Following up on our recent introduction of Deduplication Options for Email v2, we wanted to go behind the scenes to explain how our email delivery system is being further optimized. Enterprise level email delivery is much harder than it may appear. Like many things with an internet based product, we have to spend a lot of time guarding against the 1% of bad people in the world that want to do nefarious things. Your email recipients have built walls around their email systems to identify spam, phishing scams, email imposters and a host of other threats to their personal or corporate email systems. This presents challenges for the 99% of us that are using email for legitimate purposes. Lucky for society, smart people that want to do good outnumber the bad actors out there and have created standards we leverage to help recipient emails traverse these defenses.
Email authentication is a set of technical standards used to help legitimate email navigate the defenses of receiving mail servers so that email reaches the intended recipient. The three standards are SPF, DKIM and DMARC and all three are implemented and maintained by RunSignup on our customer’s behalf. Let’s break down this alphabet soup of standards at a simplistic level:
SPF (Sender Policy Framework) – A sending domain (like runsignup.com) can add records to its DNS settings that identify the servers that send outgoing email. This way the receiving system can check to see if the mail they think they received from a domain is actually coming from a server that domain has designated.
DKIM (Domain Keys Identified Mail) – This standard uses a cryptographic key pair to attach a digital signature to every email. This public/private key set can then be used on the receiving email server to validate that an email is authentic.
Easy, Right! Well… not so fast. These two standards work together and it all seems to make sense that this would solve the issues of getting legitimate email to its destination. But there are many factors that make it more complex.
First of all, many of these protocols required both the sending and receiving servers to be configured correctly. And receiving mail servers have additional algorithms they add to the decision process that impact if your inbound email gets routed to your inbox, a spam folder, other folders, or outright rejection (“bounced” email).
Email clients also may have rules that filter out messages, as we saw during the implementation of our Email Deduplication feature.
Furthermore, email from a sophisticated software service like RunSignup is coming from multiple servers from multiple domains (runsignup.com, givesignup.org, ticketsignup.io). For each of our domains, we have email coming from:
- Email v2 (the cool email you design using our free email system)
- Notifications (such as a race or ticket confirmation email)
- Corporate email from employees of RunSignup
- Email from our Support System
- Email from our Marketing Systems – like our Newsletters
- and more…
Each of those systems, for each of our domains, need to be configured properly. So how do we at RunSignup know that our configuration is working correctly? Enter the last standard, DMARC.
DMARC (Domain-Based Message Authentication, Reporting & Conformance) – This is an additional standard that includes two main features. The first is a policy that tells the receiving email server what to do if an email fails authentication. The choices are:
- Do Nothing, deliver it anyway.
- Quarantine, which usually results in putting the message into a spam or junk folder
- Reject, or bounce the message
The second feature is a reporting mechanism that RunSignup can use to tune our configuration. This is how we find out how our configuration is working. By analyzing the reports we can recognize trends that might drive a change to our configuration, maybe to combat a new threat or accommodate a server change.
Tuning and Learning Phase
Because enterprise email delivery is faced with numerous threats and configuration factors to evaluate, most companies go through a phase of monitoring DMARC reports and tuning settings before moving directly to a reject policy. RunSignup is in this self-learning and tuning phase now and continues to adjust our settings to provide the highest level of email delivery rates. We are currently delivering 20 Million emails per month with a failure rate of less than 0.01%.