Following up on our recent introduction of Deduplication Options for Email v2, we wanted to go behind the scenes to explain how our email delivery system is being further optimized. Enterprise level email delivery is much harder than it may appear. Like many things with an internet based product, we have to spend a lot of time guarding against the 1% of bad people in the world that want to do nefarious things. Your email recipients have built walls around their email systems to identify spam, phishing scams, email imposters and a host of other threats to their personal or corporate email systems. This presents challenges for the 99% of us that are using email for legitimate purposes. Lucky for society, smart people that want to do good outnumber the bad actors out there and have created standards we leverage to help recipient emails traverse these defenses.
Email Authentication
Email authentication is a set of technical standards used to help legitimate email navigate the defenses of receiving mail servers so that email reaches the intended recipient. The three standards are SPF, DKIM and DMARC and all three are implemented and maintained by RunSignup on our customer’s behalf. Let’s break down this alphabet soup of standards at a simplistic level:
SPF (Sender Policy Framework) – A sending domain (like ticketsignup.io) can add records to its DNS settings that identify the servers that send outgoing email. This way the receiving system can check to see if the mail they think they received from a domain is actually coming from a server that domain has designated.
DKIM (Domain Keys Identified Mail) – This standard uses a cryptographic key pair to attach a digital signature to every email. This public/private key set can then be used on the receiving email server to validate that an email is authentic.
Easy, Right! Well… not so fast. These two standards work together and it all seems to make sense that this would solve the issues of getting legitimate email to its destination. But there are many factors that make it more complex.
First of all, many of these protocols required both the sending and receiving servers to be configured correctly. And receiving mail servers have additional algorithms they add to the decision process that impact if your inbound email gets routed to your inbox, a spam folder, other folders, or outright rejection (“bounced” email).
Email clients also may have rules that filter out messages, as we saw during the implementation of our Email Deduplication feature.
Furthermore, email from a sophisticated software service like TicketSignup is coming from multiple servers from multiple domains (runsignup.com, givesignup.org, ticketsignup.io). For each of our domains, we have email coming from:
- Email Marketing (the cool email you design using our free email system)
- Notifications (such as a ticket confirmation email)
- Corporate email from employees of TicketSignup
- Email from our Support System
- Email from our Marketing Systems – like our Newsletters
- and more…
Each of those systems, for each of our domains, need to be configured properly. So how do we at TicketSignup know that our configuration is working correctly? Enter the last standard, DMARC.
DMARC (Domain-Based Message Authentication, Reporting & Conformance) – This is an additional standard that includes two main features. The first is a policy that tells the receiving email server what to do if an email fails authentication. The choices are:
- Do Nothing, deliver it anyway.
- Quarantine, which usually results in putting the message into a spam or junk folder
- Reject, or bounce the message
The second feature is a reporting mechanism that TicketSignup can use to tune our configuration. This is how we find out how our configuration is working. By analyzing the reports we can recognize trends that might drive a change to our configuration, maybe to combat a new threat or accommodate a server change.
Tuning and Adjusting Never End
Most organizations go through an initial phase of monitoring DMARC reports and tuning configurations before enforcing a reject policy. While that phase is complete, DMARC is never “set and forget.”
Ongoing monitoring remains essential, as even small changes to email infrastructure or authentication can impact deliverability. Enterprise email delivery requires continuous oversight and deep expertise. By managing this complexity for you, we ensure consistently high deliverability and the lowest possible email failure rates.