Client’s Role in Email Deliverability

Our email system is a conduit for you to communicate with individuals who show interest in your cause and request to receive email communications.

To maximize the effectiveness of the messages you send, it's critical to adhere to industry email best practices as outlined in Blackbaud’s Acceptable Use Policy. These guidelines protect your sender reputation and ours, which ultimately helps your emails reach recipient inboxes.

Manage list quality

For successful email campaigns, it’s essential to closely manage your current database of email addresses and use care as you identify and import new ones. Only send messages to individuals who opt in to receive your emails and who engage with the content you send them.

As you manage your data, closely consider the factors which impact email deliverability:

  • Factors with a direct impact include:

    • Invalid email addresses — Old or improperly formatted email addresses result in hard bounces. Although our system subsequently suppresses these addresses, the initial attempts to send to them lower your reputation as a sender.

      Note: Since our system doesn't know whether new email addresses are valid, we segregate them from the other addresses in recipient lists and use separate IPs — which are not associated with bulk mailings — to send to them. When delivery is successful, we approve the email addresses to join your regular list so you can use it in the next mailing.

      Best practice: We recommend you send welcome emails when new subscribers join your list so we can verify the addresses and provide them with an opportunity to add your "from" address to their list of approved senders. When you follow this best practice, you improve your chances of inbox placement.

    • User engagement — When recipients interact with the messages you send, mailbox providers are more confident about you as a sender and are more likely to deliver future messages to their inboxes.

      Note: Gmail — more so than other mailbox providers — relies on user feedback and engagement as their top measure to determine deliverability.

    • SPAM Complaints — When you send emails to recipients who opt in to receive messages and who engage with your content, you keep the number of people who mark them as unsolicited to a minimum. The fewer complaints you receive, the more likely you are to have favorable reputations with mailbox providers.

    • Sender authentication — Mailbox providers use authentication methods such as SPF, DKIM, and DMARC to determine whether you are a legitimate sender. When you properly configure your sending domain for each method, your messages are more likely to reach recipient inboxes.

  • Factors with an indirect impact include:

    • Multiple ESPs — We understand you may select multiple ESPs to send different types of email. However, if another ESP sends emails on your behalf and doesn't adhere to the same high standards as Blackbaud, your reputation as a sender — even through our system — may suffer.

    • High opt-outs — When, over time, a large number of people request to no longer receive email from you, mailbox providers are less likely to place your messages in recipient inboxes. To avoid these requests, use reports within your application to monitor whether recipients engage with your content and adjust your messages as necessary.

Engage email recipients

We trust — and expect — your organization to maintain a database of engaged recipients.

We recommend you regularly review your data and group recipients into these categories so you can determine whether to continue to send messages to them:

  • Engaged — Recipients who open or click links within messages you send.

  • Stale or inactive — Recipients who do not open or click links within messages you send over an extended period, such as three to six months. Since recipients who do not engage with your content can lower your reputation as sender, consider strategies to re-engage them or remove them from your database.

Engagement factors (Email engagement segmentation)

When recipients engage with your content and want to receive your messages, your reputation as a sender will dramatically increase and fewer people will mark your email as unsolicited.

To help ensure you’re only sending email to engaged recipients, use tools within your application — such as Luminate Online’s Engagement Factors — to:

  • Score recipients based on their engagement

  • Create groups of engaged (and disengaged) recipients

  • Opt-out recipients who haven't taken action after a three-to-six-month period

Avoid SPAM Practices

SPAM traps

A sender's domain or IP address can appear on SPAM blacklists when they send messages to email addresses — known as SPAM traps — that are no longer active or not associated with a person.

Note: Our Acceptable Use Policy requires you to only send messages to email addresses associated with people who opt-in to receive them. Our email specialists closely monitor email practices and, if necessary, can intervene to disable service for a sender if they violate this policy and disrupt delivery for others.

There are three types of traps:

  • Recycled SPAM traps (RST) — Includes email addresses that are abandoned by recipients or retired by mailbox providers, then re-purposed to identify senders who continue to send to them.

    Note: A mailbox provider can convert an abandoned or retired address into a RST after just six months. After their pre-defined period of inactivity, they turn the account off and return hard bounce errors to senders — a process known as gravestoning — for 30 to 90 days. Some of those addresses are then reactivated and used as RSTs.

  • Pristine SPAM traps (PST) — Includes email addresses that are not associated with a person, but rather only exist to identify poor or malicious senders.

  • Role account (or Function Email Account) traps — Include email addresses with webmaster@, hostmaster@, sales@, support@, postmaster@, etc.

Depending on the type of trap and the mailbox provider, the penalty for being caught in a trap varies. Sometimes, providers will simply place messages from the senders they catch in SPAM folders. Other times, they will block all messages from the IP addresses that send them. Typically, Role Account (or Functional Email Account) traps result in higher penalties.

Do you wonder why Blackbaud's email system doesn't just suppress SPAM trap addresses? We wish we could. However, to prevent malicious senders from excluding RST and PST addresses from their lists, the addresses seem legitimate. Unfortunately, we can't identify them either, so we rely on clients to manage their data and only send to engaged recipients who opt-in to receive messages.

While we don't recommend you purchase email lists — since they often contain SPAM trap addresses — we understand that sometimes you must. If so, we strongly encourage you to:

  • Only purchase lists from reputable sources.

  • Verify the last time a sender mailed to the email addresses. To reduce the likelihood that many are invalid, ensure they are less than six months old.

  • Send an opt-in or subscription related message to confirm recipients are interested in additional messages.

Establish sender authentication

Mailbox providers use authentication methods to evaluate whether messages that appear to be from your organization are legitimate so they can block or filter email from fraudulent senders. For example, a scammer could craft an email that looks like it comes from your organization and solicit donations to a site they own. If the mailbox provider can’t verify whether the email is from you, the scammer could receive gifts donors think they're giving to your organization.

Fraudulent senders can change either of the “from” addresses an email message contains to make it seem like it’s from your organization:

  • “Envelope from” — The return address — hidden in the message header — receiving mail systems use to return or bounce messages back to the sender.

  • “Header from” — The friendly address — visible to email users — that appears in the From: field of an email.

To help mailbox providers verify when a sender is legitimate, our email system supports multiple authentication methods for your domain. Since you own your domain, we rely on you to manage the authentication for it.

Note: Mailbox providers use a variety of methods to evaluate messages, so passing or failing authentication checks doesn’t always directly correlate to inbox placement. We recommend you take a comprehensive approach to deliverability to increase the likelihood your messages reach recipients.

Sender Policy Framework (SPF)

The Sender Policy Framework (SPF) protocol is an authentication method that enables receiving mail systems to verify the mail servers that are authorized to send email on behalf of a domain.

When a mailbox provider uses SPF authentication, they compare the server that appears in the message header — also known as the long or internet header — to the sending servers that are listed in the Domain Name System (DNS) record for the “envelope from” address.

To authorize our system to send emails on your behalf, access the DNS record for your domain through your domain name registrar — such as GoDaddy, Network Solutions, or — and add a TXT record to it for your SPF information.

  • If your organization uses its own office email server and Blackbaud is the only ESP that sends email on your behalf, enter:

    • Altru, BBNC, BBIS, and OLX — v=spf1 +mx ~all

    • Luminate Online — v=spf1 +mx ~all

  • If your organization uses multiple ESPs, enter:

    • Altru, BBNC, BBIS, and OLX — v=spf1 ~all

    • Luminate Online — v=spf1 ~all

Note: Altru, BBNC, BBIS, and OLX — If your TXT record includes older entries such as or Blackbaud's IP ranges, you can remove them so that the only entry is, as noted above, v=spf1 +mx ~all or v=spf1 ~all.

Tip: Add a TXT record with SPF information for each domain you use to send email. Also, don’t forget to include the other email servers that are authorized to send on your behalf.

DomainKeys Identified Mail (DKIM)

The DomainKeys Identified Mail (DKIM) protocol is an authentication method that digitally signs part of an email message so that receiving mail systems can verify it wasn’t altered after it was originally sent.

To use it, a sender decides which elements of a message they want to include for the signature — such as the header and body or individual fields in the header — and then configures their system to encrypt those selections with a private key when they send email. When a mailbox provider receives a message with a DKIM signature, they use the public key the sender lists for their domain in the DNS to “unlock” the private key.

For Luminate Online, our email system provides generic 1024-bit DKIM authentication — by default — which encrypts fields in the header of messages you send with a private key. When mailbox providers receive the messages, they use the public key we publish for our domain to unlock it.

Note: If a generic DKIM signature is not sufficient for your organization's unique needs, or if you'd like to implement a DMARC policy, you can request a custom DKIM signature for your domain.

Tip: If your organization published DKIM public keys with less than 1024-bits, we recommend you delete them. For Luminate Online, this recommendation includes public keys with the convio1 key.

For Altru, Blackbaud Internet Solutions, Blackbaud NetCommunity, and Online Express, you can request a custom DKIM signature for your domain.

Domain Message Authentication Reporting Conformance (DMARC)

Since various ESPs might legitimately send messages on behalf of a domain, it can be difficult for a sender to know which of their messages authenticate properly with mailbox providers. To address this issue, Domain Message Authentication Reporting and Conformance (DMARC) provides a standard way for senders to establish policies for mailbox providers to use when email from them doesn’t pass SPF and DKIM.

The policies outline the criteria providers should use to determine whether messages pass or fail the checks and how they should handle messages that don’t pass, such as whether they should accept them, send them to the spam folder, or reject them entirely. The policies also detail the information mailbox providers should include in periodic reports to senders about which messages authenticate, which do not, and why.

To use DMARC, your organization must configure SPF and use a custom DKIM signature. We recommend you update all email servers that use your domain — such as the ones your organization uses locally — before you publish a DMARC policy. Given the complexity of this authentication method, and the significant impact improper configuration could have, we recommend you consult with your own email specialist before you implement it.