BLOG

In the war against spam and email phishing scams, Google prides itself on the robust nature of its Gmail spam filters. The simple goal is to deliver only legitimate messages into its user’s inboxes. To obtain this goal the ‘filters’ applied to incoming email messages are constantly being refined and this can cause issues for the sender if they don’t know about or don’t follow the guidelines set out by Google.

In July 2015 Google updated their filters to make them smarter than ever, employing ‘machine learning’ to help remove sneaky spam/junk mail and phishing emails before they reached user inboxes. They also launched a new service for businesses that send emails, called Postmaster Tools - designed for qualified (by Google) high volume senders.

Aside from these advanced filters it is very important for business owners to understand what Google determines as email spam.  Here are some of the top triggers for the filter:

• Content – particular words or phrases used within the email can be deemed inappropriate.
• Links – including links to blacklisted or spurious websites within the email.
• Source – a problem for websites hosted on shared IP addresses. If someone on the same IP address as you is spamming, you’ll be guilty by association.
• Headers – inconsistencies in the ‘From:’ and ‘Reply to:’ addresses.
• Engagement - the way email recipients handle emails - do they mark them as spam, delete immediately or not open them?
• Authentication & Identification – if Google can’t identify the sender, the email will likely end up in the spam folder.

It is the last point that I’d like to discuss further in this post but before I do here are some simple things that you can do to start eliminating any problems you might be experiencing:

1. Content – make sure your content isn’t likely to raise any red flags by avoiding spammy words like ‘mortgage’, ‘free’, ‘click here’. Make sure you have a good text to image ratio – if Google can’t read text in your email they’ll likely mark it as spam. And never link out to inappropriate websites.
2. Recipient authorisation - ask your recipients to add your ‘From:’ address to their contacts. This will tell Gmail that the message is indeed wanted. If you are capturing leads on your website and sending verification emails, for example, then make sure the success messages that are returned give clear instructions on where to look for the email (it could possibly have ended up in the spam folder) and ask your website visitor to consider adding your email address to their contacts to ensure they always receive your emails.
3. The ‘Not Spam’ button – if a wanted email does arrive in the Spam folder ask the recipient to click the ‘Not Spam’ button. This will help Google categorise the email next time.
4. Header Consistency - Use the same address in the ‘From:’ header on every email you send

So back to my point above. Google recommend an Authentication and Identification protocol for all business owners that use their domain for sending email.  So that Gmail can identify your business the following should be considered at server level:

• Keep valid reverse DNS records (DNS = Domain Name System – the exact location of your website on a hosted server) for the IP address from which you send email, pointing to your domain (your website address or URL). This does require a dedicated IP address, but a dedicated IP is also a requirement of an SSL Certificate which we recommend for all clients as part of a suite of measures to help keep you secure online. The sending IP must have a Pointer (PTR) record and it should match the IP obtained via the forward DNS resolution of the hostname specified in the PTR record
• Create and publish a Sender Policy Framework (SPF) record for your domain. This is a record in your DNS Zone File that identifies which email servers are permitted to send email on behalf of your domain. It prevents spammers from sending messages with forged ‘From:’ addresses (spoofing) of your domain.
• Create and publish a Domain-based Message Authentication, Reporting & Conformance (DMARC) policy . This new framework is still considered somewhat experimental, however some large ESPs (Email Service Providers) like Google and AOL have started utilising it.

You should only use IP addresses listed in the SPF records of your DNS when sending email, consider this especially if you are using third party mail providers.

You may also like to sign up to the Postmaster Tools service offered by Google to allow high volume senders to analyse email – including receiving data on delivery errors, spam reports and reputation. The service is designed to help you understand how Google handles your email messages and gives best practice advice to email delivery success.

We realise that there are a lot of acronyms and technical jargon in this article, but this is a technical subject. I also do need to point out that the list above is not an exhaustive list but it does cover the quick wins that can be implemented at a small cost. If you are a high volume sender and have multiple email accounts associated with your domain, you might be interested in other ways to ensure your email gets delivered to Gmail. Read more here about Email Authentication with the DomainKeys Identified Mail (DKIM) Standard or the Realtime Blacklist (RBL) service. If we host your email, we’d be happy to give advice if you have any questions about either of these services.

Making sure that your email messages get through to the intended recipient is obviously very important to your business from a promotional, customer service and administrative point of view. If you have any questions or need help to set up your Authorisation & Identification protocol please feel free to get in touch with us – we understand and are very experienced with this subject matter and we’re happy to help.