Ern Berck Digital

Web design in Chico, California

post email the killer app

Email is hard

by

Email can be hard, but it’s also essential to modern business. So if you don’t fully understand how it works (or don’t care to), you should find a professional who does. And pay them well.

Almost indispensable

If you run a business there are few things worse than a broken email system. And here’s the rub — It’s pretty obvious when you’re not getting any email, but when you’re not getting just some of it, it’s much tougher to diagnose. And fix.

The problem, of course, is that a lot of important email intended for your inbox gets stuck in a spam filter somewhere and you never receive it. Worse, you don’t know that you didn’t receive it.

No email, no leads.

Also, if you’ve got a business website, chances are that its main purpose is to generate leads by asking visitors to submit forms. Your site’s form “processor” then typically sends you an email notification with the form contents.

Unfortunately, most website platforms and hosts are terrible at providing reliable core functionality for sending email. And for good reason — Hosting companies own a limited number of IP addresses that they share with their customers. If those IP addresses get blacklisted for sending spam, all of their hosted clients will suffer. It’s the bad neighbor theory. Consequently, most hosts would prefer you go elsewhere for your email functionality.

Now, I don’t have any reason to believe that Hotmail (now Outlook Mail) is any more or less reliable than any other email service. Most email providers today use pretty sensitive spam intrusion algorithms to detect unusual behavior, and they often err on the side of caution. Which is a good thing. That said, let’s see if we can shed some light on email functionality.

The basics

01. Security

Unless you’re using some sort of email encryption service (a cumbersome process), email transmission (sending and receiving) is not fully secure. No matter the provider. So, if you’re sending or soliciting non-public customer information, you should stop. This includes online forms. Form data may be collected and stored on a secure server, but it is sent via insecure email.

02. Account age

Generally speaking, the older the email account (from any provider), the more places it’s been, the more it’s been harvested, and the more susceptible it is to spam, hacks, theft, and other malicious activity.

I remember when Hotmail was invented 20 years ago, so I still think of it in a “vintage cute” sort of way. Others view Hotmail accounts as kinda spammy, or not very business-like. In any case, if you rely on Hotmail, Yahoo or AOL, it might be time to move on.

03. Custom email

You might also consider a domain-based email address such as gladys@mywebsite.com. These are generally considered more professional than using generic providers (Gmail, Outlook, Comcast, or Yahoo).

In fact, if you plan on doing any serious online marketing with embedded website forms or a customer relationship management (CRM) system, a domain-based email address may be required. You can usually set up addresses for all employees for a modest monthly fee.

Google Workspace

If you don’t already have one, you’ll need a free Google account for web traffic analytics and such. Google also offers some powerful business products under their Google Workspace banner (formerly G Suite), including a custom domain-based email solution. It’s worth taking a look.

Types of email

Email is a seriously complicated beast. Here’s a short introduction to the various types.

01. Personal

Personal email is self-explanatory. It’s what most of us use to send and receive messages when communicating with friends, family, Amazon, and Facebook. Many of us also have “disposable” personal email addresses for less “critical” messaging.

  • Relationship: One to one
  • Direction: Send and receive
  • Protocol: IMAP/SMTP (see below)
  • Providers: AOL, AT&T, Comcast, Gmail, Outlook, Yahoo
  • Business need: Required

02. Business

Similar to personal email, but usually domain-based and for business communication only. Should be kept completely separate from personal email.

  • Relationship: One to one
  • Direction: Send and receive
  • Protocol: IMAP/SMTP
  • Providers: Comcast Business, GoDaddy, Google Workspace, Microsoft 365
  • Business need: Required
  • Other: Should be domain-based (ex: gladys@mywebsite.com)

03. Marketing

Used to send mass permission-based emails (newsletters, sales offers, etc) to a large group of recipients.

  • Relationship: One to many
  • Direction: Send only
  • Protocol: SMTP
  • Providers: AWeber, Constant Contact, ConvertKit, Infusionsoft, Mailchimp
  • Business need: Optional
  • Other: Tightly regulated by the CAN-SPAM Act
  • Other: Domain authentication recommended

04. Transactional

The sending of email that is typically triggered by some sort of marketing or ecommerce “transaction.” Autoresponders, order confirmations, WordPress form notifications, and shipping alerts are all examples of transactional emails.

  • Relationship: One to one
  • Direction: Send only
  • Protocol: SMTP
  • Providers: Gmail (low limits), Mailgun, Postmark, SendGrid
  • Business need: Recommended
  • Other: Domain authentication required

We don’t manage email

Email has a lot of moving parts. At its heart is an immensely complicated system of client applications, servers, protocols, relays, frameworks, vendors, and policies. To manage email properly would be way beyond the scope of our core services. Besides, dedicated and reliable domain-based email can be had for around $5 to $10 per month through services like Google Workspace or Microsoft.

Online forms

As mentioned above, if you have a business website you probably rely on it to generate leads through online forms. Most form plugins (helper applications), including those for WordPress, can handle submitted data in a combination of the following ways, depending on how the form is set up:

  • Store the data in a database
  • Store the data in a custom post type
  • Send the data via email

The first two solutions are pretty robust. The last, and most popular, can be incredibly flaky. Unless you’ve also set up a dedicated transactional email provider to deliver your form data, it will most likely be processed by some minor core email function.

These basic email scripts are primarily intended to handle registration notifications, post notifications, and password resets — All very simple tasks that don’t require authentication or other email-handling horsepower. In short, you don’t want your livelihood to depend on the built-in functionality.

Oddly, even most website developers are unaware of this severe shortcoming. Usually, you can check your database form entries to see if anything’s been submitted that hasn’t been received via email. But first you need to be aware that the capability even exists, and how to access it. Most people aren’t and don’t.

Note: The best solution for reliable form data transmission is to connect your form to a transactional email provider that uses authentication. Even then, it’s a good idea to frequently test your forms, and check your database regularly.

Common terms

What is SMTP?

Simple Mail Transfer Protocol (SMTP) is a protocol for sending email messages between servers. The messages can then be retrieved with an email client (application) using either POP or IMAP (see below).

In addition, SMTP is generally used to send messages from an email client to an email server. This is why you need to specify both the IMAP (or POP) server and the SMTP server, when you configure your email application.

What is IMAP?

Internet Message Access Protocol (IMAP) is a protocol for retrieving email messages. The latest version, IMAP4, is similar to POP3 but supports some additional features. For example, with IMAP4, you can search through your email messages for keywords while the messages are still on your mail server. You can then choose which messages to download to your machine.

What is POP?

Similar to IMAP, the Post Office Protocol (POP) is an Internet standard protocol used by email clients to retrieve email from a server in a network. POP3 is the most recent version in common use. POP has largely been replaced by IMAP.

IMAP vs POP3

Both POP3 and IMAP are protocols used between mail clients and email servers to access messages. These protocols allow people to use programs like Outlook, Thunderbird, Apple Mail and mobile devices to manage their email. The way these protocols work, however, is very different.

POP3 downloads messages off the server to the mail client and can be configured to delete the messages off the server, save them on the server for a specified period of time, or leave them indefinitely.

IMAP, a newer protocol, synchronizes messages and folders between the mail client and the server which can be especially useful working on multiple computers and devices. IMAP also keeps track of message status and conveniently synchronizes messages as read or unread across all connected computers and devices.

While IMAP is generally the preferred protocol, POP3 works just fine for users who only use one machine or for some reason don’t want to keep messages on the server or in a cloud environment and prefer to have their messages permanently stored on their local computers.

Email authentication

Email authentication is a technical solution to proving that an email is not forged. In other words, it provides a way to verify that an email comes from who it claims to be from, and hasn’t been altered in transmission. It is most often used to block harmful or fraudulent uses of email such as phishing and spam. In practice, we use the term “email authentication” to refer to the industry standards that make this verification possible.

The technical details of how these systems work are way beyond the scope of this article. Just remember that they were designed to supplement the transfer of email, because SMTP does not itself include any authentication mechanisms.

The most commonly used email authentication standards are:

Sender Policy Framework (SPF)

SPF is a domain name server (DNS) text (TXT) record that specifies which internet protocol (IP) addresses and mail servers are allowed to send email “from” that particular domain.

It’s sort of like the return address that’s placed on an envelope — It lets the recipient know who sent the letter. The idea is that if they know who sent them the letter, the recipient is more likely to open it. (In this example though, the “recipient” is the receiving mail server, not the actual person being emailed.)

DomainKeys Identified Mail (DKIM)

Sometimes called “email signing,” DKIM is also a TXT record that is added to your domain name’s DNS file. And, if SPF is like a return address on a letter, DKIM is like sending that letter via Certified Mail. A DKIM record guarantees that:

  • The contents of an email message haven’t been tampered with.
  • The headers of the message have not changed (ex: adding in a new “from” address).
  • The sender of the email actually owns the domain that has the DKIM record attached to it.

Unlike SPF however, DKIM uses an encryption algorithm to create a pair of digital keys — a public and a private key — that handles this “trust.” The private key remains on the server it was created on, which is your mail server. The public key is what’s placed in your DNS TXT record.

Domain-based Message Authentication, Reporting and Conformance (DMARC)

DMARC is an email authentication, policy and reporting protocol that’s actually built around both SPF and DKIM. It has three basic purposes:

  • It verifies that a sender’s email messages are protected by both SPF and DKIM.
  • It tells the receiving mail server what to do if neither of those authentication methods passes.
  • It provides a way for the receiving server to report back to the sender about messages that pass and/or fail the DMARC evaluation.

In short, DMARC ties the first two protocols together with a consistent set of policies and reports — Just in case SPF and DKIM fail or are not present.

Caution: DMARC can be tricky to set up and even the experts disagree on the fine points of configuration. To complicate things, not all email service providers support DMARC in predictable ways. In short, we recommend holding off on DMARC until you get a firm grip on SPF and DKIM.

In summary: SPF, DKIM and DMARC are ways to authenticate your mail server and to prove to ISPs, mail services and other receiving mail servers that senders are truly authorized to send email. When properly set up, all three prove that the sender is legitimate, that their identity has not been compromised and that they’re not sending email on behalf of someone else.

This might not be easy

In fact, if you’ve never done this stuff before — or messed around in your domain’s DNS zone file — it can be downright terrifying. And that’s okay, just ease into it.

Using your email service provider’s instructions, first add your SPF and DKIM records. Don’t even mess with DMARC until you fully understand (yeah right) how SPF and DKIM work.

Like I said, email is hard. But it’s also essential to modern business. So if you don’t fully understand how it works (or don’t care to), you should find a professional who can help you with it.

Resources

Revised: Friday January 20, 2023 at 3:06:35 PM PST