Email Sender Reputation: expert interview
Once released by the "send" button, your emails face numerous hazards on the way to the inbox. Spend any time in the world of email delivery and you'll see that your reputation as a sender of emails has a big impact on their success at negotiating these hazards.
The better your reputation, the more emails get delivered.
But what determines your reputation? Are ISPs sharing reputation information? Does a good reputation protect you from one-off delivery mistakes? How does authentication fit into all this?
All too aware of my ignorance on these topics, I called up Ken Takahashi (Vice President, Global Channels) at Return Path to get some answers.
Return Path offers a range of email management and marketing solutions, such as a whitelist (called Sender Score Certified), a black list, summary reputation scores (all 3 driven from a collaborative reputation data network), and outsourced feedback loop management.
In other words, the company is closely involved in the calculation, collection, distribution and application of sender reputation data. This gives Takahashi a pretty broad perspective on the whole business of reputation, which he says, "...is being used just about everywhere today."
But what exactly goes into your sender reputation?
The elements of your sender reputation
Takahashi outlines six main components of sender reputation, as used by Return Path. And notes that many other organizations follow a similar approach.
1. The volume of email you send
Traffic consistency is key: your reputation takes a hit if your email traffic has unusual spikes in it.
"If the volume of email sent by an IP address is growing at 10% a month that sounds reasonable. But if you get a few spikes where people are hopping on and off a network, the reputation of that network is compromised."
"For example, an IP address sends out a million messages every month and then this month it's sending 12 million messages...that's a little risky."
Those sending small volumes of email also have challenges establishing a good reputation.
"Too little email could potentially be a problem if the denominator is just not big enough to be statistically relevant."
But why would low email volumes be treated with suspicion?
"There are plenty of networks out there that are compromised by Trojan Horses and other spam bots where the mail is distributed across a number of places to stay under the radar. So just because your volume is small doesn't mean you get a free pass from any judgement."
2. The number of unknown users you send to
Says Takahashi, "If 3% of your mail bounces, then that's probably acceptable. But if 30% or 35% of your mail is bouncing continually, then that is a problem. It clearly says that the data quality is not there: there's something really wrong with the management of your system."
3. Complaint rates
A few spam reports are not going to kill your reputation, says Takahashi, noting that the delivery world is aware that some such complaints are just "lazy unsubscribes." It's about keeping "this is spam" complaints below a certain threshold.
Yes, but where is this threshold?
Takahashi isn't going to give numbers, but notes that it's about being relatively better than others, rather than meeting an absolute figure.
Return Path, for example, records complaint rates across all the commercial email they track and make the comparative data available to ISPs so they can decide what level is acceptable (and what isn't).
4. Spam trap hits
These are email addresses that should not normally end up on an opt-in list. They are either created specifically to see if anybody emails them or are dormant/dead email accounts converted to spam trap email addresses for the same purpose.
Again, Takahashi notes that it's about ensuring the percentage of spam trap addresses on your list is relatively lower than for the rest of the sending community.
He also notes that the threshold is very low: "You shouldn't really hit that number anyway. Your ability to avoid or eliminate spam trap addresses is a great indicator of your reputation."
5. Permanence
The longer you've been sending email reliably and safely from a particular source, the better your likely reputation. "Did you just show up yesterday or have you been here for five years?"
6. Infrastructure
On the technical side of things, another contributor to reputation is "...the ability of your sending infrastructure to do all the things that are expected of you as a high-volume sender...stuff like authentication, the ability to handle bounces properly (such as removing addresses that perpetually bounce), etc...the core of the ESP business. Not all systems are created equal."
Building a good reputation begins during the sign-up process, says Takahashi..."I'm a firm believer that 90% of the fate of an email program is decided at the point of data collection. Whether it's how you collected the data, the notice and choice you gave the customer when collecting that data, the expectations you set when you collected that data. That's 90% right there."
So how does authentication fit into this?
The major global ISPs are already including authentication as a criterion when evaluating inbound email, "...so if you're authenticated, you may go through less hoops and hurdles than if you're not authenticated."
A lack of authentication won't get you filtered out (yet), but it does subject you to more scrutiny from anti-spam technologies. Not that every ISP is taking this approach. "Some ISPs (and I'm sure there are many still out there, especially in the smaller tier) don't do anything with authentication."
However, "...moving forward, authentication is a common theme for all inbound email solutions."
What about Email certification?
Return Path runs the Sender Score Certified accreditation program as part of their service palette: a whitelist used by ISPs and others managing "...1.2 billion mailboxes throughout the world. It's the largest whitelist being adopted at a commercial level."
But certification doesn't always guarantee delivery to the inbox. Takahashi notes, "It's not being used everywhere the same exact way. Certain ISPs may give you near guaranteed inbox delivery (although they probably won't say it). Others will have it at as a major determination factor, with shades of grey between the two."
The Sender Score Certified accreditation model involves an initial fee plus annual fees dependent on volume. But it's not a per email price. Why?
Takahashi explains: "The cost and complexity of the solution shouldn't be greater than the value the service provides. Our big premise here is that we don't want to go into a world where there is a "per deployment" charge or a "per email" charge: it complicates matters...it makes the marketplace a bit more hostile."
"We don't want to penalize people just because they're sending more email. We do have price bands just to kind of control things in the marketplace. We don't want to incrementally penalize people for growing their business and doing things right."
So does the future belong to certification / accreditation programs? Not exclusively, says Takahashi...it's about a combination of approaches...
"Authentication is the first baseline. Authentication lets us target and track the sender's performance and then accreditation and reputation are the metrics that let the market judge that performance. All three together give you the opportunity to provide technology and services that really make an impact. Each one on its own doesn't provide as much value, because it's just not as constructive as all three together."
We're heading, then, toward a system where we identify ourselves through authentication. Then a reputation and (optionally) accreditation is assigned to this identifiable entity, with more and more ISPs then using that information to filter or flow the email to the right place.
There is a proviso though..."You can't buy your way in...you can be a good guy and, for example, Sender Score Certified. But if you load a list (whether intentionally or not) that has horrible results then you'll be suspended from the program. It's an ongoing evaluation."
One strike and out?
But does this mean a good sender can get punished for a small mistake? Or does your historical sender reputation give you some leeway?
The answer depends on the ISP or program involved. In the Sender Score program, for example, there's a quantitative metric analysis being done at all times...
"If that mistake is small enough so the metrics aren't impacted to a point where the bells and whistles go off, then you'll be fine. But if it's a huge issue - you double your list size with names that never should have been in there - it will make an impact."
"I've had conversations with ISPs where many of them take permanence into account. This IP consistently sent this much email and had one blip on the radar and ever since has been fine. Others just don't have that kind of reverse long-term vision to see who you were three weeks ago or three months ago."
So in many cases, you're only as good as your last few emails.
Is reputation tied to your sending IP address or your domain?
At the moment, most ISPs are using IP addresses, but it looks like the market is shifting to an IP/domain pairing future for reputation.
Authentication (particularly DomainKeys) will help ISPs assign reputations more precisely, by tying this reputation to both sender IP addresses and sender domains.
"There are already plenty of ISPs that use the domain/IP pair today in terms of reputation analysis and that's a direction that Return Path will go: it just gives you a slightly more targeted layer of identification."
What about unique or shared IP address?
Takahashi says that a unique sending IP address is better for reputation management, "...provided you do wear that white hat and you're willing to have that scrutiny put on yourself. For any upstanding sending organization...a dedicated IP infrastructure should be there."
Are we then approaching an email marketing world where the only way to be truly successful is standing up and accepting accountability, declaring who you are, using a consistent identity, accepting your reputation and doing your best to keep that reputation positive?
Takahashi: "I would agree with the majority of that. For any commercial sender of high volume email, ensuring you do everything on the up and up and are as transparent as possible is really the largest risk mitigator for your email program. Ensure you follow authentication standards, ensure all technology implementations are in place and that you have a keen and watchful eye on your email reputation."
What about the little guys?
But what do the smaller businesses do, who can't afford deliverability audits, certification and similar?
"Plenty of email service providers gear their offerings to small business. They take on the role of that deliverability consultant for you. If you happen to be sending mail out of your own mail server there are best practices you can get hold of: documentation on how best to configure your infrastructure. A lot of major ISPs provide that info. Return Path also publishes a lot of that info through our blog and documentation."
And the future?
Takahashi sees much promise in collaboration in the delivery world.
"Our programs work a bit like a cooperative database structure, where ISPs are free to take out aggregated data about the reputation of mailers sending into their inbound environment (provided they contribute data back into the network)."
"So, for example, ISPs report back what percentage of mail they reject from a particular IP range. They then have the ability to look at the aggregated data and say, hey on average I'm blocking this mail that my peers do not: I should look into that more closely."
Equally, "...spam doesn't sprout up everywhere around the world at once. We have data coming in from around the world and we may see early warning signs from a specific geography before it hits another. A collaborative network like this is truly an early warning system."
But will the triumvirate of authentication, reputation and certification see the end of spam and improved deliverability for legitimate marketers?
"The fraudulent side of the industry continues to evolve as well. Five to six years ago we saw spam was a huge problem and decided to attack it, but spammers have adjusted their tactics, motives and business models quite significantly."
"It's hard to put a firm line in the sand and say that by a certain date, spam and deliverability will be at a certain level. But I'm confident that things will continue to evolve."
At least marketers now understand the value of deliverability best practices and services...
"The majority are at the point where they say 'I know I have to do something about deliverability.' They're at the stage now of asking, 'what exactly is the tactical stuff that goes with that?' There are always learning curves, with early adopters and stragglers. But we're well into the stage where marketers understand it's important..."
Need more email marketing guidance? Try the email newsletter.