How To Do Mass Mailing

Email is not the trendiest message system. It is the one that everyone on the internet actually has. There is no way of running a decent large scale website and not being a mass emailer as well. Being universal, email is not 100% reliable, but with with good practice, and the co-operation of your users, you can aim for 99.95%.

There's some work required to get good mail deliverability, but not a huge amount of time. Most of this article is list of small technical tasks; it's all about knowing what to do and grinding through it.

This article is for people who are happy writing scripts and editing DNS records. Normal people should consider a service like MailChimp, which will manage this for you.

Know you target

There are roughly three types of inbox on the internet.

Big Four - Yahoo, AOL, GMail, Hotmail [] - Between them they handle 2/3rd of global email. They have the resources to do excellent spam filtering, but the sheer volume of spam constantly threatens to overwhelm them. They rely heavily on user feedback to block spam, and blacklist IPs aggressively. (Yahoo is particularly vicious.)

Second Tier - Major ISPs, smaller mail providers like TuffMail, corporate email - These have solid off-the-shelf spam filters in place. Because they're small, they don't use user feedback and aren't too aggressive in blacklisting. They can be idiosyncratic though. If there's a obscure Dutch blacklist somewhere run by a teenager, these will be the people who actually use it.

Mom and Pop - Self-hosted small business email, schools, charities, shoe-string ISPs - These receive most of the world's spam. Their servers aren't actively managed. They won't have good filtering. Although they're unlikely to block you, you'll have to stand out from all the junk mail in their long suffering users's inbox.

Hurdles to the Inbox

  1. IP address looks odd. - If an IP address is blacklisted somewhere or belongs to a residential user, most mail servers will just ignore it.
  2. Server does not talk SMTP properly. - Spammers often just blast out emails with crude spam scripts rather than using a real email server. To avoid looking like spam script, it is important that your email server is properly set-up and permanently online.
  3. No IP address reputation. - Using an IP with no known owner, incomplete WHOIS (the big official database of IP & domain name ownership), no previous history of sending mail, etc.
  4. Bad Content. - If you're not sending spam, or advertising viagra, you are probably okay for this. Spam filter aren't that dumb. You will want to be careful about having invisible text or big images though. That can look like you are concealing the content the user will actually see.
  5. User doesn't want your email. - You might not think this will be an issue. But remember that people are strange, and they make mistakes sorting their mail. In most email systems, a user marking you as spam once will never receive your emails in their inbox again.

Proper Server

Running a properly set-up mail server will get you through hurdles 1-2.

Dedicated IP - You'll need a static IP address that is solely for your own use. It's a good idea to check that your new IP isn't blacklisted anywhere. Look at SenderScore Check for a good idea of an existing SMTP IP address's reputation.

Domain - It's best that your email is sent from the domain, or a sub-domain, of the one they claim to be sent from.

Forward-confirmed reverse DNS - Just a special DNS record tying your IP address to your mail server's domain. Your hosting should be able to set this up for you.

Sender Policy Framework [SPF] DNS Record - A specially formatted TXT DNS record that tells the world which IPs are entitled to send mail for this domain.

Ex. "v=spf1 +a +mx -all"

The easiest way to make one is with the SPF wizard.

After publishing an SPF record, test it by sending mail to . (You might have to wait a few hours for it to propagate.)

Note on SenderID: Microsoft's well intentioned (no really) extension to SPF. A valid SPF record is almost always a valid SenderID record.

abuse/postmaster Email Addresses - Best practice (RFC2142) states that you should receive mail to postmaster@yourdomain [so other servers can report failed messages] and abuse@yourdomain [so other email admins can complain to you].

Simple Tips for Email

Identify yourself early - The 'from' name should be clear and be from a name you would expect a customer to remember. The Subject line should convey an accurate first impression of the message. Not something generic.

Good: My Company              [Customer Name]'s order of a blue vase
Bad : Peter                   About your account

Remember that the spam button is a reflex action for most people. And they'll not only use it for spam, but for anything they want to keep out of their inbox. So make it easy for them to unsubscribe instead. This also a requirement for most bulk mailer whitelists.

Take responsibility for your domain

Whois - Make sure you are giving genuine contact details on your WHOIS. You can change your WHOIS records through your domain registrar. - The site collects contact information for email domains. Register yourself by sending an email to with the format:

Bounce Handing with VERP

With VERP, a different sender address is used for each recipient. Usually of the form<a href=""></a>.

When messages are rejected [e.g. bounced] that bounce message will be sent to the sender address (or return path). The recipient address can then extracted from the VERP encoded sender address.

Bounces can be hard [a non-existent address, or permanent failure] or soft [full mail box, temporary outage, etc]. A hard bounce should disable an address immediately; soft bounces should only do this after several rejections over a period of days.

Useful information on interpreting bounce message can be found here

Whitelist Yourself

You can register yourself as a bulk sender with various providers and whitelists. This means they won't be surprised when your server starts sending several hundred messages a second.

DNSLW - Is a volunteer run whitelist used by SpamAssassin [a very popular open source spam filter] and many ISPs.

Bulk Sender Lists :-

Google Mail has no manual whitelist, all their delivery is controlled by algorithms. Hotmail also has no whitelist, but if you are blocked, you can open a support ticket to have this corrected. Hotmail uses the SenderScoreCertified paid-for whitelist.

Domain Keys

DomainKeys Identified Mail (DKIM) allows you to sign your outbound emails so that they can carry the full reputation of your domain, rather than just their originating IP address. DKIM is implemented by having your mail server sign your outbound mail with a private key. The corresponding public key is placed into your domain's DNS records. A second DNS record then states your domain's signing policy, e.g. do you sign all your mail, or just some of it, etc.

DKIM helps a great deal with deliverability to Yahoo, as they originated the technology.

For more information read -

Feedback loops

Feedback loops [FBL] are an arrangement were a provider notifies you whenever your email is flagged as spam by the end-user. You are then expected to stop sending "spam" to that email address. Joining FBLs and unsubscribing user who complain, mitigates the impact of bad user feedback on your sender reputation.

(ReturnPath seem to have a semi-monopoly on running FBLs. Not sure why.)

Most FBL responses in the ARF format. See a sample here.

Blacklist Monitoring

There are lots of email blacklists. Most of them aren't important, but do try to keep your IPs off them. There are monitoring services that track hundreds of blacklists, and notify you if your IP becomes listed.

And don't forget to check your bounces for references to blacklists.

Fine tuning your mail

Precedence Header - You can add the mail header Precedence: Bulk to let client's know your messages are bulk mail. This actually makes it more likely to be delivered, as spam filters will then expect identical emails to be delivered to multiple mailboxes. It will also suppress out-of-office style auto-responders.

Safe Unsubscribe - Many people won't unsubscribe because they think this encourages spammers. To get around this, the major mail providers allow you to add an unsubscribe button their web mail interfaces. To do this you need to pass the List-Unsubscribe header described in RFC 2369, and be trusted to do so by the mail provider. GMail originated the standard and are the easiest ISP to get enabled with. (Just wait and it automagically gets enabled.)

Mail Streams - Separating different types of mail by From address and even by IP, allows you users more control. For example, they might get annoyed at your marketing newsletter and mark it as spam, without this stopping them from receiving billing statements.

Rate Limiting - Its best not to send thousands of emails a second to a domain you are not whitelisted with. Try limiting messages to one per second for better deliverability.

Securing your email

S/MIME Secure Emails - Most mail clients (but almost no web mail) support S/MIME digital signatures. This gives users the same assurances about your emails as they have using an HTTPS secured site. You can buy mail signing certificates from Verisign.

CertifiedMail - A proprietary email signing program that works only for Yahoo mail (and the domains Yahoo runs outsourced mail for like BT & AT&T), AOL and a few others. It is only available for transactions mails, and requires the use of an approved commercial mail server.

Paid for Whitelists

SenderScoreCertified - A commercially operated whitelist that will cost you over a $1000/year. It offers almost guaranteed delivery to Yahoo and Hotmail, provided you obey their rules. The requirements for certification are worth reading as a checklist, even if you do not intend to join their whitelist. In addition to deliverability, joining will enable embedded images, links and styles in Hotmail.