All about email - Part 3
This is the third of a series of blog posts devoted to email issues and how ByWater Solutions supports your Koha email capabilities. In this post, we look at the strategies you can use to make certain your email is not marked as SPAM.
Oxford defines SPAM this way:
1 - Irrelevant or inappropriate messages sent on the Internet to a large number of recipients.
2 - ™ A canned meat product made mainly from ham.
(I personally grew up eating plenty of SPAM with my dad while watching a baseball game. But I digress.)
In our last post, we showed how to make sure an SPF record would allow for email to be delivered. This is just the first part of the equation. Most email providers do filtering of messages to determine if it is legitimate or should be flagged as SPAM. There are things you can do from both a content and infrastructure standpoint to make sure your emails are not marked as SPAM. Let’s look at the infrastructure part first:
DKIM - DomainKeys Identified Mail
DKIM was the merging of two technologies in 2004, Domain Keys (developed by Yahoo) and Identified Internet Mail (from Cisco) which then was donated to the public domain and defined by RFC 6376. It operates by creating a pair of keys. The public key is placed in your DNS as a TXT record that includes the name _domainkey.example.org. The private key is then used in your email system. When you send an email, the email system will insert a mail header whose value is an encrypted string. When the email is sent to your patron, the email server will look at that header and decrypt it using the string in your DNS record. If it all matches up it proves that the email is in fact legitimately being sent by a user.
All Bywater Solutions partners have their email DKIM signed to the bywatersolutions.com domain. In most cases, this is enough to guarantee delivery of your patron email as legitimate, with one major exception.
DMARC - Domain-based Message Authentication, Reporting and Conformance
DMARC, defined in RFC 7489 allows a domain to tell email servers how to handle email that does not pass both SPF and DKIM authentication. The policy can be configured to do nothing, to send information to the Mail Administrator, to quarantine the message for a short amount of time, or even 100 percent reject the email. As IT departments at municipalities and schools are tightening down security of email, this will require some adjustment.
Let’s walk this through. Let’s say you are in a consortium with a library with the domain city.example.org. But your branch of the consortium sends patron notices from your domain, city2.example.org. If the DKIM is signed with city.example.org’s DKIM keys and you send from city2.example.org AND city2’s IT department has a strict DMARC policy, your email will fail and you will receive no notice.
If this all seems confusing we completely understand, and that is why we are here! We can work with your IT group to make sure all parts are aligned in order to make sure none of your emails ever see the spam filter.
Content based spam
The last thing spam filters do is analyze the content of the email to “guess” if the content is actually legitimate. Various filters have a variety of rules and levels that a user can set. Koha formats email properly but there are some things you can consider to make sure your content is not mistakenly flagged as spam. Some of them include:
- Don’t use all capital letters in Subject Lines
- Try not to use exclamation points (!!!) in Subject Lines
- Don’t embed flash, videos, or forms in email. Instead, provide a URL link or attachment.
- Spell check before sending
- Make sure you ask your patrons to add your email address in their accepted list
Following all these best practices will go a long way into making your patron email arrive as expected. Many bulk mail providers also provide more tips you can consider when making your email forms. (Your mileage may vary with some of these)
Next time we will go into detail about one last email issue you should be aware of, the deny lists, and how Bywater Solutions helps keep your Koha systems off of them.
More in this Blog Post Series
Read more by Mitch Morrison