Get a Quote

Best Practices for Email Delivery from Websites: Ensuring Inbox Placement and Avoiding Spam Filters

13th February 2024
Thomas Marsden Team

Sending emails from your website is a function critical for communication with users, customers, and clients. Whether it's enquiry forms, order confirmations, or newsletters, the reliable delivery of these emails is paramount for a successful online presence. However, the journey from your website to the recipient's inbox can be fraught with challenges, including spam filters and delivery failures.

To overcome these hurdles, we must ensure the website and hosting configuration adheres to best practices and employ robust email authentication mechanisms. And just to further shake things up in 2024, two of the largest email platforms, Gmail and Yahoo, both announced several updates to combat spam which in brief including authentication, easy opt-out, and spam monitoring. 

In this post, we'll explore several techniques essential to employ on your website such as SMTP authentication along with hosting configurations including SPF, DKIM, and DMARC records to optimize email delivery and avoid being flagged as spam.

SMTP Authentication:

SMTP (Simple Mail Transfer Protocol) authentication is a fundamental mechanism that verifies the identity of the sender before transmitting an email. By requiring authentication, SMTP servers prevent unauthorized users from exploiting their services to send spam or malicious emails. To put this simply, in order to send from a mailbox your website need to be able to access it.

For Wordpress based websites, their are several popular plugins such as WP Mail SMTP that make it easy to setup and send authenticated mail. Or for custom developed websites, it may require that we ensure that your email sending library or framework supports this feature. Most modern libraries provide straightforward methods for configuring SMTP authentication by specifying credentials such as username and password.

Often setting up the facility on the website to send authenticated email is the easy part, but access to the required email account can be tricky particularly in larger organisations. In this case we suggest using a mail service such as Mailgun to 

SPF (Sender Policy Framework):

SPF is a mechanism that helps prevent email spoofing by specifying which IP addresses are authorized to send emails on behalf of a domain. By publishing SPF records in DNS settings, domain owners can inform receiving mail servers about legitimate senders authorized to use their domain.

To set up SPF for your domain, add a DNS TXT record containing your SPF policy. Here's an example SPF record:

v=spf1 include:_spf.example.com ~all

DKIM (DomainKeys Identified Mail):

DKIM is a cryptographic authentication technique that adds a digital signature to outgoing emails. This signature, generated using a private key, allows receiving servers to verify the authenticity of the email and detect any modifications during transit.

To enable DKIM signing, you'll need to generate a DKIM key pair and add the public key as a DNS TXT record. Many email service providers and hosting platforms offer built-in support for DKIM configuration.

v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC2Gz1NE 5ET1VEBRaZY3hmlzexbTzBtrRYb5mI8kCQDQ1kWzjutUaGGnjfH9oH/3fzmXcUL9 4xBZqoTnlmZGnBkYEMob28AmDNbD7uYsL2kQ5Ow/D12J1Dqnb6dJMyvqu6MXYECU 6IVUziv1zDx0X9g6qWEvFFBXuB3k7h3a5QIDAQAB

DMARC (Domain-based Message Authentication, Reporting, and Conformance):

DMARC builds upon SPF and DKIM to provide a policy framework for email authentication and reporting. It allows domain owners to specify how receiving mail servers should handle emails that fail SPF and DKIM checks.

To configure DMARC, publish a DMARC policy in DNS settings along with SPF and DKIM records. The DMARC policy can instruct receiving servers to quarantine or reject emails failing authentication checks and specify how to handle reports on email delivery and authentication failures.

v=DMARC1; p=none;

When configuring a DMARC policy on your websites hosting setup, it is also recommend to consult your IT or email provider to ensure the policy is suitable and will not block or quarantine legitimate mail. 

Summary

Implementing robust email authentication mechanisms such as SMTP authentication, SPF, DKIM, and DMARC is essential for ensuring the reliable delivery of emails from websites. By adhering to these best practices we can mitigate the risk of emails being marked as spam, and foster trust with recipients.

Bonus Tips

In addition to getting the above mandatory items ticked off, here are a couple of bonus tips that once implemented greatly assist in delivery.  

  • For customer emails & newsletter
    • Run a spam check on your email messages content
    • Clean lists regularly
  • For enquiry forms emails
    • Bcc to a external mail box like Gmail or Outlook.com
    • Use a backup plugin that stores submissions in a database 
    • Perform regular test either manually or with a plugin

Need Help?

If you are having trouble with reliable email delivery from your website, feel free to get in touch and ask about having a review of your website email configuration.