" email delivery Archives - LuxSci

Posts Tagged ‘email delivery’

Understanding DNS Configurations for Email Security: A Guide to SPF, DKIM, and DMARC Records

Tuesday, December 12th, 2023

In the vast digital landscape, email has evolved from a simple means of communication to a critical component of business operations and personal interactions. However, email’s convenience and efficiency also open the door to many security threats, ranging from phishing attacks to spoofing.

To fortify the defenses of your email infrastructure and protect your organization’s or personal digital identity, understanding and implementing robust Domain Name System (DNS) configurations is paramount. Among the key players in this security arsenal are SPF (Sender Policy Framework), DKIM (Domain Keys Identified Mail), and DMARC (Domain-based Message Authentication, Reporting, and Conformance) records.

SPF (Sender Policy Framework)

Every email you receive has a sender, just like a return address on a letter. However, spammers and cybercriminals can sometimes fake this sender information, making it look like the email is from someone trustworthy when it’s not.

SPF is a set of rules that the email sender puts in place. It’s like telling the email world, “Only these specific servers can send emails on behalf of my domain (like your email provider or company server). If you get an email claiming to be from me, but it’s not sent from these approved servers, be suspicious.”

So, when your email provider receives an email claiming to be from a specific sender, it checks the SPF records to see if the email is coming from an authorized server. If it doesn’t match up, your email provider might mark it as suspicious or even send it to your spam folder, helping to protect you from phishing and spoofed emails.

In a nutshell, SPF is like a security measure that helps ensure that the sender of an email is who they say they are, making your email experience safer and more trustworthy. You may read more about it in the LuxSci blog: Preventing Email Forgery Part One: SPF.

DKIM (Domain Keys Identified Mail)

DKIM adds another layer of validation to your email messages. It uses a private and a public key to add a digital signature to the messages you send. In addition to verifying the message source, DKIM also validates that messages were not modified on their way to a recipient. If messages are modified before delivery, the fingerprint of the message will then change and no longer match.

When DKIM is implemented, your email server creates and attaches a unique signature to the header of your email. This signature further validates that the message originated from an authorized source. This signature is a fingerprint unique to a specific message. This signature is generated using a private key that only your sending server knows.

Then, when the recipient’s email server receives your email, it looks up your public key (published in your domain’s DNS records). Using this key, the server can then verify and validate the signature. If the signature matches, the email hasn’t been tampered with and is verified to have originated from the authenticated server.

At the end of the day, DKIM is a digital authenticity seal for your emails. It provides a piece of validation for a sender’s legitimacy and that delivered messages haven’t been altered by mischievous characters. You may read more about it in the LuxSci blog Preventing Email Forgery Part Two: DKIM.

DMARC (Domain-based Message Authentication, Reporting, and Conformance)

SPF and DKIM are excellent tools for enhancing your email security and improving deliverability. But what happens when a discrepancy is identified? That’s where DMARC comes in. DMARC works to prevent domain spoofing and email fraud by providing a framework for email senders to indicate the protection of their emails with SPF and DKIM and instructs email receivers on handling messages that do not pass. DMARC also provides a reporting mechanism to track how your email is being used.

In your DMARC policy, you specify what actions the email receiver should take if they receive an email claiming to be from you. When a message that fails both SPF and DKIM is received, your policy will dictate whether the recipient should do nothing and accept it, quarantine it, or reject it.

DMARC also includes a reporting mechanism. It tells the receivers to send you reports about the emails they receive, detailing which ones passed or failed authentication. This helps you track how your email is used.

DMARC adds yet another layer of security and control, reducing the chances of malicious individuals using your identity (or your organization’s identity) to deceive others. You may read more about it in the LuxSci blog Preventing Email Forgery Part Three: DMARC.

As you secure your digital communication channels, SPF, DKIM, and DMARC are great tools that work together to help mitigate email-based fraud and improve deliverability. 

The Benefits of Dedicated IP Addresses vs. Shared

Thursday, December 22nd, 2022

Choosing a dedicated or shared IP address may seem like an inconsequential decision, but it can significantly impact the effectiveness of your patient engagement efforts. Learn why dedicated IP addresses are preferred for transactional and marketing emails in the healthcare industry.

dedicated ip address

What is a Dedicated IP Address?

An IP address is a string of unique characters that can be found in the headers of your sent emails. Internet service providers use them to identify the origin of the email message. ISPs use the IP address’s reputation to determine if the message is spam and should be delivered to the recipient.

Dedicated IP addresses belong to your organization and cannot be used by other customers of your email service provider. By having a dedicated IP address, the server’s reputation and delivery power are a function only of the organization’s sent mail. Dedicated IP addresses have several advantages, including:

  • No shared resources with other senders
  • Reputation management and brand safety
  • Improved email deliverability
  • Easier to troubleshoot blacklisting issues

We will discuss the benefits of dedicated IP addresses and what they mean for your organization later.

What is a Shared IP Address?

In contrast, a shared IP address does not belong to your organization and is shared among the customers of an email service provider. Shared IPs are the default option for many email service providers. Upgrading to a dedicated IP usually incurs an additional fee, so many organizations get started using a shared IP address. It is a cost-effective solution for some smaller organizations with limited or small sending needs. No IP warm-up is required since the address is active and in use, meaning it’s easy to start sending quickly. However, as organizations grow and their sending needs increase, they may be frustrated with the following:

  • Slow email delivery
  • Undelivered emails
  • Emails frequently flagged as spam
  • Blacklisted IP addresses

When email becomes a critical business channel, it’s often time to switch from a shared IP to a dedicated solution.

The Benefits of Dedicated IP Addresses for Patient Engagement Emails

Healthcare organizations that rely on email should strongly consider using dedicated IP addresses to improve trust and ensure critical communications are sent on time and are received in patients’ inboxes. If patients cannot receive critical information about appointments, prescriptions, or other healthcare needs, it will negatively impact their experience and may cause them to choose another provider.

No shared resources with other senders

When sending substantial quantities of time-sensitive emails, your sending speed may be limited by others using a shared IP address. Important emails (like password resets and appointment reminders) can get stuck in long sending queues, and you will have no control over when the messages are sent out. In contrast, you have complete control over your sending speed and resources when using a dedicated IP address (or multiple IP addresses). External users will never slow you down.

Reputation management and brand safety

Another perk of using a dedicated IP address is that you can match it to your company’s DNS records. To do this, your mail server’s IP address to send outbound emails must have a “Reverse DNS.” This is the responsibility of the email service provider (at LuxSci, we set this up automatically). If set up incorrectly or missing, you will have significant deliverability issues.

When someone performs a reverse DNS lookup on a company’s dedicated IP address, it will clearly identify the sender and provides additional information about the company. This data builds trust and improves your reputation with ISPs.

Improved email deliverability

The main reason many choose dedicated IP addresses is to improve the deliverability of their emails. If email service providers do a terrible job vetting their customers and allow spammers to use their service, bad actors can quickly contaminate reliable IP addresses. When using dedicated IP addresses, you can control the IP warm-up process and prevent employees from engaging in spammy practices. By having full control over your IP reputation, you can improve the deliverability of your emails and prevent them from being flagged as spam.

Easier to troubleshoot blacklisting issues

Though most ISPs will not acknowledge “whitelists,” senders using dedicated IP addresses can subscribe to Complaint Feedback Loop (CFL) programs to help minimize complaint rates. If you participate, ISPs will forward complaints from users about emails sent from your organization’s IP addresses.

Even if you can’t get on a whitelist, understanding when and why your IP address is blacklisted is valuable information. When using a shared IP, it’s impossible to know why it was blacklisted. Another user could have sent spammy content, used a paid list, or sent a large mailing to an old contact list. To get off the blacklist, troubleshooting the issue, fixing it, and avoiding future mistakes are essential to increasing reputation and staying out of the spam filter. It’s easier to identify which emails are generating spam complaints when you aren’t sharing IP addresses.


Consider using dedicated IP addresses if your organization uses email for patient engagement efforts. They provide the reliability and reputational benefits you need to execute these campaigns at scale. Contact us today to learn more about how to engage patients with personalized email campaigns.

8 Factors That Influence IP Reputation and Email Deliverability

Tuesday, May 25th, 2021

Getting your email marketing messages into your recipient’s inboxes is key to a successful mailing campaign. This is “deliverability.” One of the central factors governing the deliverability of your messages is the reputation of the Internet Protocol (IP) Address of your sending email server — its “IP reputation.”

This article explains some of the most common factors that affect your server’s IP reputation and email deliverability. Having a good IP reputation will help ensure your marketing messages are reaching your recipients.

Before diving in, check to see if you are on any common blacklists using mx toolbox.

ip reputation and email deliverability

Read the rest of this post »

How do I fix the reputation of my IP address?

Tuesday, May 11th, 2021

It happens — you’re sending email messages without issue, and then suddenly emails are not being delivered, or they’re being flagged as spam. A little digging reveals that the problem is that your “IP reputation” is poor, and you need to fix it somehow.

improve reputation ip address

Read the rest of this post »

Split Domain Routing: Getting Email for Your Domain at Two Providers

Wednesday, February 20th, 2013

Split Domain Routing (SDR) is a term used to describe how users with email addresses in the same domain can receive emails at two different email service providers.

For example, let’s say the company domain is “my-doctors-on-call.com,” and you are moving your email from Email Service Provider X to LuxSci. You have doctors Joe and Emily, whose email addresses are joe@my-doctors-0n-call.com and emily@my-doctors-on-call.com. The migration is incomplete or needs to be migrated over time, so Joe still needs to get his email at Email Service Provider X, but Emily is all moved and needs to get her email at LuxSci. This is called “Split Domain Routing.”

Read the rest of this post »