deliverability letter

Deliverability Letter

Hey everyone!

For email marketers, the utmost priority this year is ensuring compliance with the latest email marketing standards as outlined by Gmail, Yahoo, and leading blocklist providers like Spamhaus.

If you've been keeping up to date with the latest email marketing changes this is not news to you.

All inbox and blocklist providers are asking, and soon enforcing, that marketers get their act together or risk not landing in the inbox.

This checklist below will help act as a friendly guide to ensure that your email marketing program is compliant with the above requirements, and that you are in the best position to ensure you are able to continue running your email marketing program without issues. It should also protect you (and others) from potential attacks and other issues that can arise.

We STRONGLY recommend spending a few days as soon as possible to review the checklist in it's entirety and mark as many items as you can. If you need personal help, please book a call with our team as we are always happy to help out no matter the size of your account.

Always remember that reliable email delivery requires sending email that is both wanted and expected, has low complaints, and has high engagement with real people. It is critical for us to make sure all customers are seeking this as their north star to keep this wonderful marketing channel alive.

Jesse Hanley
Founder & CEO

The Deliverability Checklist

Before sign-up
High Impact
Protect all forms from bot activity
Bad actors love to abuse sign-up forms by automatically submitting emails to them using servers (aka bots). For this reason, it's critical to protect your forms from these automated attacks. You can do this by implementing a CAPTCHA such as Cloudflare Turnstile or using a WAF service such as Cloudflare or Wafris which can detect automated attempts and block them before they reach your server or your email service provider.
Bento Users: For all Bento provided forms, we utilise Cloudflare WAF and/or Cloudflare Managed Challenges to protect against these types of attacks. If you use a plugin or third party please ensure they are secure.
High Impact
Rate limit your forms by IP address (and globally)
In addition to protecting your forms from automated sign-ups, it's also important to rate limit your forms to prevent spammers from flooding your sign-up forms with a large number of requests manually. By limiting the number of requests per day per IP address, you can ensure that people can submit just once and spammers will be deterred from trying to submit again. In addition, we recommend globally rate limiting your forms to stop people using multiple IP addresses to submit emails. Most businesses do not go viral, so it's a good idea to limit and alert your team when you reach this limit.
Bento Users: For all Bento provided forms, we utilise Cloudflare WAF to rate limit submissions by IP address. If you use a plugin or third party tool please contact their support to ensure they are implementing rate limiting on their forms.
High Impact
Rate limit invitations, sign-ups, and password resets
A common form of abuse we've seen is where spammers will abuse basic sign-up or user authentication forms to create a large number of accounts. This is a common practice for spammers to use to create large numbers of accounts to spam their email lists. To prevent this, we recommend implementing a form limiter that limits the number of sign-ups, invitations, and password resets per day per IP address. This will help prevent spammers from creating large numbers of accounts and spamming your email list.
High Impact
Sanitize personalization until verified
Make sure that you do not allow personalization (i.e first_name or last_name) in your initial emails. These fields can be abused greatly to allow spam messages to get through.
Bento Users: We provide some automated detection to stop this but recommend that you restrict any form of personalization until the user has been verified as legitimate.
Use tools like StopForumSpam.com
If you are dealing with a large number of sign-up forms, you should consider using a third-party service like StopForumSpam.com to protect your forms. They are able to detect bad IP addresses and emails that are likely to be automated attacks.
Critical
Ensure each form is clear on what to expect after submission
All forms should contain a clear and prominent message that informs users what to expect after they submit their form. This message should be prominently and clearly displayed. In addition, you should only send emails based on what that user has consented to.
Validate emails before submitting
Use a third-party service to validate the email address entered by the user. This will help to prevent basic forms of spam and mispellings.
Bento Users: We provide an API that you may use to check if an email is valid before submitting. Request access via support.
Implement multi-step forms
A lot of bots that are submitting emails automatically across the web are looking for basic forms. So, consider making your forms multi-step where the input is hidden until the user clicks a button/takes an action. This will help to reduce the number of automated sign-ups.
Implement Honeypot Fields
Honeypot fields are fields that are not visible to the user, but are used to detect spam. Bots will fill these out and out themselves as spam, so are then blocked.
Bento Users: We strongly, strongly recommend any Software as a Service (SaaS) provider and Wordpress user implement Honeypot Fields on their common sign-up forms. Most popular libraries or plugins allow you to do this.
Speed limit forms
A tactic that has worked well for us at Bento is to limit how quickly someone can submit a form. For example, if someone submits a form in less than 1 second, they will be blocked. This has worked well for us in our sign-up forms.
Bento Users: We strongly, strongly recommend any Software as a Service (SaaS) provider speed limits on their sign-up forms.
After sign-up
Critical & High Impact
Implement a Confirmed Opt-In program
Confirmed Opt-In (aka Double Opt-in) is a program that requires users to confirm their email address before they can receive futher emails. It is important, and crucial, that you ensure all users want and expect your emails; confirmed opt-in is THE best way to ensure this and highly encouraged by blocklist providers like Spamhaus. Once a user signs up via a form on your site you can then send them an email with a link to confirm their email address. Once clicked you can then send emails to them based on their expectations. Users who do not engage with that initial email should be ignored or unsubscribed.
Bento Users: Bento provides multiple ways to implement Confirmed Opt-In/Double Opt-in as well as segment out users who do not engage at all. We recommend talking to our team or scheduling a call to help craft a program specific to your needs. We're here to help all customers ace their COI setups.
Email validation
Once a user is sent to your email marketing platform, you should validate their email address with more advanced checks (i.e check MX records to ensure they are valid) to ensure it is correct and can receive emails. Emails that are mispelled, have typos, or are not in the correct format should be unsubscribed immedietly.
Bento Users: Bento's Spam API monitors new sign-ups and proactively unsubscribes them if they meet certain spam criteria.
Limit email volume
It is important that when a user signs up you do not send them too many emails or overwhelm them. Ask yourself, does the user want this extra email? If not, then you should not send them that email.
Set expectations with a clear welcome/first email
Send a welcome email to new sign-ups that details what they can expect from your email marketing program. This should include information on how to unsubscribe, how to opt-out of future emails, and any other important information that they should know about your email program.
Sending emails
Critical
Send to opted-in recipients only (best: Confirmed Opt In only)
Ensure that you only send emails to recipients who both expect and want your emails aka have explicitly opted-in to receive them. This not only respects user preferences but also helps maintain a healthy sender reputation. As mentioned above, implementing a Confirmed Opt-In program is a great way to ensure that your users are interested in your emails.
Bento Users: We provide many easy ways to segment out users who do not engage and are not interested in your emails. Please contact support if you need help filtering these out.
High Impact
Send to engaged users only
Segment your email list based on user engagement and focus your email marketing efforts on users who actively engage with your email and business.
Bento Users: Limit how often you email your entire list, if ever, and always segment out users who are not interested in your emails.
Use a clear subject line
Use a subject line that accurately represents the content of your email and aligns with what the user expects to receive. Misleading subject lines can lead to increased spam reports. Additionally, avoid using emojis or clickbait as this can be seen as spam by some blacklist providers.
Bento Users: Bento provides a free headline grader for your subjects and will tell you if your subject line is not clear.
Write a clear and concise email
Ensure that the body of your email is clear and easy to understand. Do not use jargon or try to manipulate users to click on links. Do not use too much HTML.
Bento Users: Bento provides a both a HTML editor and a plain text editor with simple markup. We recommend where possible using the plain text editor.
Critical
Easy to unsubscribe (all emails, even transactional!)
Make it easy for users to unsubscribe from your emails. This can help reduce spam reports and maintain a healthy sender reputation. We recommend placing an unsubscribe link in the footer AND the header of the email.
Bento Users: Use {{ visitor.unsubscribe_url | hyperlink: 'Unsubscribe' }} anywhere in your email to allow users to unsubscribe. Bento does enforce that you have at least one unsubscribe link in your emails.
Easy to change preferences
Allow users to easily change their email preferences on which emails they want and expect to receive. This may not be possible with all email providers, but it is good practice to allow users to pick what types of emails they want to receive.
Easy to contact
Provide a clear and easy way for users to contact you, such as reporting any abuse. This can help you identify and address issues quickly before they escalate.
Critical
Include your address and contact details in all emails
Include your address and contact details in your emails. This can help you respond to inquiries and support requests more quickly and efficiently. It is also legally required in many countries.
High Impact
Regularly clean your email list
Regularly remove inactive users and/or users who have never opened your emails from your email list.
Bento Users: Bento makes it easy to bulk unsubscribe users who are not engaging on your list.
Monitoring
Do not use link shorteners
Never send emails with links that are known to be used for spam such as link shorteners.
Do not use insecure http links
Always use https links in your emails to ensure the security of your users.
Consider turning off tracking
Consider turning off tracking for your emails to reduce the amount of data that is collected.
Bento Users: Bento provides a simple way to turn off tracking for your emails if you wish to do so, the downside is that you will not have this data to guage engagement.
Ongoing
Create an automatic sunset flow
Create a process to remove inactive users from your email list over time. This can help maintain a healthy sender reputation.
Bento Users: You can very easily use a Time Trigger automation in Bento to automatically contact users and remove them if they do not engage with that email.
Email Infrastructure
Use a reputable email service provider
Using a reputable email service provider can help ensure your emails are delivered to the inbox. Ensuring that you are sending on healthy, reputable IP addresses can help reduce the risk of your emails being marked as spam. Make sure you are able to work with them to address any issues you face.
Bento Users: All new sign-ups/customers for Bento are manually approved by our team before sending emails and we try our hardest to monitor the reputation of each customer, removing them when they are not compliant or against our ToS. We also make ourselves available for any customer to work on their programs.
Critical & High Impact
Add DKIM records for each provider
Add DKIM records to your DNS to ensure that your email provider(s) are sending email that are verified to be from your domain. We strongly recommend using https://aboutmy.email/ to verify that you have configured this correctly.
Bento Users: We provide easy to follow guides on how to do this inside your account. We are also happy to do it with you via a booked call.
Critical & High Impact
Implement SPF
Ensure your ReturnPath domain is correctly configured to allow email providers to send emails from your domain. We strongly recommend using https://aboutmy.email/ to verify that you have configured this correctly.
Bento Users: We provide easy to follow guides on how to do this inside your account. We are also happy to do it with you via a booked call.
Critical
Implement DMARC
Implement DMARC to improve email security. DMARC can ensure that all emails sent from your domain are authenticated and that your domain is not used to send spam from other servers.
Bento Users: We provide easy to follow guides on how to do this inside your account. We are also happy to do it with you via a booked call.
Set up BIMI
Set up Brand Indicators for Message Identification (BIMI) to enhance your brand visibility and trust in email. This does require you have a trademark, so register that first and then go through the steps to set up BIMI.
WHOIS
Ensure your domain WHOIS records are accurate, up-to-date, and most importantly public. Do not use anonymous WHOIS records as this can be perceived negatively by blocklist providers.
Critical
Functional Inboxes
Every email you send should have a functional inbox for users to reply to. Whether this is a custom Reply-to address or a generic inbox, make sure that when someone hits reply these go to you.
Onboarding from a new platform
Import clean lists
When migrating from one email marketing platform to another, it is critical to import clean lists of email addresses. Ensure that users who are unsubscribed are imported as such, and that bounce/spam emails are either not imported or imported and marked as spam by the new provider.
Warm up your new reputation
When migrating to a new platfrom you will need to warm up your new IP address. Whilst sending out your initial emails, send slowly and in batches to ensure that your IP address is warmed up and that your email service provider can handle the load.
Bento Users: We provide tools to slowly send emails out over time using batched sending. Utilise this to warm up your new IP address.

Whilst the above checklist is thorough, it is not conclusive and we are continueing to work on improving it. We encourage you to continue to do your own research and to read all the guides set forth by Google, Yahoo, and Spamhaus.

Our recommended further reading is the following:

As always, if you have any questions or need help, please contact us at [email protected]. We're here to serve, support, and ensure you are sending email that is wanted and expected.

Happy sending!