Email, Spam, and Your Marketing Strategy: Avoiding Spam Filters
We’ve all received emails that claim to sell Rolex watches for pennies on the dollar, one-pill weight loss plans, or cheap Canadian meds. While the annoyance of spam hasn’t relented over the years, email service providers have gotten better and better at filtering out spam from our inboxes. Therefore, avoiding spam filters is an important goal of your eCommerce email marketing strategy.
Email filters are great because they prevent these annoying emails from reaching our inboxes. But on the flip side, aggressive spam filters can block your legitimate email marketing campaigns from reaching customers’ inboxes, unless you take proper precautions and use proper technology.
There are many technological solutions that can reduce the mislabeling of legitimate marketing emails as spam. Three techniques in particular can help you bypass spam filters and increase successful delivery of your marketing emails, especially when you combine the techniques together.
Sender Policy Framework
Sender Policy Framework (SPF) is a tool that creates labels for email domains (the @ecommerce.com part). SPFs ask the receiving email server if the sending server is allowed to use its name in the email address. A good strategy for avoiding spam filters starts with setting up SFP for your sending server.
For example, let’s say you just sent an email from firstname.lastname@example.org to email@example.com. When the email arrives at the gmail.com email server, it sends a request back to ecommerce.com asking if the sending server is allowed to use the ecommerce.com name in emails. If ecommerce.com says yes, then the gmail.com server can be reasonably sure the email is legitimate and not spam sent from a system forging the ecommerce.com name.
DomainKeys Identified Email
DomainKeys Identified Email (DKIM) is similar to SPF, but adds cryptography to the process. DKIM allows the receiving server to be reasonably sure an email wasn’t altered on its way through the Internet.
Using our earlier example, when you send an email from firstname.lastname@example.org to email@example.com, the gmail.com email server reads a special header in the email envelope that contains a cryptographic block derived from the email message. The server then asks ecommerce.com for a piece of proof to verify the cryptographic block. If the gmail.com server can verify the cryptographic block using this proof, it knows the email is likely legitimate, hasn’t been altered, and wasn’t sent from a system forging the ecommerce.com name.
Transport Layer Security
Transport Layer Security (TLS) is commonly used in eCommerce to protect shoppers’ payment information. TLS enables the green padlock that appears in your browser before the beginning of your URL.
TLS proves that whatever credit card data shoppers type into your web page will be kept safe and private. TLS technology is also applied to email. TLS assures the servers that send and receive emails that no third-party observers can read the emails as they move through the Internet. It also assures that servers on both ends of the connection are being honest about their identities.
Putting It All Together
Spam filters rely on a number of different signals, both positive and negative, when filtering emails. By combining SPF, DKIM, and TLS technologies you can increase the likelihood that your marketing emails will successfully reach your customers’ inboxes.
SPF and DKIM give spam filters two large, positive signals to allow your emails through. More and more email providers use TLS as a spam-filtering signal as well. Adding TLS to your email strategy protects your customers’ privacy while giving positive signals to spam filters. Used in combination, these technologies are powerful tools for avoiding spam filters and enabling successful delivery of your marketing messages.
Ben Vaughan is the information security officer on LYONSCG’s Application Hosting team. As ISO, Ben ensures the security of eCommerce platforms by developing, refining, and promoting good security practices. He has more than ten years of experience in information security.