Dante’s trip through Inferno didn’t include the hidden 10th Circle of Hell, where all of the IT administrators are trying to solve email deliverability problems. Virgil spared him that horror. I’m going to try to spare you a little bit of horror too.
As the IT director at a revenue marketing agency, I’ve waded through the panic that comes from email not showing up in an inbox more times than I care to count. Here’s a guide to help you sort through the issues quickly.
10 Steps to Identify Email Deliverability Issues:
- Check other folders
- Check quarantine
- Run a message trace
- Test email with another domain
- Analyze the header for spam score
- Test email deliverability without signatures
- Check your SPF and DKIM records
- Verify your domain
- Check mail server status
- Check blacklists
Check other folders
It’s possible the recipient received it, but it’s just not where it was anticipated to show up. Have the recipient check their junk folder. Another place to check is the “Other” tab if the mailbox uses the conversation layout in Outlook. It’s also worth checking the “Social” or “Promotion” tabs if it’s a Gmail account. If it turns up in any of these folders, be sure to drag the email back where you wanted (or expected) it to arrive, so the email client is trained to sort future emails correctly.
Depending on the strictness of screening settings, it’s possible the email ended up in quarantine. If it’s there, you’ll need to release it to the recipient. Consider lowering the spam threshold policy so more email can get through.
Run a message trace
This tool is particularly helpful for decoding the paths of email deliveries. In Microsoft, this can be found in Exchange > Mail Flow > Message Trace and in Gmail it’s Reports > Audit > Email Log Search. Here you can enter the sender and recipient addresses and run a trace to see what path the email took and whether or not it arrived at the recipient. And for internal tests, you’ll be able to identify unknown or erroneous rules that sent the email to the wrong location.
Test email with another domain
When email delivery is an internal issue, send some test emails to a different domain, like a personal Gmail. Testing email deliverability outside of your own domain will help you narrow down whether it’s an internal or external issue.
Similarly, if you learned about the email deliverability issue from a specific domain recipient, but others are receiving it fine, it’s possible (likely, even) that it’s the recipient domain’s issue.
NOTE: If it appears the issue is limited to one specific domain, you can still run some other tests to see where your email is getting rejected (see below).
Analyze the header for spam score
If the problem is receiving email on your side of the exchange, run the email in question (once you have a copy!) through a header analyzer to get the email’s spam score. Compare this to your company’s threshold policy for rejecting SPAM and you might find that dropping the threshold helps.
Test email delivery without signatures
This is a hidden spam flag that can be tough to address. Fortunately, testing and debugging this issue is straightforward (if tedious). In some cases, links or images in your domain’s email signatures can get flagged as nefarious. This could be because of your domain reputation, blacklisting or maybe there’s a linked web page that’s being falsely interpreted as malicious.
To test for an issue in a signature, send an email to the domain that isn’t receiving your email without a signature. If your email comes through, you’ll know it’s something in the signature. At this point, you’ll need to send multiple emails to begin a process of elimination by slowly removing different parts to find out which piece of the signature is problematic.
NOTE: Email signature flags tend to result from spammy email practices or sending emails to old addresses that have been converted to SPAM traps. The best way to prevent these and other email problems is through proper email and list management practices.
Check your SPF and DKIM records
This part of DNS configuration is chronically overlooked. In my personal experience, when you’re using a platform to serve mail on your behalf, SPF and DKIM issues are the culprits in nine of ten cases. SPF records authorize specific email providers to send email on behalf of your domain. DKIM ensures the message hasn’t been forged or altered. If you don’t set this up, your emails will look spoofed and are likely to be rejected by the recipient’s email server. You can create and manage SPF and DKIM records wherever you manage your DNS records. It’s also very important to note that you cannot have more than one SPF record. If your domain has two entries, neither will work. So, make sure your SPF records are consolidated if you have multiple email service providers that require this (example below).
First record: v=spf1 include:_spf.google.com ~all
Second record: v=spf1 include:sendgrid.net ~all
Consolidated record: v=spf1 include:_spf.google.com include:sendgrid.net ~all
Verify your domain
In line with the previous point, email service providers generally ask you to verify your domain first by sending an email link to the address you want to use for sending. Or you might be asked to add a special TXT record to your domain. Platforms are doing a better job at handholding to make sure everyone knows this needs to be done, but it’s good to confirm that your domain is verified somewhere in your email service provider’s account settings wherever domains are configured.
Check mail server status
It’s possible the sending server itself is an issue. Do a check for your email provider’s server status for known issues. Check both primary email handler, whether that’s Microsoft, Gmail or something else, as well as third-party senders you use like MailChimp, SendGrid, etc.
If enough of your emails get flagged as spam, it’s possible your domain reputation has fallen enough that you’ve ended up on a blacklist. In these cases, email servers will outright reject your email. Check your domain against a blacklist search provider like MX Toolbox. Getting cleared from backlists can be very, very tough. You can petition yourself to be temporarily removed, but you need to get your ducks in a row so you don’t go right back on it. If you become a repeat offender and get flagged again, your petitions may no longer work.
For this reason, among others, you should operate under proper list management practices and only send emails to people who know you, expect emails from you, or to people who have opted in to your marketing communications.
TIP: If you’re landing on blacklists despite good practices, you might have a rogue sender. Look for issues with your sales and marketing users. If you can’t find the issue there, consider who has access and whether it’s possible someone can leverage your domain’s reputation for personal benefit here – someone can easily sign up for their own third-party email service with their work email; they might not be able to verify the domain or add an SPF record, but some emails can still get through and get flagged as SPAM. And ultimately, just sending enough emails that are constantly rejected will hurt your reputation as well. Keep this at the back of your mind when email deliverability comes up.
Ask your known contacts to safelist your domain. In some situations, this might be the only thing you can do if this is related to the recipient’s domain specifically, and not a broader issue. They’ll need to do their own diagnostics, but this step will at least assure your own deliverability.
Ensure good list management practices
- Enable double opt-in. If you are in a position to turn this feature on without issues, you should do this. Double opt-in ensures that the list contact is much safer to send to, which is much better for your domain reputation overall.
- Contact newly acquired emails quickly (especially after an event). If you’ve gone to a networking or industry event of some kind and have acquired a list of potential contacts, don’t wait three months to reach out – they might forget who you are and mark your message as spam. Reach out while the event is still recent and fresh in their minds and before they’re burned out from all the other show-related emails they’ve received.
- Clean your lists. Most email services handle this for you through automatic removal and/or blocking of unsubscribes. Still, you should keep an opt-out list on-hand for use with other platforms and providers.
- Don’t purchase lists. We’ve helped companies dig out of email reputation holes following list purchases from list vendors and tradeshows. Nobody “opts in” to receive emails from parties they don’t know. Maybe their registrations require consent or list inclusion is buried in terms of services somewhere, but in practice, they’ll drag unsolicited emails to junk boxes or even lodge formal complaints.
- Don’t try to be sly about tricking people into opting in. See “Don’t purchase lists” above. An opt-in must be fully informed. The damage to your domain reputation is not worth it. You’ll end up losing business, not earning it.
Avoid bad email etiquette
- Avoid using spammy words. There’s a fantastic list here: https://blog.hubspot.com/blog/tabid/6307/bid/30684/the-ultimate-list-of-email-spam-trigger-words.aspx
- Avoid using all caps. Implying urgency this way will get you a first-class ticket to the spam folder.
- Avoid using the entire Crayola box. Emails with too many differing colors will be flagged. Keep the design simple and coherent.
- Avoid using language that sounds like phishing. Don’t solicit personal information or communicate a false sense of urgency – your emails will look like phishing and be flagged as such.
- Link to safe sources (preferably your own domain). When you can, link to your own domain. In other cases, link to authoritative sources and not websites URLs that look like someone rolled their face across their keyboard. If you link to another website that ends up compromised in a hack, and your emails are responsible for sending traffic there, guess who’ll suffer? You will.
Educate your clients and employees
In some situations, you may find that it’s not your own email deliverability, but your clients’ that’s become the issue. That’s certainly the case for us at BuzzTheory. If you are helping someone run their marketing, it’s paramount for them to understand the criteria that flags email as spam, as well as proper list management and how to properly establish communications with new contacts. In the worst-case scenario, they’ve already been irreparably blacklisted so many times that they have no choice but to abandon the domain – and that doesn’t even resolve the possibility of having the sender’s name and phone number from that domain’s email signature being flagged as a malicious. You can only clean up the situation as long as they aren’t actively taking the trash can from you and dumping it right back onto the floor while you aren’t looking. It can be challenging to convince people to change their behavior – especially when they’ve had success with tactics that no longer work.
If you’re not in an agency and are the email cleanup person inside your company, the single best thing you can do for your firm – and your own sanity – is educate employees about best practices.
Our tech today has advanced leaps and bounds from where it was just a couple of decades ago. Modern screening software typically boasts more than a couple hundred points of analysis for anti-spam and anti-phishing, as well as running emails through natural language processors. So even if you are guilty of some of the spammy things above, there is a degree of wiggle room granted for senders because our tech, particularly with the help of AI, is beginning to understand the subtle nuance of human communication. The only surefire way to ensure a good delivery rate though, is to verify a proper tech setup and follow good email and list practices.
This guide is not the catch-all because every tech stack is different, and more importantly, technology changes. When it comes to email, there’s always something new to work through. In fact, at BuzzTheory, as part of our cyber resilience efforts, we deployed a click-time protection service that runs every email link through a virtual sandbox upon clicking. This is fantastic feature that protects our business and employees from bad actors, but Microsoft spontaneously started flagging the URL rewriting as phishing only on the replies to our own replies, weeks after implementation for no apparent reason. Bizarre, right? Microsoft support was unable to figure it out and, frankly, it’s not reasonable to expect front-line tech support at Microsoft to immediately know and understand how all of your connected apps work if you need an urgent resolution. So I had to drop everything and lose considerable time to monitoring, diagnosing and solving the issue.
Every once in a blue moon, something in the house of cards that is your tech stack collapses, leaving tech problem-solvers to figure out what’s gone wrong and how to fix it, fast. Email delivery problems, in particular, can be tricky to decode. I hope this list, along with your knowledge of all the nuance and complexity in your business, can help you find that broken link in the chain.
Tech will inevitably go on the fritz and human error is definitely going to creep in, but with the steps above, you’ll largely be able to keep deliverability at the back of your mind and focus on more important things like empowering messaging, campaigns and all the fun stuff that brings home the 🥓.