The Spamhaus Project

best-practice

How to avoid looking like a spammer when setting up marketing emails

Here are pointers to help you distinguish yourself from miscreants who send spam. Because you don't want is to be perceived as a spammer.

by The Spamhaus TeamFebruary 15, 20223 minutes reading time

Jump to

Introduction

In the world of sending email and spam filtering, intentions matter far less than behavior. The spammers set the bar. Even if you are sending authenticated, confirmed opt-in (COI) email, if your email program does not at least meet the basics, no spam filter will understand the difference.### Legitimate mailers work hard to build brand reputation based on a real business address, a known domain, and a small, permanent, well-identified range of sending IPs.

What steps to take to ensure you look legitimate

It is critical to follow best practices to distinguish yourself from miscreants who spam. Always keep the following in mind:

  • Authentication:

    • All emails should be correctly authenticated with DKIM & SPF at a minimum.
    • The SPF record should be as narrow and specific as possible. If you designate the entire internet as “permitted sender,” this is not useful and opens the domain to abuse by spammers.
  • Whois: Do not use anonymized or unidentifiable Whois records. Legitimate businesses should have no reason to hide their online identity using WhoisGuard or other such privacy services. Since the advent of GDPR in 2018, many registrars have defaulted to publishing anonymized Whois records, but most will remove it upon request.

  • Limit domain usage. With the increased number of unique domains used to send the same emails, you increase the number of flags raised; use the primary business domain – or a subdomain of it – whenever possible.

  • Use clear and consistent naming schemes in DNS – keep it simple.

  1. The best option is delegating a subdomain of the brand’s primary domain to the email service provider (ESP): e.g., email.customerbrand.com.
  2. The second best would be: “customerbrand.espdomain.com”
  3. Last resort (and to be avoided if at all possible): customerbrand-email.com. If this is necessary, it is crucial to use a cousin domain that clearly relatesto the primary brand name.

Phishing has made people very wary of look-alikes. Having a clear brand relationship allows receivers to easily distinguish the Email Service Provider (ESP) and customer and reduces the chances of blocks or reputation damage due to unclear identification.

  • Use properly registered domains with working mail AND web addresses. There should be a website for every domain/brand email domain address used, and not having one looks shady. This is something that spammers do all the time. Link and tracking domains should have a redirect to the primary business website.
  • Every domain that sends email should have functional abuse@ & postmaster@ addresses.
  • Use contiguous IPs if possible. Use the same network.
    • If not possible, do not use more IPs than needed.
    • Most brands do not need 100s of IPs scattered across multiple networks – this is the definition of snowshoeing [insert a link to snowshoe FAQ].
  • ESPs: Publish an Acceptable Use Policy (AUP)/Terms Of Service (TOS) that is easy to find, read, and enforce.

Now we’ve explained how not to appear like someone who’s sending spam we’ll be looking at what authentication and encryption are necessary to set up for marketing emails.

.