'Do Not' Rules of Email Deliverability

Proper email authentication is no longer optional. Starting February 2024, Google requires senders of more than 5,000 emails per day to have these records. Even for smaller senders, missing authentication records significantly impact deliverability and can get your domain blacklisted.

People will sometimes try to create a new sending domain to avoid reputation blocks or previous issues. This is always a bad idea. Fix the reputation on your primary domain first.

All new domains start with negative reputation and take a long time to warm up.

Many spam operations use these domains because they're cheap and readily available (especially for phishing campaigns). As a result, spam filtering systems often flag these TLDs more aggressively. Stick to established TLDs for your sending domain to maintain deliverability. Focus on building reputation on your main domain.

Your email delivery success depends heavily on your sending infrastructure. When using shared IPs (IP pools), you're affected by the behavior of other senders on those IPs. Even top-tier providers can have "bad" IP pools. This is why it's crucial to monitor your delivery metrics closely and work with providers who actively manage their IP reputation and segregate good vs. problematic senders. Good providers, like Bento, will happily work with you to make sure you are sending amongst other good senders. If we do not deem you a good sender, you may be placed into a pool with other bad senders.

If you're interested, here's a video we did on IP pools: https://www.youtube.com/watch?v=t6qIi8AYt7I&ab_channel=Bento

Mixing your transactional emails (like password resets, order confirmations) with marketing emails on the same sending patterns, such as sharing the same FROM address ([email protected]), can harm the delivery of your critical transactional messages as the inbox providers start classifying all emails as marketing. Consider using a different FROM address, IP address, and even subdomain for your transactional emails.

A common misconception is that if you've warmed up your domain and IP with one email service provider (ESP), you can immediately send high volumes when switching to a new ESP. This is false. Domain reputation is partially tied to the sending infrastructure. Once you switch platforms, start of sending slowly over a few days or weeks to warm up. Observe your bounce and complaint rates closely.

Link branding, also known as link proxying, is the process of rewriting all links and image URLs in your emails to point to your own domain before redirecting to the final destination. This is crucial for maintaining a consistent sender identity and improving deliverability. Inbox providers trust links from your main domain more than third-party domains. Most email service providers offer automatic link branding, so make sure to enable it.

Unsecured forms allow attackers to automatically submit large numbers of email addresses, either for spam purposes or to damage your sender reputation. Implement rate limiting (e.g., 3 attempts per hour), CAPTCHA, and honeypot fields to prevent automated submissions. You CAN lock down your forms without impacting customer experience or opt-in rates.

Every endpoint that can trigger an email (sign-ups, password resets, team invites, form submissions) must be rate limited. Without limits, attackers can abuse these endpoints to send spam or conduct denial of service attacks. Implement rate limits (typically 3 attempts per hour) on all email-triggering actions to prevent abuse while allowing legitimate use.

Attackers can inject malicious HTML into email templates through user input fields (like names or custom fields). This creates both security and deliverability risks as malicious content sent from your domain damages your sending reputation. Implement proper input sanitization and consider removing personalization from critical templates such as password resets or sign up emails.

Including personalization in these automated emails creates a security vulnerability. Spammers can abuse these templates to send phishing emails by injecting malicious content into name fields. When these emails are sent from your trusted domain, they appear legitimate to recipients. Keep transactional emails simple and standardized.

Spammers often use temporary email addresses to test your site for vulnerabilities. Block them so they give up and move to the next target.

Purchased lists often contain outdated, invalid, or spam trap addresses. Sending to these lists can severely damage your sender reputation and lead to blocklisting. Focus on organically growing your list through legitimate opt-ins and engagement.

Continuing to send to unengaged or invalid addresses hurts your deliverability. Implement a sunset policy to remove subscribers who haven't opened or clicked in a set period (e.g., 6-12 months). Also, promptly remove hard bounces and complaints to maintain list hygiene.

COI requires new subscribers to confirm their email address, usually by clicking a unique link. This prevents fake sign-ups, ensures consent, and keeps your list clean. While it may slightly reduce total sign-ups, COI dramatically improves engagement and deliverability in the long run.

Segmentation allows you to send targeted, relevant content to each group. This improves engagement, reduces complaints, and boosts deliverability. Examples include segmenting by interests, purchase history, or engagement level.

These regulations govern consent, data handling, and unsubscribe requirements. Violations can result in hefty fines and reputational damage. Ensure your sign-up forms, privacy policy, and email practices align with applicable laws.

Promptly honor all unsubscribe requests, ideally with one-click functionality. Continuing to email unsubscribed users violates anti-spam laws and severely harms your sender reputation. Similarly, never re-add unsubscribed users without a new, confirmed opt-in.

Rapid increases in sending volume trigger spam filters and can damage your sender reputation. This is especially true during high-volume periods like Black Friday when spam filtering is more aggressive. Gradually increase volume and maintain consistent sending patterns.

Sending large volumes simultaneously can trigger rate limits and spam filters. Instead, implement batch sending to spread deliveries over time. This also helps identify potential issues before affecting your entire list.

Holiday periods (especially Black Friday/Cyber Monday) see dramatically increased email volume and stricter spam filtering. Many businesses damage their sender reputation by suddenly increasing volume or trying new marketing tactics during these periods. We see issues particularly with customers who email users that have not been contacted in a long time. ISPs see this as unsolicited email and will block your domain.

Every third-party domain carries risk. Make sure that all links, images and content in your emails are proxied through your own domain AND that you trust them. We've seen days where including just a single YouTube link has impacted inbox placement.

Clear, one-click unsubscribe options are now essential. Many email clients automatically process unsubscribe requests, and making this process difficult can result in more spam complaints. We recommend putting it in the header of your email, not just in the footer. If someone doesn't want your email make it easy for them to get off the list.

Being listed on a domain blacklist can severely impact your deliverability across all inbox providers. Monitor your domain status regularly and address any listings immediately. Bento automatically monitors these for you and shows them in the dashboard.

Spam complaints are critical signals for email deliverability. Even a small percentage of complaints can significantly impact your ability to reach inboxes. Emailing users who have previously complained can cause substantial damage to your sender reputation, leading to complete blocking of your domain to large providers.

Modern inbox providers heavily weight user engagement in their delivery decisions. Low open rates, poor click-through rates, and high ignore rates can all lead to decreased inbox placement.

Bento implemented automated checks for compliance elements before allowing sends. So you don't forget and end up in spam.

Free email domains lack the authentication and reputation metrics needed for reliable business email delivery. They're commonly used by spammers and scammers.