How do you make sure email you send programmatically is not automatically marked as spam?



Answers

Sign up for an account on as many major email providers as possible (gmail/yahoo/hotmail/aol/etc). If you make changes to your emails, either major rewording, changes to the code that sends the emails, changes to your email servers, etc, make sure to send test messages to all your accounts and verify that they are not being marked as spam.

Question

This is a tricky one and I've always relied on techniques, such as permission-based emails (i.e. only sending to people you have permission to send to) and not using blatantly spamish terminology.

Of late, some of the emails I send out programmatically have started being shuffled into people's spam folder automatically and I'm wondering what I can do about it.

This is despite the fact that these particular emails are not ones that humans would mark as spam, specifically, they are emails that contain license keys that people have paid good money for, so I don't think they're going to consider them spam

I figure this is a big topic in which I am essentially an ignorant simpleton.




Google has a tool and guidelines for this. You can find them on: https://postmaster.google.com/ Register and verify your domain name and Google provides an individual scoring of that IP-address and domain.

From the bulk senders guidelines:

Authentication ensures that your messages can be correctly classified. Emails that lack authentication are likely to be rejected or placed in the spam folder, given the high likelihood that they are forged messages used for phishing scams. In addition, unauthenticated emails with attachments may be outrightly rejected, for security reasons.

To ensure that Gmail can identify you:

  • Use a consistent IP address to send bulk mail.
  • Keep valid reverse DNS records for the IP address(es) from which you send mail, pointing to your domain.
  • Use the same address in the 'From:' header on every bulk mail you send. We also recommend the following:

  • Sign messages with DKIM. We do not authenticate messages signed with keys using fewer than 1024 bits.

  • Publish an SPF record.
  • Publish a DMARC policy.



You need a reverse DNS entry. You need to not send the same content to the same user twice. You need to test it with some common webmail and email clients. Personally I ran mine through a freshly installed spam assassin, a trained spam assassin, and multiple hotmail, gmail, and aol accounts.

But have you seen that spam that doesn't seem to link to or advertise anything? That's a spammer trying to affect your Bayesian filter. If he can get a high rating and then include some words that would be in his future emails it might be automatically learned as good. So you can't really guess what a user's filter is going to be set as at the time of your mailing.

Lastly, I did not sort my list by the domains, but randomized it.




Yahoo uses a method called Sender ID, which can be configured at The SPF Setup Wizard and entered in to your DNS. Also one of the important ones for Exchange, Hotmail, AOL, Yahoo, and others is to have a Reverse DNS for your domain. Those will knock out most of the issues. However you can never prevent a person intentionally blocking your or custom rules.




In the UK it's also best practice to include a real physical address for your company and its registered number.

That way it's all open and honest and they're less likely to manually mark it as spam.




Delivering email can be like black magic sometimes. The reverse DNS is really important.

I have found it to be very helpful to carefully track NDRs. I direct all of my NDRs to a single address and I have a windows service parsing them out (Google ListNanny). I put as much information from the NDR as I can into a database, and then I run reports on it to see if I have suddenly started getting blocked by a certain domain. Also, you should avoid sending emails to addresses that were previously marked as NDR, because that's generally a good indication of spam.

If you need to send out a bunch of customer service emails at once, it's best to put a delay in between each one, because if you send too many nearly identical emails to one domain at a time, you are sure to wind up on their blacklist.

Some domains are just impossible to deliver to sometimes. Comcast.net is the worst.

Make sure your IPs aren't listed on sites like http://www.mxtoolbox.com/blacklists.aspx.




The most important thing you can do is to make sure that the people you are sending email to are not likely going to hit the "Spam" button when they receive your email. So, stick to the following rules of thumb:

  • Make sure you have permission from the people you are sending email to. Don't ever send email to someone who did not request it from you.

  • Clearly identify who you are right at the top of each message, and why the person is receiving the email.

  • At least once a month, send out a reminder email to people on your list (if you are running a list), forcing them to opt back in to the list in order to keep receiving communications from you. Yes, this will mean your list gets shorter over time, but the up-side is that the people on your list are "bought in" and will be less likely to flag your email.

  • Keep your content highly relevant and useful.

  • Give people an easy way to opt out of further communications.

  • Use an email sending service like SendGrid that works hard to maintain a good IP reputation.

  • Avoid using short links - these are often blacklisted.

Following these rules of thumb will go a long way.




You may consider a third party email service who handles delivery issues:

  • Exact Target
  • Vertical Response
  • Constant Contact
  • Campaign Monitor
  • Emma
  • Return Path
  • IntelliContact
  • SilverPop



It could very well be the case that people who sign up for your service are entering emails with typing mistakes that you do not correct. For example: chris@gmial.com -or- james@hotnail.com.

And such domains are configured to be used as spamtraps which will automatically flag your email server's IP and/or domain and hurt its reputation.

To avoid this, do a double-check for the email address that is entered upon your product subscription. Also, send a confirmation email to really ensure that this email address is 100% validated by a human being that is entering the confirmation email, before you send them the product key or accept their subscription. The verification email should require the recipient to click a link or reply in order to really confirm that the owner of the mailbox is the person who signed up.




A few bullet points from a previous answer:

  • Most important: Does the sender address ("From") belong to a domain that runs on the server you send the E-Mail from? If not, make it so. Never use sender addresses like xxx@gmail.com. User reply-to if you need replies to arrive at a different address.

  • Is your server on a blacklist (e.g. check IP on spamhaus.org)? This is a possibility when you're on shared hosting when neighbours behave badly.

  • Are mails filtered by a spam filter? Open an account with a freemailer that has a spam folder and find out. Also, try sending mail to an address without any spam filtering at all.

  • Do you possibly need the fifth parameter "-f" of mail() to add a sender address? (See mail() command in the PHP manual)

  • If you have access to log files, check those, of course.

  • Do you check the "from:" address for possible bounce mails ("Returned to sender")? You can also set up a separate "errors-to" address.



Links