As white-hat linkbuilders we send a lot of emails. Many of these are cold emails to people who’ve never heard of us.
People like to say things like “follow them on twitter first to build a rapport”, but even if you do they’re still cold in the email because their email account has never interacted with yours before.
Now depending on their spam filter settings, it may be that you have trouble getting your email to land in their actual inbox. Not a big deal, right, if a few emails are blocked as spam - we are sending unsolicited emails after all.
Well, that’s the thing - we’re not sending spam.
We’re CAREFUL about who we send outreach to, and we make sure we’re only sending our outreach emails to people who are likely to be interested in the content we’ve spent hours working on.
If you need help finding the type of people who are likely to be interested in your content, take a look at these guides:
Of course, it's one thing if the receiver reads the message and then deletes it, but it's entirely different if our emails never even make it to their inbox.
But still, a few emails being flagged, no biggie?
Well, what if you’re sending a few hundred emails per day, and 20 percent of them are returned? Many agencies have a team sending several thousand emails per day.
So what if, say, 100 are returned as Spam?
Well it depends which email host you’re are using.
The more emails get returned as spam, the more likely it is that the email hosting provider’s IP addresses get blacklisted. If an email host just allowed everyone to send spam emails, they would quickly lose any reputation they had for being a reliable and upstanding provider.
Email providers will suspend your service or even cut you off completely if too many emails come back as spam.
The following is a guide to setting up your email to get the highest chance of it being delivered. We’ll start by taking a look at which DNS records you should have on your domain or DNS provider (if you have SSL from a separate provider, for example), then we'll look into some other issues that could cause your emails to be flagged as spam.
Note: if you are actually sending spam, you probably deserve to be blocked from sending emails, so this guide isn’t for you. However, many marketers who are new to outreach based linkbuilding don’t realise there are certain steps you should take when setting up your domain email in order to get the best chances of delivery.
What is DKIM?
Domain Keys Identified Mail (DKIM) is an email authentication protocol that shows the receiver where the email came from, who sent it, and reputation of the sender. DKIM adds a cryptographic signature to the email’s header in the form of a hash value.
The receiving email server then looks up the public key of the domain that sent the email (the DNS record), and uses this key to simultaneously decrypt the hash value of the email header, and recalculate a new hash value based on the email content.
If the two match, then the server knows the email is in fact from the domain it claims to be from, and that the message hasn’t been modified since it left the sender’s server.
Why should you use a DKIM record?
It’s not compulsory to set up a DKIM record for your domain, but you’ll find fewer of your emails going to spam if you do use it.
Additionally, you can be sure that the content of your emails isn’t being modified whilst in transit from your email server and the recipient.Another reason to use DKIM is to discourage spammers from attempting to forge emails from your domain to make it look like you’re sending them, as they know their emails are likely to be blocked by spam filters if the DKIM isn’t authenticated.
How to set up DKIM
Step one: Generate a public domain key for your domain.
To do this you’ll need to go into your email provider and find the authentication area.
If you’ve already added your domain to your email hosting, choose that domain and click generate.
You’ll get a code that is unique to you, and will be used to validate your emails.
Step two: Update your DNS records
Next you’ll need to go to either your domain host’s DNS settings, or your SSL provider’s DNS settings, and add a TXT record.
Use the code you got in step one as the VALUE of the TXT record, and the name you got as the NAME.
What is SPF?
SPF stops spammers from forging your domain email addresses by authorising specific email hosts to send on behalf of the domain. Like DKIM, Sender Policy Framework (SPF) is used to authenticate that an email that says it was sent by you, was actually sent by you. Unlike DKIM, SPF uses only a simple authorisation of the IP addresses allowed to send emails, rather than a cryptographic model.
If you set up SPF for your domain email in GSuite, for example, when you send an email, the receiving server will see the SPF record in the email header, and check your domain’s DNS for that SPF record. If it finds it, the receiving server knows that the sending server is authorised to send emails on behalf of that domain.
Why should you use an SPF record?
You’ve probably noticed that SPF doesn’t do use any cryptographically secure systems to authenticate your emails. So why does it help?
Well, SPF simply shows the receiving server that the sending server was authorised to send the email. I.e. if you’re using GSuite, the receiving server knows to check your domain to see if Google’s servers are allowed to send emails.
This adds a layer of protection against email spoofing, because if someone sends an email from another server and makes it look like it was sent by you, the DNS records on your domain will tell the receiving server that the email should have been sent from GSuite, and therefore isn’t valid.
How to set up SPF
SPF records are quick and easy to add. Most email sending hosts will have their own SPF records ready to go. GSuite, for example, uses: v=spf1 include:_spf.google.com ~all to authenticate emails from their servers for your domain.
Simply go to your DNS records, and add a TXT record with the VALUE from your email provider, e.g.
v=spf1 include:_spf.google.com ~all for GSuite
v=spf1 include:spf.protection.outlook.com -all for office 365
What is DMARC?
Unlike SPF and DKIM, DMARC isn’t actually an authentication protocol at all, but rather an instruction in your email header to tell the receiving server to check SPF and DKIM on your domains DNS records.
Why should you need to tell the server that? Well, different email systems use different authentication methods, and some don’t automatically check SPF and DKIM. With DMARC, you tell the server specifically to check SPF and DKIM, and what to do with the email if it doesn’t pass.
Why should you use a DMARC record?
From a linkbuilding perspective, showing your receivers that you have DMARC set up (along with SPF and DKIM) is another step to removing possible reasons for the receiving server to reject your email.
Although it doesn’t automatically qualify you as a trusted source, DMARK does help the receiving server identify that your email came from you and therefore is less likely to be spam.
How to set up DMARC
Before you begin setting up DMARC, you should have SPF and DKIM in place already.
You need to go back to your DNS settings page and create a new TXT record.
Many email providers will give you a ready made DMARC record that can be used in combination with their SPF and DKIM.
Testing your email settings and deliverability
Now that you have the essential DNS settings taken care of, your emails are far more likely to be delivered to the inbox of your outreach prospects.
However, before you start any outreach at all, make sure you check that your settings are correct and fully authenticated.
There are several tools that you can use to check your email DNS settings. One of the simplest most user friendly is Mail Tester.
How to use Mail Tester
First - go to https://www.mail-tester.com/ and copy the email address in the box. Keep this tab open.
Then send an email from your normal account to that address.
Now go back to the Mail Tester tab and click the blue button labeled Then Check Your Score.
After a short wait, you'll be redirected to a new page that gives your email a spammyness score from 0-10, with 0 being unlikely to ever see an inbox, and 10 being almost certain to be delivered every time.
Now, the part we're most interested in, at this point, is the authentication.
Click on the third row of the results to see details on whether your SPF, DKIM, and DMARC are set up correctly. You should get something that looks like this (but with the missing information filled in):
If you see all green icons going down the right hand side, you've set up your DNS records perfectly!
If there are yellow icons, or even worse - red! - then you'll have to go back and check your DNS records.
Mail Tester does tell you which authentication types are not working correctly, so at least you'll know what the problem is, rather than having to test each record individually.
Email from outreach management services
There are many services that help linkbuilders optimize the workflow of their outreach. Outreach management systems such as Buzzstream, NinjaOutreach, and YourOutreach are especially popular, and save us hours of precious time.
However, they should be used with due diligence.
From personal experience, I can say that issues can arise that cause your emails to end up in spam folders, and even worse - get you banned from using your email server.
I was working on a large scale linkbuilding project for a client, sending hundreds of outreach emails per day. One day the client got an angry email from their email host, saying they’d received too many emails being returned as spam.
The client thought I was using an automatic mass-sending tool. I wasn’t, I was using Buzzstream.
What I had failed to realise was that when I asked Buzzstream to track the open and click through rates from my outreach emails, it would add a non secured (http) image - a pixel - to my email header, which caused a lot of my outreach emails to be flagged as spam, and sent back to the client’s email host!
It took me quite a while, including many messages to and from Buzzstream’s support to work out what was going on.
So what happened?
The client ended our relationship.
Needless to say, I learnt my lesson. I’m older and more experienced now, and always take care to rigorously test email accounts and content before starting any outreach.
This does nicely lead on to my next point.