryption key for the email is located. The decryption key is listed in the sending domain DNS record.

Since only the true domain owner (or someone they authorize) can publish DNS records, the DKIM authentication signature associated the email with the domain owner.

If the matching decryption key cannot be located in the domain DNS record, the DKIM authentication fails.

Failed DKIM authentication doesn’t guarantee that your email will be rejected or sent to the spam folder. Successful DKIM authentication reduces your email’s spam score. A lower spam score means that your email is less likely to be sent to the spam folder.

Despite a failed DKIM authentication check on an email, the email can still end up in the mailbox with [SPAM] added to the subject line as warning.

However, if a DKIM failure indicated a very strong possibility that the email is spam, and many email servers will reject the email.

Without a correctly configured DKIM authentication, your emails are more likely to be marked as spam. And some email servers will outright reject the emails.

To check if your emails are being sent out with DKIM authentication, click here to check for DKIM Signature Check.


Domain Based Message Authentication, Reporting and Conformance, shortened to DMARC is an additional layer of authentication built on SPF and DKIM that blocks fraudulent emails. DMARC adds additional authentication parameters such as reporting, policy definition, and identity alignment.

Major email providers like Gmail and Microsoft require DMARC compliant authentication for all emails. There adding DMARC record to your domain coupled with DKIM and SPF improves your email dliverability, especially to major email inbox providers.

A simple DNS TXT record is added to “_dmarc” subdomain of the domain that needs DMARC configured defining the policy for the domain.

A DMARC record for would be:

v=DMARC1; p=quarantine; rua=mailto:[email protected]

DMARC helps protect your sender reputation and help keep your domain off blacklists.

To check if your emails are DMARC complaint, click here to run a DMARC records check.

Reverse DNS Lookup:

Reverse DNS Lookup is similar to SPF in that it uses IP Addresses to authenticate emails. However, reverse DNS lookup works from the IP Address to the domain name, rather than the other way around.

On the internet, the domain name system attached IP numbers to each domain on the internet. Using domain names to find places on the internet is much easier than to remember the IP address associated and that word is made easy by DNS.

Reverse DNS Lookup authenticates emails by checking the domain that an email says it’s from, then looking up the IP Address that the email was sent from. Lastly, the reverse DNS lookup makes sure that the domain name associated with the IP Address is the same as what’s included in the email.

Incase the reverse DNS Lookup comes blank, they will often reject the email.

If you need to know if your reverse DNS records are setup, click here to run a DNS records check.


The HELO command is used in conjunction with other authentication methods, usually SPF. However, invalid HELO syntax can cause your emails to get stopped by authentication services.

If you are getting messages from your mail server saying they have rejected your emails, it’s possible that your HELO command is incorrect. There are two most common HELO issues:

  • Incorrect email client or account settings
  • The domain name in the HELO command is not a fully qualified domain name

For most of the vast majority of users, the first problem is the culprit.

Setup Google Postmaster Tools

Google Postmaster Tools are a set of tools that track email deliverability metrics – domain reputation, spam rate, email authentication, and other email deliverability data.

Using Google Postmaster Tools enables you to monitor your email deliverability, spot issues, and correct them. Also, easy to set up.

Domain Reputation and IP Reputation

Your sender reputation is a bit like a credit score. A good reputation means that email servers have more trust that your emails are legit and vice versa is true.

The standrd method of measuring email reputation is through tracking the email activity from IP Addresses.

Email providers like Gmail, Microsoft, and Yahoo! only want to deliver email that their users want. And emailer’s reputation is one metric emails providers use to determine whether they send emails from that IP Address to the inbox or the spam folder.

Your reputation is based on:

  • Complain Rates
  • User Engagement
  • Unsubscribe Rates
  • Email List Quality
  • Email Quality

Usually, your sender reputation us attached to your domain’s IP Address. However, this can cause problems if the domain changes IP Addresses because the domain loses its IP reputation.

Spammers can exploit this by switching IP Addresses. And good companies with Good IP reputations can lose their good standing if their IP address changes. This is why domain reputation is becoming more common.

Domain reputation is meaasured the same way that IP reputation is measured. However, reputation is not lost if the IP Address changes.

So companies with good reputation can take their good reputation with them if they move ISP and spammers can’t wipe away their bad reputation by changing their IP Address.

Your domain reputation is very important however, ISPs still evaluate IP reputation. And since an IP Address shall be attached to your domain, it’s smart to check your IP Address reputation regularly as well.

Leave a Reply

Your email address will not be published. Required fields are marked *

PHP Code Snippets Powered By :