At Maropost, we are known for our high deliverability rate.
The secret for this high inboxing rate is a group of incredible deliverability experts working tirelessly with clients to make sure every email lands in the inbox. Recently, Maropost’s deliverability team faced a new challenge – coming from Microsoft.
Read on to see how this challenge was conquered.
All of the sudden, emails that previously inboxed without a problem started getting flagged as phishing emails. We noticed that these emails started landing in junk folders only for Microsoft domains such as Hotmail, Outlook, MSN & Live and Office 365. As a result, the client’s deliverability rate dramatically dropped.
Typically, phishing alerts are caused by one or two reasons: a failed email authentication (i.e SPF and/or DKIM not passing) or flagged bad link(s) that have been listed by a prominent blacklist for a spamming behavior.
However, upon investigation, our clients showed low spam complaint rate and high level of subscriber engagement. Even their SPF and DKIM were passing fine, and yet the emails were getting labeled as spam and landing in junk folders.
We implemented DMARC (Domain-based Message Authentication, Reporting & Conformance – an email authentication, policy, and reporting protocol) on the affected domains with a monitor policy (p=none) for all emails and within 48-72 hours we started seeing a massive improvement. Firstly, all the phishing alerts disappeared and secondly, 100% emails were getting inboxed. That’s a big deal for both our clients and their customers.
In retrospect, Microsoft spam filters must have noticed fraudulent activity along with significant unauthenticated email traffic coming from specific domains. This possibly hurt the domain’s reputation; however, adding DMARC removed the guesswork for ISPs on how to handle messages that failed authentication.
In the past, SPF & DKIM authentication was enough to protect domains, but that is no longer the case – domains must have DMARC authentication to have full protection from getting spoofed and used to send phishing emails. We were able to step in, implement new authentication policies and prevent clients from hurting their domain reputation.