This document discusses email deliverability best practices for B2C ISPs in 2018. It recommends securing email authentication with DKIM and SPF to establish domain reputation. Content filters now focus on user interaction rather than keywords to determine wanted vs unwanted content. DMARC is important for preventing phishing but does not alone improve deliverability. IP reputation is still used but domains are increasingly important. Major ISPs like Gmail, Hotmail and Oath are discussed along with new standards like BIMI.
2. Topics
What do ISPs want?
Domains, identity, and your
brand.
Content filters are out, user
interaction is in!
Content filters are back in.
Wait…What?
The DNS is scary and
confusing.
Wherefore art thou IP
reputation?
Gmail
Hotmail
Oath
DMARC
BIMI
3. What do ISPs want?
ISPs want to deliver emails that their users want, and
filter emails their users don’t want.
ISPs want senders to send stable and consistent volume
and quality.
ISPs want to see evidence that their users requested and
expect the emails.
ISPs want to give their users a good experience.
4. Domains, identity, & your brand.
B2C ISPs use domain reputation to foil spammers and abusive
marketers who “snowshoe” and “churn” IPs.
“From,” DKIM, Return-Path, & Content.
Sharing a domain, particularly DKIM, with another sender
means you share a reputation, at least partially.
The B2C ISPs will use subdomains to separate reputations in
order to help insulate valuable transactional emails from the
effects of questionable marketing.
If this appears to be abused, such as list washing or snowshoeing, ISPs
simply recombine the reputations into one domain reputation
5. Content filters are out, user interaction
is in!
Keywords aren’t great indicators of what a user does and
does not want, but “Star” vs “Complain” is.
Keyword filters catch legitimate emails such as financial
and pharmaceutical communications.
Users rarely bother creating rules and maintaining an
address book as a ”Whitelist.”
ISPs use a user’s actions to find out if they likely requested
the email, and if they find it valuable.
7. Content filters are back in. Wait…What?
ISPs want to protect users from malicious and deceptive emails, even if
the users think they might want them (phishing, deceptive ads, scams,
etc).
Content filtering at B2C occurs very early to identify truly abusive and
deceptive emails, then again to identify if the content is similar to other
content that users have complained about or found valuable.
“Keyword filters” are rarely significant at B2C, content filtering is now
heuristic pattern recognition: what “kind” of content is valuable to or
unwanted by users based on their interactions.
“Broken” content reflects poorly on ISPs, so they are less inclined to
inbox it.
8. The DNS is scary and confusing.
The DNS is the phonebook of the internet.
The DNS is a database of records associated with a domain,
which anybody can read.
“A Record,” “TXT Record,” & etc.
This is where you prove your identity (or not) because only the
owner of a domain can create or edit in the DNS for that
domain.
Identity is a very important component of trust for email.
This includes the Whois and spam filters crawl it.
Spammers privatize their Whois to hide that one domain is related to
another.
ISPs feel there is no reason a legit company would privatize their
Whois.
9. The DNS is scary and confusing.
Things you need in (rough) order of importance:
DKIM – Secure your emails, or let your ESP do it.
SPF – Secure your email server, or let your ESP do it.
A – Your “From” domain or subdomain needs to work if a user types it.
PTR – Your dedicated IP should have a relationship with your “From”
domain.
DMARC – Protect your users from phishing and get reports on how your
authentication is working from all sources.
The more of these things that are unique to a sender, the more
that sender’s reputation stands alone from other senders.
10. Wherefore art thou IP reputation?
IP Reputation is used:
When domain information is insufficient.
If there are indications of “IP Churning.”
If there are indications of “Snowshoeing.”
To identify possibly compromised servers.
Sudden volume spikes.
Sudden complaint spikes.
Sudden spike in content that is caught by the content filters.
Sudden known spam patterns caught by the content filters.
11. Gmail 2018
Gmail Postmaster Tools
Reputation window.
Track the authentication domains as
well as the “From” domain.
gmail.com/postmaster
Gmail Feedback Loop
Non-traditional, shows complaint rate
for a given campaign if volume is
sufficient, but no user-level data.
Requires a custom Header line in each
email.
12. Hotmail 2018
Uses both IP and domain reputation, slowly
moving to primarily domain reputation.
Monitor IP reputation via Smart Network
Data Services (SNDS)
https://sendersupport.olc.protection.outlook
.com/snds/
Rate-Limiting soft bounces indicate a
dropping IP reputation.
SmartScreen may retroactively change inbox
placement but does not keep historical
data.
13. Oath 2018
Yahoo + AOL + Verizon
All 3 are currently on Yahoo’s server backend, using
Yahoo’s domain filter.
Rate-limit and warm as if sending to 1 ISP.
Oath will move over to a brand new backend and filter
eventually.
AOL and Yahoo Feedback Loops are still separate,
everything else is Yahoo.
AOL IP Reputation Portal is down and no longer relevant.
14. DMARC
Domain-based Message Authentication and Reporting
Conformance
DMARC allows the owner of a domain to tell the world
that if an email does not prove its identity, it is fake.
DMARC relies on SPF and DKIM.
DMARC is used for trust and to stop phishing.
DMARC does not improve deliverability by itself.
Gmail is pushing for DMARC to be adopted worldwide.
15. BIMI
Brand Indicators for Message Identification
The BIMI standard allows an ISP who is confident that
a given sender is real to show that confidence in a
way the consumer can easily understand: branding.
https://authindicators.github.io/rfc-brand-
indicators-for-message-identification/
This relies on DMARC and prevents “Spearphishing”
support@jpmorganandchase.com
support@jpmorganchase.com