" email spam Archives - LuxSci

Posts Tagged ‘email spam’

Understanding DNS Configurations for Email Security: A Guide to SPF, DKIM, and DMARC Records

Tuesday, December 12th, 2023

In the vast digital landscape, email has evolved from a simple means of communication to a critical component of business operations and personal interactions. However, email’s convenience and efficiency also open the door to many security threats, ranging from phishing attacks to spoofing.

To fortify the defenses of your email infrastructure and protect your organization’s or personal digital identity, understanding and implementing robust Domain Name System (DNS) configurations is paramount. Among the key players in this security arsenal are SPF (Sender Policy Framework), DKIM (Domain Keys Identified Mail), and DMARC (Domain-based Message Authentication, Reporting, and Conformance) records.

SPF (Sender Policy Framework)

Every email you receive has a sender, just like a return address on a letter. However, spammers and cybercriminals can sometimes fake this sender information, making it look like the email is from someone trustworthy when it’s not.

SPF is a set of rules that the email sender puts in place. It’s like telling the email world, “Only these specific servers can send emails on behalf of my domain (like your email provider or company server). If you get an email claiming to be from me, but it’s not sent from these approved servers, be suspicious.”

So, when your email provider receives an email claiming to be from a specific sender, it checks the SPF records to see if the email is coming from an authorized server. If it doesn’t match up, your email provider might mark it as suspicious or even send it to your spam folder, helping to protect you from phishing and spoofed emails.

In a nutshell, SPF is like a security measure that helps ensure that the sender of an email is who they say they are, making your email experience safer and more trustworthy. You may read more about it in the LuxSci blog: Preventing Email Forgery Part One: SPF.

DKIM (Domain Keys Identified Mail)

DKIM adds another layer of validation to your email messages. It uses a private and a public key to add a digital signature to the messages you send. In addition to verifying the message source, DKIM also validates that messages were not modified on their way to a recipient. If messages are modified before delivery, the fingerprint of the message will then change and no longer match.

When DKIM is implemented, your email server creates and attaches a unique signature to the header of your email. This signature further validates that the message originated from an authorized source. This signature is a fingerprint unique to a specific message. This signature is generated using a private key that only your sending server knows.

Then, when the recipient’s email server receives your email, it looks up your public key (published in your domain’s DNS records). Using this key, the server can then verify and validate the signature. If the signature matches, the email hasn’t been tampered with and is verified to have originated from the authenticated server.

At the end of the day, DKIM is a digital authenticity seal for your emails. It provides a piece of validation for a sender’s legitimacy and that delivered messages haven’t been altered by mischievous characters. You may read more about it in the LuxSci blog Preventing Email Forgery Part Two: DKIM.

DMARC (Domain-based Message Authentication, Reporting, and Conformance)

SPF and DKIM are excellent tools for enhancing your email security and improving deliverability. But what happens when a discrepancy is identified? That’s where DMARC comes in. DMARC works to prevent domain spoofing and email fraud by providing a framework for email senders to indicate the protection of their emails with SPF and DKIM and instructs email receivers on handling messages that do not pass. DMARC also provides a reporting mechanism to track how your email is being used.

In your DMARC policy, you specify what actions the email receiver should take if they receive an email claiming to be from you. When a message that fails both SPF and DKIM is received, your policy will dictate whether the recipient should do nothing and accept it, quarantine it, or reject it.

DMARC also includes a reporting mechanism. It tells the receivers to send you reports about the emails they receive, detailing which ones passed or failed authentication. This helps you track how your email is used.

DMARC adds yet another layer of security and control, reducing the chances of malicious individuals using your identity (or your organization’s identity) to deceive others. You may read more about it in the LuxSci blog Preventing Email Forgery Part Three: DMARC.

As you secure your digital communication channels, SPF, DKIM, and DMARC are great tools that work together to help mitigate email-based fraud and improve deliverability. 

8 Ways to Maximize Email Throughput: Send More Email, Faster

Tuesday, September 5th, 2023

Sending high volumes of email messages is more complex than sending a quick message to a colleague. To reach a large contact list in a timely manner, it’s essential to understand ways to maximize email throughput. In this article, we lay out eight best practices for sending more emails faster.

person sending emails on laptop

1. Use Concurrent Connections

When sending an email message, the emailing program connects to the servers, establishes its identity, and passes the message through. When sending emails in bulk, connecting to the server can take up a lot of time. For example, if you send 1,000 messages, the program must connect to the server 1,000 times. Many sending programs can be configured to make more than one connection at a time. If you make ten connections simultaneously (e.g., concurrently), you could send those messages about ten times faster. That is a significant speedup.

However, you don’t want to make too many concurrent connections. The more connections you make at once, the harder the server must work to process the mail. The server will become overloaded at some point, and the average time to send a message will increase. You want to avoid pushing the server to the point where it struggles to keep up with sending, as that will only make it operate slower. Instead, use a modest number of concurrent connections to take advantage of parallel sending and allow the server to efficiently process all the messages.

We recommend keeping concurrent connections to ten or fewer if you use public cloud servers and share capacity with other bulk senders. Single dedicated servers can support between 20-30 concurrent connections (or more depending on the factors discussed below), and dedicated server clusters can support as many as you need (depending on how large a cluster you have).

2. SMTP Pipelining

The next way to maximize email throughput involves utilizing SMTP pipelining. First, let’s look at the regular way messages are sent via SMTP:

  1. Connect to the SMTP server
  2. Establish SSL or TLS encryption, if configured
  3. Authenticate the sender’s identity and permission to send
  4. Upload the list of recipients and message content
  5. Disconnect

When sending small messages, the time taken by steps 1, 2, 3, and 5 is very significant relative to the time it takes to upload the message data. With SMTP pipelining, the connection is reused for successive messages. For example, when sending three messages, the process looks like this:

  1. Connect to the SMTP server
  2. Establish SSL or TLS encryption, if configured
  3. Authenticate your identity and permission to send
  4. Message 1: Upload the list of recipients and message content
  5. Message 2: Upload the list of recipients and message content
  6. Message 3: Upload the list of recipients and message content
  7. Disconnect

Not repeating the connect-authenticate-disconnect steps for every single message saves time and sends messages faster. SMTP pipelining should always be used if supported by your email-sending program and outbound email service.

3. Multiple Recipients in One Message

Imagine sending the same message to 1,000 recipients. If you send these one at a time and it takes one second to process, it takes almost 20 minutes to send 1,000 messages. Instead, if you include all recipients in the BCC line of a single message, it will take only about 1-2 seconds to upload the message to the server (though it will still take the server some time to deliver it to those recipients).

Sending messages to multiple recipients using BCC allows you to upload messages to the server much faster.

There are two downsides to this method:

  1. The received message may appear more SPAM-like since the recipient would not see their email address as the “To” recipient. BCCs are more SPAM-like than messages individually addressed (because it is so much easier and faster to send this way).
  2. A single message sent to 1,000 recipients may take longer to be delivered as the mail server will not generally parallelize delivery to the recipients but will process them sequentially. This may not be important if the delivery time is not time-sensitive.

LuxSci’s Secure High Volume service allows you to send to up to 1,000 recipients in each message. Customers with dedicated servers and clusters can have this limit increased to suit their business needs.

4. Smaller Messages are Better

A significant factor in maximizing email throughput is reducing the time it takes to upload each message to the server. To see the difference, let’s look at an example — sending a one-megabyte PDF to 1,000 people in 1,000 separate messages.

Case 1 – The PDF is attached to the message, and it takes ten seconds to upload the large message to the mail server. It takes 10,000 seconds (almost 3 hours) to send 1,000 messages with the attachment (unless you use some of the other strategies for maximizing throughput mentioned above).

Case 2 – The PDF is placed on a website, and a link is included in each message. The email message is only ten kilobytes (100 times smaller than in Case 1) and can be sent about 100 times faster. That’s less than 2 minutes without any other optimization.

As you can see from the example, it is best to remove images and other attachments from bulk messages to decrease the message size. Images can be hosted on a website and displayed in the message by linking rather than including the image content every time. Attachments that are not sensitive can be similarly hosted on a website and linked to. Reducing the size of your email messages significantly impacts sending speed and helps maximize email throughput.

5. Clean Mailing Lists are Important

Email messages should only be sent to contacts who have opted into communications or with whom you have established business relationships. These are the standard terms for using any reputable bulk mailing service.

Even if you follow the rules, mailing lists get stale as people change addresses, domain names go defunct, etc. Removing invalid addresses and only sending messages to clean mailing lists is imperative. Why?

  • Bad Domains. Sending an email to an email address whose domain name is no longer valid can delay sending while the program determines if the domain is bad. Determining that the domain is good and the email should be delivered takes less time. The delay caused by expired domain names can slow down your sending.
  • Defunct Addresses. Sending emails to invalid email addresses looks like spamming. Recipient servers like Yahoo!, AOL, McAfee, etc., are very sensitive to the number of messages that come through to defunct email addresses. If they see a lot of these, they will either block emails or slow down the rate at which they process them. This will result in more delays and potential non-delivery to valid recipients.
  • Waste of Time. Attempting to send messages to invalid recipients also wastes time and money.

You should take advantage of tools available to track what recipient email addresses are failing and actively remove them from your mailing lists.

6. Insecure Sending is Faster than Secure

While encrypting your username, password, and message contents is always recommended, this encryption will slow down email sending. It requires extra processing by the server and the sending machine. Using encryption also requires more bandwidth to transmit the data.

So, if you want to maximize email throughput, we recommend not using TLS or SSL when connecting to your bulk SMTP server. However:

  • Ensure that the username and password used to authenticate the message sending is not used for anything else. It is not your administrator user, the password is not one of your “standard” passwords, etc. You must assume that this username and password could be compromised.
  • Do not grant this user any permission except for sending emails. At LuxSci, you can restrict it from using the web interface and any other services.
  • Change the password often- weekly is recommended.
  • Use tools to check that no one else is using this credential to connect to your SMTP service. LuxSci provides alerts and reports about logins, which you can use to be sure that no one else is accessing this user account.

If the credentials are compromised, and you have followed these guidelines, the worst thing that could happen is that someone could send email through your account until you change the password or hit your sending limits.

7. Use an Appropriate Email Program

Many programs that are good for regular email sending are terrible for bulk email messages. Don’t bother trying to use Outlook, Thunderbird, Apple Mail, Gmail, and similar programs to send high volumes of email if you are interested in sending speed or efficiency. Why? Such programs:

  • Generally, do not support concurrent connections
  • Might not support SMTP pipelining
  • Cannot efficiently handle large mailing lists (more than hundreds of recipients)
  • Get bogged down and can be very slow when sending many messages

These programs are not designed or optimized for high volume sending. Instead, use a program explicitly designed for bulk mailing, like LuxSci’s Secure High Volume or Secure Marketing, which supports maximizing outbound email throughput in the ways outlined above.

8. Increase Capacity

If you try the above solutions and still need faster delivery times, you may need to increase your outbound server’s sending capacity. At LuxSci, we offer tiers of capacity that allow you to create a fully custom solution to meet any throughput requirement:

  • Shared – Your account shares a single server with multiple other accounts. The server’s capacity is shared, and your sending throughput (i.e., maximum concurrent connections, maximum recipients/month, etc.) is restricted to maintain enough capacity for other customers. Your outbound IP reputation is also shared with others.
  • Dedicated – A dedicated server gives you complete control over the sending server resources and IP address. You get all the capacity to yourself and thus can attain a much higher throughput. Your IP address is not subject to other customer’s actions to help you maintain a good reputation.
  • Cluster – A dedicated server cluster may be a good solution if you need to send many messages very quickly. It consists of two or more outbound servers behind a load balancer. The more servers you put in the cluster, the higher your throughput can be. Another benefit of a dedicated server cluster is having multiple sending IP addresses for reputation management and failover to make your sending more resilient.

Which option is best? It depends on the number of recipients you want to reach per month. Also, if you need to send to large numbers of recipients in a very short time frame, you may need a dedicated or cluster solution. LuxSci’s team of email experts can help design the correct configuration to suit your throughput requirements. Contact us today to get started.

The Benefits of Dedicated IP Addresses vs. Shared

Thursday, December 22nd, 2022

Choosing a dedicated or shared IP address may seem like an inconsequential decision, but it can significantly impact the effectiveness of your patient engagement efforts. Learn why dedicated IP addresses are preferred for transactional and marketing emails in the healthcare industry.

dedicated ip address

What is a Dedicated IP Address?

An IP address is a string of unique characters that can be found in the headers of your sent emails. Internet service providers use them to identify the origin of the email message. ISPs use the IP address’s reputation to determine if the message is spam and should be delivered to the recipient.

Dedicated IP addresses belong to your organization and cannot be used by other customers of your email service provider. By having a dedicated IP address, the server’s reputation and delivery power are a function only of the organization’s sent mail. Dedicated IP addresses have several advantages, including:

  • No shared resources with other senders
  • Reputation management and brand safety
  • Improved email deliverability
  • Easier to troubleshoot blacklisting issues

We will discuss the benefits of dedicated IP addresses and what they mean for your organization later.

What is a Shared IP Address?

In contrast, a shared IP address does not belong to your organization and is shared among the customers of an email service provider. Shared IPs are the default option for many email service providers. Upgrading to a dedicated IP usually incurs an additional fee, so many organizations get started using a shared IP address. It is a cost-effective solution for some smaller organizations with limited or small sending needs. No IP warm-up is required since the address is active and in use, meaning it’s easy to start sending quickly. However, as organizations grow and their sending needs increase, they may be frustrated with the following:

  • Slow email delivery
  • Undelivered emails
  • Emails frequently flagged as spam
  • Blacklisted IP addresses

When email becomes a critical business channel, it’s often time to switch from a shared IP to a dedicated solution.

The Benefits of Dedicated IP Addresses for Patient Engagement Emails

Healthcare organizations that rely on email should strongly consider using dedicated IP addresses to improve trust and ensure critical communications are sent on time and are received in patients’ inboxes. If patients cannot receive critical information about appointments, prescriptions, or other healthcare needs, it will negatively impact their experience and may cause them to choose another provider.

No shared resources with other senders

When sending substantial quantities of time-sensitive emails, your sending speed may be limited by others using a shared IP address. Important emails (like password resets and appointment reminders) can get stuck in long sending queues, and you will have no control over when the messages are sent out. In contrast, you have complete control over your sending speed and resources when using a dedicated IP address (or multiple IP addresses). External users will never slow you down.

Reputation management and brand safety

Another perk of using a dedicated IP address is that you can match it to your company’s DNS records. To do this, your mail server’s IP address to send outbound emails must have a “Reverse DNS.” This is the responsibility of the email service provider (at LuxSci, we set this up automatically). If set up incorrectly or missing, you will have significant deliverability issues.

When someone performs a reverse DNS lookup on a company’s dedicated IP address, it will clearly identify the sender and provides additional information about the company. This data builds trust and improves your reputation with ISPs.

Improved email deliverability

The main reason many choose dedicated IP addresses is to improve the deliverability of their emails. If email service providers do a terrible job vetting their customers and allow spammers to use their service, bad actors can quickly contaminate reliable IP addresses. When using dedicated IP addresses, you can control the IP warm-up process and prevent employees from engaging in spammy practices. By having full control over your IP reputation, you can improve the deliverability of your emails and prevent them from being flagged as spam.

Easier to troubleshoot blacklisting issues

Though most ISPs will not acknowledge “whitelists,” senders using dedicated IP addresses can subscribe to Complaint Feedback Loop (CFL) programs to help minimize complaint rates. If you participate, ISPs will forward complaints from users about emails sent from your organization’s IP addresses.

Even if you can’t get on a whitelist, understanding when and why your IP address is blacklisted is valuable information. When using a shared IP, it’s impossible to know why it was blacklisted. Another user could have sent spammy content, used a paid list, or sent a large mailing to an old contact list. To get off the blacklist, troubleshooting the issue, fixing it, and avoiding future mistakes are essential to increasing reputation and staying out of the spam filter. It’s easier to identify which emails are generating spam complaints when you aren’t sharing IP addresses.

Conclusion

Consider using dedicated IP addresses if your organization uses email for patient engagement efforts. They provide the reliability and reputational benefits you need to execute these campaigns at scale. Contact us today to learn more about how to engage patients with personalized email campaigns.

How Email Filtering Prevents Cyberattacks

Tuesday, September 20th, 2022

Almost every business uses email as a primary communication channel, and as a result, it is a major attack vector for cybercriminals. Every employee’s email account represents a possible risk to your business operations. One way to protect employee accounts is with email filtering tools.

email filtering

The Risks of Email Communications

Email is a necessary business communication tool. However, it also introduces significant risks. A 2019 HIMSS survey found that 70% of breaches originated with a phishing email. It’s unrealistic to stop people from using email, so the next best step is protecting accounts and reducing risk.

Social Engineering Risks

The number one threat to any cybersecurity program is human error. Phishing campaigns are so successful because they prey on human vulnerabilities. Everyone makes mistakes. Even the most cautious people can be caught up in a busy day and accidentally click on a malicious link without adequately vetting the sender.

By stopping these malicious emails from entering the employee’s inbox, there is no chance they will mistakenly click on them. Although phishing training is still essential in case emails get through the system, a good email filtering service will stop most suspicious messages.

What is Email Filtering?

Email filtering tools prevent malicious messages like spam from reaching inboxes. Filtering tools scan the incoming emails for signs of cybercrime- these could include bad links, content used by known spammers, or other indicators. Email filtering stops suspicious emails from being delivered to the intended recipient.

How Email Filtering Works to Stop Spam

There are many ways to filter emails, some of which are more restrictive than others. Every email filtering service is different, so we are speaking in generalities for informative purposes. However, the process works the same way. All incoming emails are scanned to see if they contain any information that violates the filter settings. Traditionally, the filter scans both the email header and the message contents.

The email header contains information about the sender, including their IP address, email domain, sending address, security signatures, and other technical information about how and when the email was sent. Email filters will flag messages sent from suspicious senders and known spammers. Email filters can be so restrictive as to entirely stop incoming emails from external organizations or domains.

Filtering systems also scan email message contents. Phishing schemes rely on unsuspecting users clicking on links to install malware on a user’s computer. Email filtering systems can scan and remove links to known suspicious websites. Organizations can go further and configure their filtering systems to remove all links in emails. This may be too restrictive for some, but it is an option for some filtering tools. In addition,  scanners can flag emails for spammy content. Some commonly flagged messages include overly promotional marketing emails, messages with adult themes, and those that mention illegal activities.

Once the suspicious emails are flagged, then what happens? The settings are often configurable. Some email filtering systems add a banner to the top of scanned messages that alerts the user to any risky-seeming content. However, once users are accustomed to seeing it, they may ignore or not notice the warnings.

The most common solution is to divert flagged emails to quarantine. There, users can review the messages to determine if they are spam or not. Sometimes unsuspecting messages get caught up in filters, and this gives the intended recipient a chance to retrieve wanted messages. For extremely conservative organizations, the system can automatically delete flagged messages and never deliver them to the inbox out of an abundance of caution.

Conclusion

Everyone should be concerned about the rise of cyberattacks and the potential risks to their businesses. Use an email provider that offers sophisticated email filtering services. LuxSci’s Premium Email Filtering is an available add-on to our Secure Email Hosting and Secure Connector solutions.

Email List Hygiene: 5 Best Practices for Cleaning Up Email Lists

Tuesday, August 2nd, 2022

When sending emails from a new server and IP address, we always stress the importance of warming up the server to prevent emails from being flagged as spam. One critical step of the warm up is sending small batches of messages to email contacts that are likely to open and click on the content. Sending to clean email lists helps build a positive IP reputation and will improve email deliverability over time. This article explains the basics of email list hygiene and how to clean up email lists.

email list hygiene

What is Email List Hygiene?

Email list hygiene involves removing ineligible contacts from lists and adding new addresses with proper permissions and consent. Good email list hygiene contributes to good email deliverability and engagement. It also prevents emails from being marked as spam because all recipients have agreed to receive email communications. Here are our tips for cleaning up email lists:

How to Clean up Old Email Lists

1.     Remove Role Accounts

We don’t recommend sending emails to addresses that are groups or aliases that support a specific business function. These include addresses like:

Spammers often scrape these addresses off websites and send them unsolicited emails. To successfully warm up a new IP, it is essential to differentiate sending patterns from spammers as much as possible.

2.     Remove Inactive or Incorrect Email Addresses

Most mailing lists contain old email addresses that are no longer active. Removing these addresses before warming up a new mail server is essential. Spammers often purchase lists that contain a high proportion of inactive emails. Sending to many inactive addresses may cause the server to be flagged as spam. Also, check for and correct common misspellings and typos, for example, “gamil.com” vs. “gmail.com.”

If working with a large email list that hasn’t been contacted in a while, it may be worthwhile to use a paid tool to run these verification checks and remove bad email addresses.

3.     Review Email Permissions

Before sending a campaign, review how the email list was collected. Sending unsolicited emails is an excellent way to be marked as spam. If marketing communications are planned, ensure the contacts have explicitly agreed to receive marketing messages. The CAN-SPAM Act regulates how marketers can use email to communicate with prospects. It’s essential to confirm that the list was not collected in a way that violates those terms. In addition, never send to a list purchased from a third party, as that violates the CAN-SPAM Act and can lead to massive financial penalties.

Sometimes, the origins of an email list may be unknown. In this case, running an opt-in or re-engagement campaign is a good idea. This gives users the opportunity to resubscribe to the mailing list and reengage with the brand. Only sending emails to people who have opted in increases the likelihood they will engage with future emails. Remove contacts from the list who do not respond or opt-out from future communications.

Ongoing Email List Hygiene

Setting up a schedule to maintain email list hygiene is crucial to preserving IP reputation. It takes ongoing work to support list hygiene. Including email list cleaning tasks in campaign set-up and performance reviews is essential to ensure campaigns are delivered to the recipients.

4.     Remove Bounces, Spam, and Unsubscribes

After every campaign, remove addresses that have unsubscribed or bounced. Most email marketing tools will automatically remove unsubscribes but reviewing the feedback is essential. If many people unsubscribe even after list clean-up, review the email contents to ensure they are relevant and not spammy.

Likewise, even verified subscribers may report emails as spam instead of clicking on an unsubscribe link. We recommend removing contacts who have marked emails as spam because it is a clear indicator that they no longer want to receive these types of emails.

Continuing to email users who have unsubscribed is a CAN-SPAM violation with penalties in the thousands of dollars. Bounces are not usually removed automatically by email programs. Marketers should review the list of bounced emails after every campaign is sent and remove bounced addresses to keep the list clean. Lists acquired from spammers often contain many email addresses that will bounce, so avoiding sending to bounced addresses is recommended.

5.     Set Up Double Opt-In for New Subscribers

Even if the original list was not collected according to best practices, setting up validation procedures for new subscribers can help ensure that only people who want to receive emails will get them.

The best way to validate email subscribers is by setting up a double opt-in process. By “double opt-in,” we mean that when someone signs up for an email list, they are sent another email requiring them to confirm the subscription by clicking on a link before being added to a list. This helps ensure that only people who want to receive brand communications will be added to the lists.

Conclusion

Cleaning up email lists can initially be time-consuming. Setting up the proper procedures and reviewing existing lists regularly can help maintain proper list hygiene and improve email deliverability.