The 10×10 promise for magnifying email effectiveness

For marketers, email deliverability and open rates are more than core metrics. They are critical components of brand identity and whether your brand matters. Of who your brand is to customers.

Of the messages you send, what percentage actually arrive in people’s inboxes? That’s deliverability. Of the messages that arrive in the inbox, what percentage actually get opened by end users? That’s your open rate.

Cloud Native Now

When you’re running campaigns with thousands or even millions of messages, even small improvements to deliverability or to open rates can make a huge difference.

So what if you could improve each of these by 10%?

That’s the “10 by 10” promise offered by email authentication and inbox-level branding (aka BIMI). Both of these are eminently achievable by deploying two standards-based technologies that are available today.

It is the responsibility of every marketer that uses email — and today, that means all of us — to protect customers by claiming and securing your brand identity through these two technology standards.

Domain reputation matters: A view from major email receivers


First, a little background on domain reputation and deliverability. Marketers work incredibly hard to deliver the right message at the right time to the right person. None of that work matters if you don’t land in the inbox — and one of the largest risks to inbox placement is domain reputation.

Domain reputation — a value that email receivers assign to you — affects whether they will accept email from you, or, conversely, block email from your domain. Essentially, having a poor domain reputation will make your brand value nil, because email receivers see you the way they see 90% of all email: as something to be immediately rejected, not even worth putting into a “spam” folder.

Think of a declining domain reputation this way: It is your brand’s journey from the inbox to the spam folder to “immediately rejected” status.

To maintain a good domain reputation you need to follow the standard email playbook: obtaining permissions, cleaning your lists, and avoiding spam traps on emails you send. But these best practices, while critical, are not the only thing you need. You also need to ensure that only authorized, identified, and legitimate emails are processed by email receivers in your brand’s name. This is where brand spoofing and phishing emails matter to marketers — not just to security and IT departments.

Email receivers are essentially bouncers. We’re talking about Google (G Suite and Gmail), Verizon Media (Yahoo Mail and AOL Mail), Microsoft (Office 365, Outlook, and Hotmail), Fastmail, and Comcast. They stand at the door of the inbox with instructions from the owner of the domain that each email appears to come from, checking IDs and comparing them to the domain owner’s guest list of who should be allowed in (in this analogy, SPF and DKIM represent the domain owner’s “guest list”). They can reject those bad actors and spoofers trying to get in when the brands tell them to (based on the domain owner’s DMARC — Domain-based Message Authentication, Reporting, & Conformance — policy).

When you, as a brand, do not tell receivers to reject email messages pretending to be you (aka spoofing or phishing messages impersonating your brand) they assume these malicious messages are sanctioned by you. They then punish your domain reputation, reducing it until you are bulked, blocked, or blacklisted.

So if you didn’t actually send the email, why are you being punished? In short, you are not protecting the visible email “from” address. You are not telling the email receivers to reject the emails where the visible email “from” address doesn’t match the actual sender.

Fortunately, this is fixable by using SPF, DKIM, and DMARC in combination to authenticate all the messages sent by you (or by senders you authorize). When you do this, and set an enforcement policy with DMARC, all those spoofs and phish will fail authentication — and mail receivers will reject them.

And, because they’ve failed authentication, the spoofs will no longer count against your domain reputation.

You own the brand, and that means you own the responsibility to protect yourself and your customers. DMARC is the key to doing that, by giving you a way to communicate with mail receivers about which senders are authorized to use your domain.


The first email power-up: DMARC authentication

The first enhancement that marketers can take is authentication through DMARC. This is a standard that allows domain owners to control who is able to use their domains for sending email. It’s widely accepted by email inbox providers, with 80% of all inboxes worldwide checking and enforcing DMARC for inbound email messages. And 100% of the major U.S.-based providers, including Gmail, Yahoo Mail, and Microsoft, will check and enforce DMARC for all inbound email.

For DMARC to work, domain owners need to publish a DMARC record and configure it correctly. They also need correctly-configured SPF (Sender Policy Framework) and/or DKIM (DomainKeys Identified Mail) settings.

SPF and DKIM are already widely understood as a best practice among marketers. As a result, they’re very widely deployed by domain owners.

DMARC is less widely understood, but it’s growing exponentially. According to Valimail’s latest research, there’s been a 5X increase in the number of DMARC records worldwide over the past three years.

However, DMARC is usually not deployed with an enforcement policy (one that directs mail receivers to bounce/reject bad actors and emails out of recipients’ inboxes). Less than 17% of the 850,000 domains with DMARC records are currently at enforcement. The rest have DMARC, but without an enforcement policy. That means that fake email messages that appear to come from those domains are still getting through — and that, in turn, causes email receivers to downgrade these domains’ reputations.

Once a domain moves to DMARC enforcement, Valimail has observed that deliverability typically increases by 10%. Sometimes, if the domain has a particularly bad reputation, it can increase even more — a lot more.


The second email power-up: Branding with BIMI

That’s not the end of the story. A new standard, Brand Indicators for Message Identification (BIMI), will give domain owners and brands full control over the images that appear alongside authenticated messages they send.

Instead of generic letters inside circles, brands can specify exactly which image should appear alongside their messages.

Verizon Media tested the effect of putting brand logos next to email messages in a recent study. The company found a 10% increase in open rates for messages that had the logos of their sending companies, versus messages that were unbranded.

Users clearly prefer the branding signal — and they’re voting with their fingers, by clicking on those messages.

The catch? BIMI will only work on messages that have been authenticated with DMARC. Brands will need to set up DMARC and configure it to enforcement (p=quarantine or p=reject) on their organizational domains, not just on a subdomain.

DMARC + BIMI = 10×10


Put those two standards together and you’ve got a powerful force multiplier for your email marketing campaigns.

A 10% improvement in deliverability, plus a 10% increase in open rates. What marketer wouldn’t kill for results like that?

To achieve these results, marketers will need the help and support of their IT and security teams. Implementing DMARC and getting to enforcement is a process that poses significant challenges for some organizations, especially those that rely on a lot of cloud services.

And BIMI is currently in a trial phase, with a pilot currently underway on Yahoo Mail and another one planned for Gmail in 2020. In order to participate in this pilot, you will need a domain that’s configured with DMARC at enforcement, and you’ll need to work with one of the companies in the AuthIndicators Working Group, which is creating and managing the BIMI standard. (Valimail is a member in good standing and can help with this!)

Contact Valimail for more information on how we can help your brand achieve both goals: DMARC at enforcement and BIMI.

With a 10×10 increase, your email marketing will never look better.

Top image by Quinn Dombrowski 

The post The 10×10 promise for magnifying email effectiveness appeared first on Valimail.

*** This is a Security Bloggers Network syndicated blog from Valimail authored by Danny Williams. Read the original post at:

Cloud Capabilities Poll