Email Blog

Authentication is essential to email deliverability

By Ryan O'Keefe

Authentication? Are you seriously going to write about the benefits of making sure you have proper authentication before sending an email? Why yes I am — and I’ll give you reasons why doing this will not only help your deliverability (getting into those inboxes) but it will also help with building a better reputation with your supporters.

What Is Email Authentication?

Authentication lets you verify who you are as a sender so that the mailbox providers you are sending to can approve your message as trustworthy and not spam. Common methods of email authentication include SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail). A newer authentication tool that’s available to senders is DMARC (Domain-based Message Authentication, Reporting & Conformance), which provides a standard way for senders to establish policies for mailbox providers to use when email from them doesn’t pass SPF and DKIM.

Another way of thinking about it is to imagine you are heading out to a special VIP party that’s invitation only. Once you reach your destination, the doorman asks to see your tickets or ID before they let you in. If you know the person throwing the party, sometimes it’s as simple as a handshake to greet each other, but other times it’s a more formal ID check. Verifying you have a DMARC policy in place might be akin to telling the doorman what to do when someone doesn’t have ID — like turn them away or let them in and give them a warning for next time.


If DKIM and SPF are your door locks, DMARC is your alarm system.

Where did DMARC come from and what is it specifically? Let’s travel back in time to 2012 when “Gangnam Style” was atop the pop charts and Disney bought Lucasfilm for some strange reason, oh yeah — Star Wars. There was a group collaborating on a standard for combating fraudulent email at Internet-scale which they developed based on their experiences with SPF and DKIM.

Email authentication

The result of their efforts is DMARC. This new standard allows a sender to indicate that their messages are protected by SPF and/or DKIM, and then tells the receiving mailbox provider what to do if either one or both of those authentication methods fails authentication — such as deliver anyway, quarantine, or outright reject the message. It also provides instructions around what percentage of mail to apply the policy to and where to send reports about policy violations.

DMARC removes guesswork from the mailbox provider’s handling of these failed messages, limiting or eliminating the user’s exposure to potentially fraudulent & harmful messages. DMARC also provides a way for the mailbox provider to report back to the sender about messages that pass and/or fail DMARC evaluation. DMARC is especially helpful for organizations who send email through multiple email service providers and need to know which authenticate properly.

Email Authentication Best Practices

What can you do to ensure that your email authentication setup is configured for optimum deliverability? You can configure SPF and DKIM. The big thing is to take the extra time and properly set this up so that you can walk into that VIP party feeling like you belong and everyone knows who you are.

Gmail Propels Us into a New Age of Email Deliverability

By Sally Heaven

Go to Gmail and check your spam folder, right now.

Did you find any emails that you opted into, but haven’t been opening?

I did, and wow. I know for a fact I never marked those emails as spam, but they’ve ended up in the spam folder anyway. Some are from school fundraisers for my kids’ school. Some are from magazines and shopping websites. Some are from nonprofits who have missions that I care deeply about.

I opted into these emails, but haven’t been opening them, reading them or clicking on the links.

Hey, I’m busy. Everybody is busy, these days, and we’re all getting more and more email. It’s hard to keep up with. The morning email review sometime turns into something like triage in an ER — I archive or delete the emails that I know I’m not going to have time to read. I just click a checkbox and click “Archive” — it’s easy.

Mailbox Providers Start Anticipating Our Desires

Some mailbox providers have decided to pay attention to their users’ behavior. Some, like Gmail, have started to base email delivery (to the inbox, the bulk folder, the promotions tab or the spam folder) on how people interact with their emails. Or, more to the point — how people don’t interact with their emails.

Email behaviors

This is a change. And for nonprofits who depend on “inbox placement” to raise money, it can impact the bottom line. The key to email delivery used to be status as a trusted sender. You sent your email from “whitelisted” IP address that had a “good reputation” — i.e. it wasn’t an IP address that was used by known spammers — and your email had a good chance of landing in your supporters’ inboxes.

This is still important, but it’s not the be-all, end-all anymore. Now, it’s based on engagement.

Do people open your emails? Do they click on links? If they consistently don’t do this for a long enough period of time, then Gmail will start sending them directly to the spam folder. No amount of whitelisting can overcome that. And as goes Gmail, so goes the rest of the email world.

What’s the period of time? That’s a little opaque right now, since Gmail doesn’t publish their inbox / spam box placement criteria. If they did, then spammers could adjust their practices to compensate.

Time to Shift the Way We Look at our Email House File

It’s time for a mindset shift. The old wisdom used to be that every single email on the list was valuable. You never know when someone might suddenly decide to make a gift. Maybe the first 50 emails they got from you didn’t motivate them, but the 51st will make the difference! Never let them go.

Not anymore! Not every email on your list is valuable – in fact, the non-responders might be doing you actual harm.

So what can you do? Here are four things you can do right now.

  1. Validate emails. Make extra sure that any data your volunteers or staff have data-entered is correct and free of typos. Mailbox providers keep track of “Email address does not exist” errors and if your send contains too many invalid or incorrect emails, they might flag you as a suspected spammer. Proofread anything that is handwritten, and try to validate email addresses that are ambiguously written before entering them into your email system. You can also use a commercial email validation service for this task.

  2. Segment more. Don’t send everything to everyone, and get even more ruthless in your segmentation.

    • Pay attention to past actions. Try to base your audience not only on what people have told you they’re interested in (because interests change, and sometimes people say they’re interested in certain issues with the best of intentions, but then they get busy), but based on what they have responded to in the past via advocacy or donations.

    • Bonus segmentation: Generate interest. You can use social listening to further figure out what your list members are interested in, even if they haven’t told you, and then you can email them specifically about that issue. You’ll probably get a much bigger engagement rate on that email, and you’ll improve not only your inbox delivery, but your constituents’ satisfaction with your stewardship of the issues. Check out this blog post for an example. Spam

  3. Use additional channels. Not everything needs to be an email. Are you communicating via your social media channels? Does your organization have a blog or a news feed? Do you have a large following? Make it easy for people to follow you as a way of consuming your organization’s news, actions, and engagement, especially if they don’t want to receive email.

  4. Let go! Stop emailing people who haven’t responded. Create a suppression group of people who haven’t responded in more than 6 months – no email opens, no link clicks. Just stop emailing them. Monitor the reports of your spam complaints over the course of a month, and see if your stats improve. Then narrow it down to 5 months, 4 months – do you continue to see improvement?

What’s next?

If there’s one lesson we’ve learned over the years, it’s that email delivery is a moving target. As email continues to evolve in how it’s used and how people respond to it, the algorithms will likely change. Maybe in a couple of years there will be another blog post like this one telling you that engagement is out the window, and now inbox delivery is all based on how Gmail can actually read your mind via a Vulcan mind-meld. (Kidding – kind of.) We’ll continue to stay abreast of what’s happening and give you news you can use.

Canadian Anti-Spam Law Comes Into Full Effect July 1 - Are You Ready?

By Kathryn Hall

In July 2014, Canada enacted The Canadian Anti-Spam Legislation (CASL) — strict new regulations for bulk email. The phase-in period for CASL stretched over 3 years to allow organizations to adjust their emailing practices to align with CASL's rigorous opt-in policies and rules for suppression of unwanted email.

The grace period for CASL ends July 1, 2017, and along with full enforcement come substantial administrative penalties for email law violations of up to $10 million for businesses. While there was an 11th hour stay on the right of private legal action (against spammers) announced yesterday, the reality of potential fines make it worth the effort to study up. In a recent blog post, Heather McLean explains how to ensure you're prepared for CASL to take full effect.

By the way, U.S. nonprofits are not exempt. CASL rules apply both to Canadian organization as well as any nonprofit that sends email to Canadian addresses!