How not to do what spammers do...
How not to do what spammers do...This seems like a silly thing to say, but it is not. In the world of sending email and spam filtering, intention matters less than appearances. If a company that is sending legitimate, COI email in a manner that is indistinguishable from the bad guys, no spam filter will understand the difference.
It is important to follow best practices in order to avoid this pitfall. Legitimate mailers work hard to build brand reputation based on a real business address, a known domain and a small, permanent, well-identified range of sending IPs.
- All emails should be correctly authenticated with DKIM & SPF at a minimum
- The SPF record should be as narrow and specific as possible. If the entire internet is designated as “permitted sender”, that is not useful and opens the domain to abuse by spammers.
- Do not use anonymized or unidentifiable whois records. Legitimate businesses should have no reason to hide their online identity using whois privacy or proxy services.
- Limit domain usage. The more unique domains are used to send the same emails, the more red flags are raised; use the primary business domain whenever possible.
- Use clear and consistent naming schemes in DNS – keep it simple.
- The best option is delegating a subdomain of the brand’s primary domain to the ESP: email.customerbrand.com
- Next best would be: “customerbrand.espdomain.com”
- Last (and to be avoided if at all possible) resort: customerbrand-email.com – if this is necessary, it is crucial to use a cousin domain that has a clear relationship to the primary brand name. Phishing has made people very wary of look-alikes.
- This allows receivers to easily distinguish the ESP and customer and reduces the chances of blocks or reputation damage due to unclear identification
- Use properly registered domains with working mail AND web addresses. There should be a website for every domain/brand that is being sent. Not having one looks shady and is something that spammers do all the time.
- Every domain that sends email should have functional abuse@ & postmaster@ addresses
- Use contiguous IPs if possible. Use the same network.
- If not possible, do not use more IPs than needed.
- Most brands do not need 100s of IPs scattered across multiple networks – this is in fact the definition of snowshoeing.
- For more information on snowshoeing please see the Spamhaus FAQ
- For ESPs: have a published AUP/TOS that is easy to find and read…enforce it.