What questions should I ask my IT team about email deliverability?

Troubleshooting problems with email deliverability is typically the responsibility of your IT department. Email deliverability problems can have a variety of causes and require complex, multi-step solutions.

As a senior leader in your organization, you might not have a ton of transparency into the root cause of the issue and whether or not your IT team has the skills to resolve it.

This article walks through the questions to ask IT about email deliverability in order to gauge whether your people have the necessary knowledge and skills on board including:

• List hygiene best practices
• Email server configuration (SPF, DKIM)
• Blacklist monitoring
• Opt-in / Opt-out management
• Service provider management

Before we get into the questions to ask your IT folks and red flags to watch out for, let's cover some basics.

Why is email deliverability important for associations? 

Email is one of the primary modes of communication for associations, along with your website, community, etc. Associations often need to send large numbers of emails, both internally and externally, to communicate with members about all kinds of projects and events. 

Being able to describe your value proposition to your constituents (donors, members, etc.) is super important. Ensuring that your communication hits their inbox is paramount to executing strategies for the organization.

If your emails aren’t being delivered properly, that’s more than a nuisance. It can be a huge obstacle to the success of your initiatives, events, and ultimately your member engagement.

What are the consequences of a poor sending reputation?

Not tracking and responding to unsubscribes, bounces, and other unfavorable responses can surely create email deliverability ordeals that can plummet your metrics as well as the authenticity, reliability, and size of your contact lists.

But what happens when you get marked as spam or stuck in a spam trap? Enter an organization’s worst nightmare: the blacklist, aka a black hole that you may never climb back out of.

What does it mean to be blacklisted?

A blacklist is a collection of IP addresses of email senders that have been flagged by one or more spam filters in email service providers (ESP's) like Apple Mail, Gmail, and Outlook. These senders are believed to email out malicious, unwanted, or suspiciously “spammy” content. Spam filters respond by blocking these IPs entirely or routing their emails to the garbage can: the spam/junk folder.

Problem is, legit senders sometimes get incorrectly blacklisted because they haven’t properly set up their email domain records (which we’ll describe in a minute) to identify their organization as a valid sender. So instead of your emails landing in recipients’ inbox, they could get stuffed away as spam, likely never to see the light of day again.

Regardless, getting blacklisted is NOT something to take lightly. During the dreadful (and potentially permanent) time you’re scarlet-letter branded and shunned to the “naughty list”, you risk:

• Damaging your entire IP and domain reputation (Yes, potentially even affecting your organization’s domain/brand name! We’re talking about the worst-case scenario for your association in which you risk having to overhaul your website name and subdomains.)
• Communication tragedies between your clients, vendors, and stakeholders.
• Not being able to send automated messages, transactional confirmations, and really any type of email marketing campaign.
• Undeliverable email invoices that lead to unnecessary back and forth and accounting headaches.
• Tanking your sending rate, engagement rank, and other email KPIs.
• All in all, generally inhibiting business continuity and the processes you’ve worked so hard to set up.

Long story, short: you need the right technology and settings in place to protect yourself and your brand from the dangers of poor email deliverability, list hygiene, and domain reputation.

Questions to ask IT about email deliverability

So, what should you ask your IT team to quickly figure out what the problem is and if it’s being solved? Here are the high-level questions to ask IT about email deliverability when your association is having trouble with your delivery and sending reputation:

1. Are we set up properly?

It’s important to ask your IT staff if they fully understand the rules and methods for authentication of your domain in order to ensure your emails are being delivered properly.

On a high level, there are three authentication methods that should be set up to ensure email deliverability. 

• SPF - (Sender Policy Framework). SPF records help to defend your network against spoofing - they tell email providers that you are sending a valid email from a valid person at this IP address.
• DKIM - (Domain Keys Identified Mail). DKIM is an encrypted key that indicates that your email is free from unauthorized access and sent from the intended source. It ensures there’s no eavesdropping, spoofing, or phishing attacks going on behind the scenes.
• DMARC - (Domain-based Message Authentication Reporting and Conformance). DMARC exists to provide guidance. If the SPF or DKIM don’t match, DKIM tells the recipient’s email provider whether to mark the message as spam or allow it through the barrier.

A tool like Google’s Messageheader helps you determine if these records have been set up properly. You can grab header text from an email that’s previously gone to spam and analyze it.

There are nuances that can have major effects as well when you dig deeper into these email records. For example, using a tilde instead of a hyphen for an SPF record affects how valid senders are authenticated. As a CEO, you probably won’t get to that level of detail, but you should be able to ask your IT folks, “why is this done in this format” and receive an acceptable response.

2. Are we monitoring blacklists? 

A number of tools exist today that can help you analyze the emails you send to see if you’ve been blacklisted.

These tools are designed to sniff out potential spam violating criteria and unsolicited bulk email per CAN-SPAM Act and similar regulations.

A few of the monitoring tools we recommend include: 

• MX Toolbox - Instantly lists MX records and changes to a domain in priority order.
• Talos Intelligence - Tells you about your reputation as an email sender based on your IP address and domain.
• Mail-Tester - Tests the “spammyness” of the emails you send based on the validity of your SPF, DKIM, and/or DMARC records. The tools test spam in a dynamic and contextual way based on the specific message you’re testing. It generates a random email address that you can send your message to “confidentially,” so it’s helpful when testing out different types of email campaigns beforehand.

However, keep in mind that there’s another layer of complexity at play here. Some email systems use AI and advanced algorithms that may mark emails as spam even when everything is “set up correctly.”

Again, there are just so many nuances and restrictions when it comes to checking email validity, especially for these organizations that are leveraging email automation instead of using all IP addresses for the human, everyday stuff.

For example, at Cimatri, we rely on automation to determine the importance of emails sent to us, so sometimes recipients are required to indicate that the organization and domain they’re receiving from is valid. We use our personal emails for that.

3. Do we understand the activities and applications used by all departments? 

Your IT department should have a comprehensive list of any application or tools used by all departments that send email. This could include software used by a wide range of departments, from marketing to accounting. It’ll likely be a long list if it’s truly complete.

Many applications rely on email, and it’s important to understand how they’re being used and include them in this master list.

4. Are we monitoring key email metrics?

Email applications often track and display metrics on spam issues, bounces, unsubscribes, and click engagements so you can measure whether your email efforts are producing the desired result. It’s important to understand what metrics are available and that someone is keeping an eye on those metrics.

For example, if you’re sending emails through WordPress, the system may or may not be sending these communications through an authenticated address. Your email metrics should give you this insight so you can correct the issue to ensure deliverability.

5. Are we responding to these metrics with routine list hygiene measures? 

Your email lists should only be made up of subscribers who have physically signed up for your newsletter and/or email campaigns. If they unsubscribe, you should have processes in place to automatically remove the email address from your list.

Double opt-in (also called confirmed opt-in) is the email permission standard today. This requires the subscriber to click on an email confirmation link to verify their email address and subscription to your email list.

You also want to perform regular list hygiene or list management practices. This entails removing hard and soft bounces, bad or fake emails, and inactive or unresponsive addresses from your email list.

If you’re not regularly cleaning out your lists, you could be penalized. You can also easily email a spam trap on accident and get automatically marked as spam.

Or you can get physically marked as spam by actual users who have unsubscribed but are still receiving your email communications. All of these situations can put your IP address and email domain on that dreadful blacklist.

Bonus Tip - While this isn’t a list hygiene best practice, make sure you’re also responding to email list preferences requests (e.g. frequency or type of email) to keep your email contacts happy and engaged!

6. Is anyone in your organization using an internal mail server?

Is any staff member or department using an internal mail server? If so, is it on a dedicated IP or shared IP address? Shared IP addresses are public configurations that affect both the entity using it and anyone else sharing that service.

Make sure your IT department understands how shared and dedicated IP addresses work, the systems your organization uses, and how to set up the records accordingly to ensure deliverability. It’s also important for IT to understand how everyone is connecting with members and vendors, both in and out of the office.

Your IT team should be able to outline the risks associated with your organization’s email decisions and provide mitigation steps to your marketing teams and whoever else may be managing and cleaning your lists or, shudder to think, sending mass emails. And, as always, be sure that the email content you’re sending organization-wide is relevant to the receiver to avoid spam issues.

7. Has IT run tests to determine the reliability and validity of email deliverability?

There are tools that allow you to test if records are properly set up prior to sending those emails. Be sure your IT team has checked these tools and run tests to determine the reliability and validity of emails being delivered through different systems.

Red flags indicating you may need external support

Here are some warning signs that should raise the caution tape.

If any of these ring true, then it could indicate some communication and alignment issues within your IT division, or that you simply need to engage an email deliverability expert to get the clarity and remedies you need right away.

1. If you ask your IT team about your email deliverability records and they can’t produce a report on the required DNS records.
2. If you ask about an SPF record and your IT department can’t produce it or doesn’t know where to get it.
3. If your IT team can’t provide consistent and acceptable answers pertaining to the nuances of each email record. They should be able to tell you with certainty why using a tilde instead of a hyphen in an SPF record affects how valid senders are authenticated.
4. If there is a lack of insight into what systems and apps are delivering bounces and unfavorable responses, or which of your systems or applications may be sending out these responses on behalf of your organization.
5. SOS red flag: If your team doesn’t have a depth of insight into the fundamentals, such as why soft fails or soft bounces occur, and conversely, why hard bounces happen and how to fix both.
6. SOS red flag: If your IT people can’t tell you who is housing or managing your email service.
7. SOS red flag: If they can’t tell you how shared vs. dedicated IP addresses work.

At what point does an association need outside help with email deliverability?

Basically, if your IT team can’t provide a consistent answer as to why email deliverability isn’t working for your organization and a clear remedy with a timeline, it’s time to engage outside help.

If your domain has been blacklisted, you’ll need outside professional help because getting it resolved, if at all possible, typically requires a significant amount of time, technical know-how, and direct communication with the database(s) that have blacklisted your IP address to verify that you’re indeed not sending spam.

The remedy won’t happen overnight, but regardless, you’ll want to gather information from specialists on the solutions available to you based on your specific situation.

Seeking outside expertise is critical when you’re caught in this situation because a specialist will be able to succinctly tell those databases what they need to hear in order to fully authenticate your domain and remove your blacklists as quickly as feasible.

If you need help getting your email deliverability questions answered and issues resolved in a timely manner, get in touch with us here.