FixDeliver - 34+ Ways To Increase Bulk Email Delivery, Without Spamming

More about this later and…​ Finding email delivery problems is dirt simple, so rather than bury the lead, here’s how…​

Just setup this single DNS record and you’re done. That’s it.

       _dmarc IN CNAME _dmarc_report.fixdeliver.com.

This DNS record directs Mailbox Providers (like Google/Yahoo/Microsoft/etc…​ to feed DMARC reports into my Free DMARC parser.

Then just keep mailing.

Then visit https://FixDelivery.com/reports/mygreatproject.com periodically to determine what’s broken in your email delivery.

Usually first data will arrive around Midnight of the first day you set your _dmarc CNAME record.

If you get stumped…​ contact me for help…​

If you can’t resolve your email problems yourself, contact me at Skype ID: davidfavor. I can either provide you a fix, or point you to someone else who can provide you a fix.

1994 was the first year I started running Web/Email servers for myself and clients.

My ability to fix complex problems comes from sheer weight/years of experience.

There are a few questions you can ask when interviewing Email Delivery Consultants which will weed out the Posers from Savants.

If they answer any of your questions incorrectly, say "Thanks for your time. We’ll be in touch." Then…​ blacklist this person/company and destroy their contact info.

ESP - Any Provider*Email Service Provider* initiating email sending - ESPs (Maropost, MailChimp, etc…​) or Mail Relays (Mailgun, Sendgrid, SMTP2Go, etc…​) or CRMs (InfusionSoft, HubSpot, OntraPort, ActiveCampaign, etc…​) or Funnel Services (ClickFunnels, GetResponse, LeadPages, etc…​) or in-house MTAs (like Postfix, EXIM, Opensmtpd, qsmtpd, Sendmail if you’re a thrill-seeker).

Mailbox Providers - Anywhere email is read - Google/Yahoo/Outlook, in-house IMAP and Webmail (like Roundcube/Rainloop), in-house IMAP and Desktop Client (like Thunderbird/Mailbird/Outlook/Mail).

IMAP - When mentioning IMAP servers, this always means https://Dovecot.org code, as Dovecot has become the defacto IMAP server code in use today.

SPF Flattening - Replacing all symbolic DNS lookups with a list of IP ranges, potentially listed across several SPF records to meet the DNS RFC requirement of 512 bytes maximum record length.

SPF Patching - Injecting missing IPs into an SPF record based on DMARC report parsing.

The best email delivery service is always running your own in-house MTA server (mail sending/receiving) and IMAP server (mail reading/sorting/archiving).

This is the only way to have 100% control of your email process. This means you can notice email delivery problems instantly and fix problems quickly.

Every email message sent receives a 3x digit basic status code along with detailed text explaining the returned status code.

"Free" in this case means, initially you’ll invest more setting up your in-house MTA, then over time tuning your MTA will require decreasing work for increasing email delivery and profit.

This means your email deliver service will likely evolve through this sequence…​

You’ll know when to bring all your email sending in-house when one of these conditions occurs…​

In the last case, revenue drain circling might be due to list fatigue, so you’ll rule out list fatigue first…​ or better…​ just run lead generation to ensure you’re always adding new contacts to your list(s).

Most ESPs either lie about their stats as part of their business model or they’re just incompetent.

You can test this yourself by setting up a simple _dmarc host record for your domain to run your daily DMARC reports into a DMARC parser, which transforms these massively abstruse (overly complex) XML reports into human readable form.

As your email marketing evolves, you’ll likely reach a point where you begin to suspect your ESP lies about their email delivery stats.

My suggestion, adopt a day one starting point of never believing anyone, rather than believe (ESP dashboards) measure (DMARC reports).

You can pay $100+-$1000+/month for a DMARC report parsing service.

Or you pay $0/month using the free https://FixDeliver.com DMARC report parsing service.

To use FixDeliver, follow these simple steps

This video explains how to to decode/understand/read FixDeliver Free DMARC reports.

Most DMARC reporting services require advanced/superhuman cognitive facilities to understand.

FixDeliver DMARC reports attempt to provide single glance analysis/debugging of DMARC problems.

This is very simple. Manually inject/send an email through each of your ESPs (CRM, ESP, etc…​) of the following form.

You’re receive a details report in a few seconds with pass/fail check of your infrastructure.

Tests include IPrev/SPF/DKIM and SPAM classification test of content.

Port25 has many glaring deficiencies, like…​

That said, Port25 is still the best starting point for infrastructure testing.

Opportunistic TLS means TLS is tried in fallback version order - TLS 1.4/1.3/1.2/1.1/1.0 then SSL3/SSL2 then no certs - which has been in force for years.

This means MTAs sending mail connect to Mailbox Providers using TLS to ensure message privacy is ensured.

And there are changes occurring rapidly…​

The simple fix for this is to ensure all your ESPs use TLSv1.2 or above, fixing this as necessary.

There are many Realtime Blocklist Testers.

In addition to Port25 test, always do an RBL check before sending any email from your domain.

Be aware there are many ExtortionWare RBL services (UCEPROTECT and others) which operate like Ransomeware. They blacklist your domain’s sending IPs, then for a recurring ransom charge, many times $1000s/incident, they will delist/remove your IP(s) from their system.

Just like Ransomware, if you ever pay them once, be prepared to pay repeatedly.

ARC signing is when a message passes through many services between Sending MTA to Mailbox Provider MTA.

Getting ARC signing to work, or rather debugging problems when they occur, required God like conjurations.

The way I handle pass through email is to strip all DKIM/ARC signatures, then resign the message with new Triple Signed DKIM signatures, inside my final Sending MTA.

Taking this approach guarantees there are no ARC signatures and DKIM signatures are 100% correct.

Many small fortunes have been lost because someone tests their infrastructure once, imagining a single test is sufficient.

The way I approach this is to send a probe email every 1% of messages sent which verifies there are no RBL/SPF/DKIM/DMARC

A few months ago Google seems to have premeditated broken the SMTP protocol for messages they send.

SMTP defines a specific ordering of verbs in the protocol, where messages have headers in the order - From:, To:, Body.

Almost every MTA looks for this order and if verbs arrive out of order, the message is blocked from submission, because for years only hackers break SMTP to attempt SPAM delivery.

Because of Google breaking SMTP verb ordering, many small businesses running in-house MTAs to receive messages, can no longer receive message from Gmail users.

For me, the moment I noticed this, I just modified my custom incoming MTA to take SMTP verbs in any order.

For most, this will be impossible, because most off the shelf MTA code automatically blocks misordered SMTP verbs as SPAM sources.

If you use Gmail and your customers complain your support staff ignores them, this almost surely relates to Google breaking SMTP verb ordering.

The fix for this is complex and MTA specific, so if you’re experiencing this problem contact me to discuss fix options.

First double check your ESP setup, using their setup verifier, if they provide one.

If Port25 report is error free and ESP verifier is error free, best way to fix SPF breakage is to use an SPF Realtime Patching Service which range from $100-$1000+/month.

Or you can contact me about using the nearly free https://FixDeliver.com SPF Patcher service.

First double check your ESP setup, using their setup verifier, if they provide one.

If Port25 report is error free and ESP verifier is error free, best way to fix DKIM breakage is to use a 3rd party Mail Relay service, like https://MailGun.com or similar.

Be aware, since Port25 DKIM testing only tests RSA1024 or RSA2048, your mail will likely fail with some Mailbox Providers. To fix this see the next section.

Some DKIM breakage is complex. Let’s say you use RSA1024 signing, but the Mailbox Provider where you’re sending requires RSA2048 or ED25519.

In this case, every tester (like Port25) you use will return pass for DKIM.

Then you’ll end up with massive DKIM failures for specific Mailbox Providers in your DMARC reports.

The fix for this is do DKIM triple signing - RSA1024/RSA2048/ED25519 - where DKIM signatures all appear in a certain order on a per Mailbox Provider basis.

This is all very complex, and can change at anytime per Mailbox Provider.

Implementing DKIM triple signing requires running a custom, in-house MTA, which will require an initial setup cost and maintenance cost.

If you imagine fixing your email marketing revenue will provide significant profit uplift, contact me to discuss implementation options.

In the past Mailbox Providers have allow no _dmarc record or a report only (p=none,sp=none) _dmarc record.

These days are gone, as of Feb 2024 email delivery guideline changes.

The way to fix this is to first start with a report only _dmarc record.

Then once your https://FixDeliver.com/reports DMARC report contains 100% successes for SPF and DKIM, switch to a strict policy (p=reject;sp=reject)…​

Take a look at https://fixdeliver.com/reports/davidfavor.com.summary.txt showing an example of DMARC switching. Through 2024-03, notice the MailGun failures. This is because MailGun made a change to their system that broke verification of many customers. Since MailGun never announced this change, delivery stopped for many domains.

In my case, I noticed this change and reverified my domain, fixing the related DNS problem.

This resulted in 2024-04 and beyond having 100% SPF/DKIM successes.

The Fail2Ban tool runs on almost every Linux server by default.

Many Spider/Crawlers/Indexers site visits are incorrectly classified as SPAM, due to incorrectly crafted Fail2Ban recipes. This in turn blocks these site visits with some sort of error.

This also relates to message specific crawling done to verify URLs embedded in messages are actually working.

This means Fail2Ban recipes must be crafted carefully, while Apache modules like mod_security should just be avoided.

Skipping complex Fail2Ban recipes and serving File/Database I/O at RAM speed rather than Disk speed, is usually the best way to fix this problem.

This is fairly simple to understand, not so simple to implement, unless you’re running your own in-house Sending MTA.

The rule I use, "If a receiving Mailbox Provider tells you to slow down or stop sending, best do what they say, if you’re attached to 100% of your money."

Most Sending MTAs just jam email message down the pipe to each Mailbox Provider and if the Provider returns a 4XX status code saying we’re throttling your Sending MTA, then you’re one step away from being RBL’ed (Blocklisted/Blacklisted) first with the Provider, then if you continue the Provider will start reporting you to RBL services.

Once your Domain or IP(s) are listed with RBL services, all your outgoing email will be blocked by all Mailbox Providers, so this must be tracked and fixed immediately, when the first RBL listing occurs.

My approach is to to send slow, then increase sending speed, till a throttling return code comes back, then stop sending…​ wait for some time…​ restart sending at a slower speed.

To implement Self Throttling covered previously requires the ability to…​

This requires a simple pause/resume mechanism, for known return codes.

If a new code returns, then human intervention is required.

Another requirement is the ability to do math required to determine how much to slow down sending speed, to enforce self throttling at the sending end, rather than Provider throttling at the receiving end.

No matter how you build your list, opt-in boxes for 100% SPAM (bad) email addresses or email intake for 100% HAM (good) email addresses, you must test every email address during every send to determine which addresses have flipped from Humans to SpamTraps.

Here’s why…​

Use to be Mailbox Providers (where email is read) use to retire/delete/expunge email addresses when an email address became unused. Meaning when a person was unwilling or unable to use the email address, that email address was deleted.

At this point, again in the distant past, these email addresses would return a 5XX permanent error, like "Mailbox is no longer available" or "User has gone fishing permanently". Some indication this email address was no longer active and would never be active again.

Mailbox Providers now maintain all expired email addresses forever. When sending to these email addresses, sometimes a 4XX (temporary error) is returned and more often a 250 (success) is returned.

Mailbox Providers then begin counting how many times you email these dead email addresses, to determine if you’re sending SPAM (bad) mail or HAM (good) mail based on contact engagement.

These dead addresses, that act like they’re live are referred to as Recycled SpamTraps and have been the death of many a business.

My simple rules

Use to be email marketing targeted high speed email sending and Time Scarcity.

This approach hasn’t worked in years and will put you out of business in a heart beat.

Instead what’s required is this…​

Likely you’ll be displeased to hear this and the days of Affiliate Marketing have passed. At least the way we all use to do Affiliate Marketing.

To combat Competition Attacks, whether overt (crafted) or accidental (common), new approaches are required…​

This is simple to fix and complex to implement.

If you use opt-in boxes, then you’re a Spammer, if you ever email these contacts.

Typing an email address into an opt-in box does not provide permission to email this email address. For example, I could input president@whitehouse.gov or any other string of random characters.

Permission for jack@example.com to email…​ say…​ crazyjoe@yahoo.com only occurs when crazyjoe@yahoo.com sends an email to jack@example.com first.

SMTP from one party to another is the only valid permission mechanism.

I can here confused people saying, "But I send them a double opt-in message, to which they replied".

That’s great. Your double opt-in message was the first SPAM message you sent the crazyjoe@yahoo.com email address.

The next time you "send to your list", Yahoo considers all these contacts SPAM. You can prove this to your self by sending a message to your entire list using a Mail Relay service which provides Webhooks to track all the state changes of every email address on your list.

The fix, simple to understand and complex to implement, is to replace all your opt-in boxes with email addresses, like join@example.com or news@example.com where the contact must first email you, then you start the double opt-in process.

I’ve been sending email for my own projects since 1994. I’ve always used an opt-in email address, never opt-in box…​ and…​ I’ve never had any SPAM Complaint problem.

One other consideration about how Opt-In boxes cost many fortunes daily…​ Recently I ran a test of API stability against one of the largest CRM services in existence. What I found was astonishing…​

Over a 90 day period, this CRM’s API services were down roughly 35% of the time, so crude measure is using the CRM’s provided Opt-In Box cost this business 35% of their leads.

This has a massive negative profit effect of Lifetime Customer Value lost for all the lost leads…​

And this gets worse as there’s a higher hidden cost. This business had it’s list size reduced by 35%, so all the contacts acquired and lost during this period reduced the list size by 35%, meaning if these were real contacts, the related list was losing all it’s most recently, high engaged contacts.

Next section details why this is so costly…​

Sending email is simple, which is different than easy.

Here’s how I approach this.

Once you think through this, the process is understandable.

Unfortunately, a custom coded MTA is required to implement the above sending rules and process.

All large Mailbox Providers treat URL Shortener links embedded in email as a negative.

Some Providers assign some negative reputation of various degrees.

Some Providers classify messages containing URL Shortener Links as either SPAM or Promotion, so kiss your Inboxing goodbye.

The reason for this is because an initial email can point through a URL Shortener to good content, then in the future the endpoint of the redirect can be changed.

And it gets worse.

Some Providers consider all 301/302 redirects as URL Shorteners, while some Providers treat onsite redirects as okay, then offsite redirects as reputation dings (negatives).

This suggests the rules I use personally when sending email.

If you’re attached to 100% of your money…​

This makes perfect sense when you think about it.

Makes no difference if your targeting Featured Snippets for your Web Pages or Inboxing your email. Valid HTML is the first step, because if you pump 100s-1000s+ content errors through Web Spiders or Email Classifiers, you’ll never know why you have no SEO traction or all your email get Spammed.

HTML errors are the same as cutting words out of a book, shaking them in a plastic bag, dumping them out, stacking them end to end, expecting anyone to understand this gibberish and knowing what to do with said gibberish.

If you’re serious about 100% of your money, all your HTML must be 100% clean (0 errors, 0 warnings) with the exceptions of Google Fonts as Google publishes HTML syntax broken links to their fonts.

1st, make sure every message contains a 100% clean (0 errors/warnings) HTML MIME part.

2nd, make sure every message also contains a Text MIME Part that 100% matches the HTML MIME part.

The way I do this is for every outgoing email message is as follows…​

If this is new to you, give this a try and check your Feedback Loops (especially Google) to see the reduction in SPAM matches.

My Mailbox Providers classify messages as SPAM if they include external JavaScript or CSS references by URL.

Simple solution is to include these inline (contained in your message).

While this problem has been known to break SEO for years, it also applies to email messages.

When background/foreground colors are within a certain percentage of the same color, many Mailbox Providers automatically classify the messages as SPAM, because this break message readability and allows keyword stuffing, which breaks Mailbox Providers message search capability and ad serving.

Most Mailbox Providers automatically classifies messages with interactivity as SPAM. Likely in the future this will become more stringent and common.

Avoid using any message interactivity, rather point to a URL where the interactive features are hosted.

Some words and phrases are generally classified as SPAM. Sending a message to 1,000,000s of email addresses with the line "Buy my cool stuff", with very little other content, is one example.

There are many tools you can use to check your messages, like SpamAssassin + RSPAMD. Another trick is to subscribe to SPAM blocker services like SpamHero, then just sent a message through these services to see if your message is classified as HAM (good content) or SPAM (bad content).

If your email messages contain broken links, Apache 404 errors, Mailbox Providers will only tolerate this for so long before they reduce the reputation of your sending domain and IPs. Keep doing this long enough and all your mail will be classified as SPAM.

Apache 500s occur because of 2x primary reasons - software errors and server load.

Bad software is easy to track and fix. Just run the Log Watch service on your Linux machines, then each time a 500 error is reported, fix this problem on your sites.

I’ve been running private hosting for client sites since 1994. Fixing 500 errors are part of my daily work. As soon as I seen one of these problems, either I fix the problem or contact the related client to discuss fix options.

My point here is 500s errors occur repeatedly and are best fixed immediately.

Fixing server load is another of my daily tasks.

Heavy server load

This way you just ignore this traffic class, as it no longer produces any Disk I/O.

Above 40X and 50X URL breakage was covered.

There are other URL problems to consider.

Most important is to run https://transparencyreport.google.com/safe-browsing/search?url=$URL on every URL in messages you send.

If any problems are reported, fix these first, before sending.

When Affiliates mail an offer, this becomes problematic because anyone can mail a list, where the message body contains a URL related to your offer (contains your Website URL).

If many users report this offer as SPAM, then the sending Affiliate will be flagged as a Spammer, along with every URL in the SPAM they sent, which includes your off URL.

I call this a Competitor Attack, because anyone can use this type of crafted attack to take out their competition.

If you find yourself under this sort of attack, contact me to discuss solution. Their are effect solutions and best to talk about this privately, rather than provide attackers with details about how to circumvent these countermeasures.