Email Delivery Best Practice

By  Jeff Pond

These days with spam being so prevalent it's getting harder and harder to ensure legitimate email is delivered on time and doesn't end up marked as spam.  Globally, 15% of emails never make it to the inbox so following these best practices is incredibly important and will have a real impact on your email's chance of successful delivery.

Why is Email Deliverability so Important?

As a business, your employees, vendors, and customers rely on receiving timely emails about payslips, invoices, and customer communication.  Your customers also rely on receiving communication from your monthly newsletters or general email updates to keep them informed.

Are your Customer and Campaign Email Addresses Correct?

One of the most important things you can do is ensure every email address on your mailing list or your customer's personal details are correct.  Misspelled email addresses are a major contributor to earning a bad sender reputation and ending up on spam block lists.


It is a recommended practice to periodically check in with your customers to make sure their email address is up to date in your system.  For marketing or campaign emails be sure to remove or update any email addresses that bounce or are misspelled.

Blacklists & Domain Reputation

By following the above practice of only sending to correct email addresses you will reduce the likelihood of ending up on a blacklist or earning a poor sending reputation.  Many email providers have "spam traps" where if any email is sent to these trap accounts you will end up on a blacklist instantly.  Constantly sending to unknown accounts or accounts that bounce will also get you on a blacklist.  Once your domain has a low reputation as a sender it is very difficult to get any legitimate mail delivered so best be careful.

Authenticating Your Email Domain

This next section covers three email mechanisms that all domains should have implemented.


These three mechanisms are applied to your DNS zone to tell email providers which servers are authorised to send email from your domain, whether or not an individual email has been tampered with along the way, and what should be done about emails that don't conform to these mechanisms.

SPF - Sender Policy Framework

SPF is a DNS record that identifies what IP addresses are allowed to send email using your domain.  This is the most widely used mechanism to authorise an email domain.  The SPF record should include all IP addresses that send mail for your domain.  Here's a real example of our SPF record: IN TXT "v=spf1 ip4: ip4: ip4: ip4: ip4: ip4: ip4: ip4: ip4: -all"


Each IP address is a server in our environment that can send mail.  We also "include" other providers we use to route some email in specific cases.


As our customer, you should have an SPF record that looks like this: IN TXT "v=spf1 a mx -all"


You should also include any other platforms you send email via.

DKIM - Domain Keys Identified Mail

DKIM signatures ensure that the email that arrives at the recipient is identical to the email that you sent.  This is a key protection against email tampering in transit and goes a long way to maintaining a good sender reputation.  DKIM is starting to gain a lot of momentum so along with SPF this is also a must to implement.


Here's an example of a public domain key for one of our services.  You can see in the example we are using a 2048bit key which is now standard practice.  When a DKIM signed email is sent, the receiving server uses this public key to verify the message: 299 IN TXT "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtomTgMw+RUg5y4Iy2N19DyeLyxwDW+DLvJ5oUfbVdL0v5iiSdMu6tQy8LUanBYJPofaJ6GJGtRFgrFfxlPvBZiEgFwxU3qdj/E/bYjVVnP6S2xOrtSc3qYeaVm/88FClEY" "OjtBYMOR7LZaZdYAguKm39ijlkm/7HFga6R8yCGHMGONgQcJvVU5Gd85XvgN1sYTSC1lQxj5YrC4wuG3YhFGZhzF8V0oN9iC2hK5Cw4o92qNhz5utH5TsLnwG80/KCOnYmlpl9LpuefFurHepHs2Q3u358n49SDBcijfWUB1IzHpstRul8A5iTdKnDuHaeHISjG/Xb79Y8QlP604YfewIDAQAB"

DMARC - Domain-based Message Authentication, Reporting & Conformance

DMARC is the final essential mechanism that tells email providers what they should do with email that doesn't pass SPF and DKIM.  Options are: allow it, filter it, or reject it.


Once a DMARC record is implemented in "allow it" mode you should monitor the reporting for messages that don't comply with SPF and DKIM and make adjustments until all messages comply. Once that's done you can set the DMARC policy to "reject" all mail that doesn't comply.


Here's a great free tool for weekly DMARC reports you can use to monitor your domain:


Here's an example of a DMARC record in DNS: 299 IN TXT "v=DMARC1; p=none; pct=100;; sp=none; aspf=r;"

Considerations for Email Campaigns

Think about how many emails you receive every day and how many you simply disregard.  This is also true for campaigns you send to your members so the key here is be polite!


If you want to keep off spam and black lists for email campaign messages follow these best practices:

  • Make it easy to unsubscribe: the simpler and clearer it is for someone to unsubscribe the better.  The harder you make it the more likely someone will report your message as spam and that's not good.
  • Think about frequency: do your members or subscribers want to hear from you daily, weekly or maybe just monthly?  Sending too often is a sure fire way to lose subscribers and get reported for spam.
  • Take care including external links: linking to pages on your website is generally safe but be careful linking to websites you don't control.  Make sure you only include links to websites that are known to be good.  Spam filters will gladly block your message for linking to a suspicious website.
  • Clean up your campaign lists: remove subscribers who regularly don't open your emails and remove any subscribers who bounce or have invalid email addresses.  These are all surefire ways to get blacklisted if you don't keep on top of it.

Maintaining a good sending reputation takes constant care and work but it is doable if you care about your emails getting to your members.