The

Email Infrastructure
Guide
Executive Summary
This companion to the SendGrid Deliverability Guide takes a deeper dive into the issues and
challenges around managing a commercial email infrastructure. If your business relies on email
to reach new customers and keep current customers engaged and informed this guide is the
answer. Get tips to avoid costly blunders that could get your IPs blacklisted. Make sure Internet
Service Providers can easily discern legitimate, wanted email from spam, phish emails and
other online fraud. Stay up-to-date on industry terms with a comprehensive glossary for email
infrastructure. Find out what you can do today to transform your email infrastructure from your
biggest headache to a major business asset.

Smtp, Mta & Ips: The Hard Work Of Securing Your

Infrastructure Begins And Ends With These Acronyms
Maintaining an email infrastructure is time-consuming and expensive. SMTP or Simple Mail Transfer Protocol, the
server-to-server process that your mail server or Mail Transfer Agent (MTA) uses to send email across the Internet is
not as simple as it looks. Things can get especially complicated if youre expecting your mail to be delivered to the
inbox. For example, if youre sending high volumes of email from an email server that is incorrectly configured, ISPs
always block first and ask questions later. Its your responsibility as a sender of email to ensure your mail streams are
easy to differentiate from spammers.
A few key things that every mail administrator must consider are:
 re your mail servers secured? Do you have an open relay or proxy? Do you have full control of your email
A
environment?
Is your sending domain able to send and receive mail? Are your MX records valid and correctly set-up?
 o you have postmaster and abuse mailboxes set-up for all your domains? Do you have a process for
D
monitoring them?
 o you know when and if a subscriber complains about your email? Do you have a process for removing
D
complainers from your file?
Do you know the reputation of the IPs you use to send mail? Are your IPs shared or dedicated?
These are challenging questions and finding the answers and then implementing solutions is not easy. SendGrids
hosted, cloud-based email infrastructure manages all of these details so you can focus on your core business.

Managing IPS and IP Ranges

If you think of your email reputation like your credit history, your IP address is like your social security number.
All your activity, good and bad, is linked back to that number and your domain. Building a good sending
reputation, like a good credit history means properly managing your email program over a period of time. Just
like you cant just change your name or social security number to erase a bad credit history, you cant just move
to a new IP address if youve made a mess of your reputation on the one youre using. An IP address with no
sending history is treated almost the same as one with a bad reputation. So, if youve got a poor reputation with
your current set of IPs your best bet is to put in the time and effort to clean up your list and practices and over
time you will see improved results.

To share or not to share

In the world of email, IP addresses can be shared or dedicated. A shared IP address is when your campaigns
and those of other businesses are deployed from the same IP. This is how it works for many small businesses
that use email service providers. The risk of a shared IP is that all your efforts to send good email are
meaningless if there are a couple of bad actors also using that IP. For example, there is no way for you to
know if another business on that IP just sent an email to a rented list. Still, if youve got a simple program that
involves a monthly newsletter or other basic campaigns, a shared IP is usually sufficient.

Email Infrastructure Guide - 7/18/12

sendgrid.com p2

However, if youre sending higher volumes or transactional or triggered emails, then using a shared IP is not a
good idea. A dedicated IP means just that, an IP address for your exclusive use and youre responsible for all
activity good and bad. For most businesses, a dedicated IP is the best option.

Warm it up
Regardless of your reputation, you will at various times need to add or switch IP addresses so you need a
process for warming up IPs. As weve discussed, a new IP with no reputation history is treated the same as
one with a poor reputation so if you just start blasting from a fresh IP youll quickly find yourself blocked and
blacklisted. Youll want to methodically warm up the IP by sending a few messages each day to high-value
segments that wont generate complaints. Gradually increase the volume over a period of days or weeks to
build a reputation for consistent sending with no complaints. Keep in mind warming up only really matters if
youre on a dedicated IP.

Segment, then monitor in real-time

IP reputation drives ISP filtering decisions so one very good practice is to segment your mail streams on
separate IPs by communication type: transactional, marketing, corporate, etc. This way you can protect
your transactional email stream from delivery failures if an issue arises with a marketing campaign. If youve
got several departments or teams sending different types of mail at different times, this practice is highly
recommended. All of these efforts are for naught if you dont have visibility into your IP reputation and cant
monitor it in real-time. You need access to all aspects of your email activity from delivered rates to complaint
reports to authentication protocols to performance data like opens and clicks.

Bounce Handling: Know Your Codes and

CategoriesOr Else
Maintaining a clean list and keeping your bounce rates in check is a key reputation metric and something ISPs look
for when trying to determine which mail streams to block and which to deliver. Every time you send email, youre
going to have a percentage of emails that bounce and how you manage those bounced addresses will have a
direct impact on your program performance.
There are two types of bounces hard and soft. A hard bounce indicates a permanent issue with the email
address (i.e. it doesnt exist). A soft bounce can mean there is a temporary issue like a full mailbox. Hard
bounces should be removed from your file immediately. With soft bounces there is more flexibility, depending
on the type of mail you send and how frequently, you can allow up to seven soft bounces before removing the
address from your file. Generally, we recommend removing the address after the third soft bounce.
Here is an overview of bounce errors with some details around each:

Email Infrastructure Guide - 7/18/12

sendgrid.com p3


Code

Category

Issue

Action

4.4.1. host not responding

Soft bounce

The recipients email host is

not responding, often due
to a temporary issue with
their network

Try resending the email after

24-hours

5.0.0. undefined status

Hard or
Soft bounce

A generic error that could

mean anything from a bad
or inactive mailbox to a
routing issue

You will need to review the full

bounce message to determine the
best course: resend for soft bounce
or remove for a hard bounce

5.1.1 user unknown

Hard bounce

The email address doesnt

exist at the organization or
domain

Remove the address from your file

Hard bounce

The recipients domain is

incorrect or does not exRemove the address from your file or
ist. It could be a typo in the correct any typos in the address.
domain like gmial.com.

5.2.2 mailbox full

Soft bounce

The recipients mailbox is

full so the email could not
be delivered. This could
be because the recipient
is away and not checking
email but this is also a clue
that your subscriber is no
longer using the account.

Make three to seven attempts to

resend the email and then remove
from your file.

5.7.1 delivery not authorized

Soft bounce

The recipients mailbox has

restrictions preventing the
delivery of your email

Try to contact the recipient to have

the restriction removed

5.1.2 no such domain

Why keep a clean list and manage your bounces?

You will need to monitor and review your bounce reports and codes each time you mail and take the appropriate
action. Keeping a clean list will protect your reputation and prevent deliverability failures.

The SendGrid Advantage

Working with a hosted service like SendGrid means you dont have to worry about staying on top of all these bounce
codes. Well automatically remove hard bounces plus you can customize your soft bounce settings.

Email Infrastructure Guide - 7/18/12

sendgrid.com p4

Feedback Loops: Keeping Complaints in Check

A Feedback Loop (FBL), sometimes called a complaint feedback loop, is a process by which ISPs provide email
senders with details on complaints submitted about their campaigns so the sender can immediately remove the
recipient from their list. The process works something like this:
1

An individual receives an email message that they dont recognize, dont want or dont trust

The individual clicks the report spam or mark as junk option provided by their email reader (the exact
functionality varies amongst webmail providers and email software like Outlook or Apple Mail)

The ISP processes the complaint and provides the sender with the details of the complaint and assigns this
complaint to your IP address

The sender removes the address from their email file, treating it like an unsubscribe request

Most major ISPs allow senders to sign-up for FBL services via a simple web form, sign-up links include:

AOL

http://postmaster.aol.com/SupportRequest.php

Comcast

http://feedback.comcast.net/

Cox

http://fbl.cox.net/

Excite (Bluetie)

http://feedback.bluetie.com/

Fastmail

http://fbl.fastmail.fm/

Hotmail/ MSN

https://support.msn.com/eform.aspx?productKey=edfsjmrpp&ct=eformts&scrx=1&st=1&wfxredirect=1

Rackspace

http://fbl.apps.rackspace.com/

RoadRunner

http://feedback.postmaster.rr.com/

Synacor

http://fbl.synacor.com/

Tucows (OpenSRS)

http://fbl.hostedemail.com/

USA.net

http://fbl.usa.net/

Yahoo!

http://feedbackloop.yahoo.net/

A number of other ISPs also host feedback loops but you need to get in touch with their Postmaster to sign-up.

Email Infrastructure Guide - 7/18/12

sendgrid.com p5

Why sign up for feedback loops?

Signing up for and engaging in the feedback loop process is critical for any sender of commercial email. Feedback
loops are the only way to effectively manage your complaint rate by providing you with an opportunity to
immediately remove dissatisfied subscribers from your file thereby preventing future complaints.

Authentication: Identify Yourself.

Its Not HardJust Do It
Authentication is an ID check for your mail streams, it validates for the ISP that the email is actually from you
(and not some spammer impersonating you). Authenticating your mail streams does not ensure your email
will be delivered but it helps ISPs to further differentiate your business from spammers and other illegitimate
senders. As fraudulent phish emails and other deceptive practices endanger consumers and businesses,
authenticating your email is one positive step you can take today to make the [email] world a better place.
There are three accepted methods of authentication: Sender Policy Framework (SPF), SenderID and Domain
Keys Identified Mail (DKIM). The best practice is to implement all three methods, especially if you have highvolume transactional email streams. Heres what you need to do to get started:
Step 1: Get details on the various types of authentication. Implementing all three standards is the best
practice. You can find detailed information on the following websites:
DKIM: http://www.dkim.org/
SenderID: http://www.microsoft.com/senderid
SPF: http://www.openspf.org
Step 2: Take stock of all systems that send your mail. Identify all servers and IPs that send mail for your
company. Next, determine the IP addresses (if youre planning to use SPF or SenderID) and sending
domains used.
Step 3: Create your authentication records. There are excellent online tools available for creating valid SPF
and Sender ID records. The following wizards can assist you:
Sender ID: http://www.microsoft.com/senderid
SPF: http://www.openspf.org/wizard.html
To create your public and private keys for DKIM, you can use one of the following wizards:
http://www.socketlabs.com/services/dkwiz
http://www.port25.com/support/support_dkwz.php

Email Infrastructure Guide - 7/18/12

sendgrid.com p6

Step 4: Publish your authentication records. If you are using SPF, Sender ID or DKIM, work with whoever manages
your DNS records to publish the email authentication records youve collected. The actual publishing is easy -finding the responsible party who controls your DNS may be the tricky part.
Step 5: Setup your mail server to sign outbound email with DKIM. DKIM requires that your MTA have the appropriate
software implementation to sign all outgoing emails. Learn more at: http://www.sendmail.com/sm/wp/dkim/
Step 6: Test your authentication records. SPF, SenderID and DKIM provide options to publish your records in test
mode. This provides the opportunity for testing without risking delivery failures. The following resources can also
help you test your DKIM signed messages: http://testing.dkim.org/

Why authenticate?
Many ISPs will soon begin requiring that all inbound mail streams have published authentication records. Strong
reputation metrics in combination with properly implemented authentication can significantly improve your chances
of reaching the inbox.

Lists White and Black: Places You Want to Be and

Places You Want to Avoid
Whitelists: The Future Is Now
ISPs and other entities maintain whitelists of IP addresses that are confirmed and verified senders of legitimate,
permission-based email. Whitelists represent the next phase of deliverability strategy as it becomes more costeffective for ISPs to simply block all mail that is not part of an accredited whitelist.
There are two types of whitelists:
 roprietary whitelists are those hosted and managed directly by ISPs such as Verizon, Yahoo! and United
P
Online.
 ommercial whitelists are run and managed by private companies. Return Paths Accreditation Program is
C
the most reputable and widely used.
So, what are the benefits of being whitelisted? Its pretty straightforward: automatic delivery to the inbox.
Your mail stream bypasses spam filters and all the other barriers. Why isnt everyone on a whitelist? The
answer is simple: its really, really hard to get on a whitelist and can often be extremely costly. Whitelists
are reserved for the very best senders who consistently and over an extended period have maintained
an exceptional reputation. Once you have been accepted to a whitelist program you must be vigilant
because if your let your standards slip, hit a few spam traps or get blacklisted your IPs will be suspended
or removed.

Email Infrastructure Guide - 7/18/12

sendgrid.com p7

Want to be whitelisted?
Gaining acceptance to a whitelist is a great medium-term goal for any business that relies on email
communications. The first step is to focus on building a world-class email program dedicated to best practices.
This will get you the reputation you need to gain acceptance and ensure you have the resources and expertise to
stay on the list.

Blacklists: Avoid, Avoid, Avoid

Blacklists publish IP addresses that are known to or believed to send spam. Blacklists or RBLs (real-time
block lists) are very easy for networks to query automatically so enterprises and ISPs check a variety of
public lists as part of their anti-spam efforts.
Being blacklisted doesnt automatically mean your mail will be blocked. Today, ISPs primarily rely on
reputation metrics in filtering decisions and blacklists are just one factor. However, having your IPs on a
blacklist doesnt help your case so its best to avoid it. The good news is that if youre running a legitimate
email program based on best practices, its fairly easy to avoid blacklists.
How does an IP end up on a blacklist? Here is a list of some really fast ways to end up on a blacklist:
1. Buy or rent a list and then start blasting emails. Permission cannot be bartered or sold. When you
acquire a list from a third party your business takes on responsibility for the opt-in status of the recipients.
The safest bet is to never, ever mail to third party lists.
2. Mail to a spam trap (sometimes referred to as a honey pot). A sure way for this to happen is if you
buy or rent lists (see #1) or if you have poor list hygiene practices and dont promptly remove hard bounces
from your file.
3. Have poor permission standards or mailing practices. You need permission to send email and the
standards are clear. If youre mailing to people who havent opted-in or dont follow best practices like
sending a welcome message or confirming the opt-in you increase the chances of generating a complaint
and ending up on a blacklist.
By the way, being blacklisted can make you ineligible for ISP and commercial whitelists.
Okay, so the worst has happened, youve ended up on a blacklist. Now what? Unfortunately there is no
easy or straightforward method for getting your IPs removed but here are some recommendations:
1. Investigate. Go through your logs to find out which mail streams or messages were rejected due to the
appearance on the blacklist.
2. Document. Youll need records of all the bounce or error messages indicating that your mail was rejected
due to an appearance on a specific blacklist.
3. Verify. Gather opt-in details for those subscribers so you have confirmation that your lists are permissionbased.

Email Infrastructure Guide - 7/18/12

sendgrid.com p8

4. Contact. Get in touch with the blacklist host and request removal based on the documentation and/or
your investigation.
It can take some time to get your IPs removed and it will be frustrating but remember that threatening legal
action and other aggressive tactics will probably only make the situation worse.

The SendGrid Advantage

One of the best reasons to go with a hosted solution like SendGrid is that weve got a dedicated team of experts
who handle ISP relations. So, if for some reason you end up blacklisted (though its a lot less likely if were
managing your dedicated IP) we can facilitate removal plus make sure the ISPs know whats going on.

Glossary of Email Technology:

Lets Define the Terms
Complaint: When an email recipient identifies an email message as spam or junk by clicking the report
spam or mark as junk button within their email reader. A senders complaint rate is calculated by
dividing the total number of emails received [by the ISP] by the number of complaints reported by that
ISPs customers.
Blacklist: A list of IP addresses that are known to send unsolicited and/or unwanted emails. ISPs and
enterprises use blacklists to identify and filter illegitimate mail streams.
Bounce: A message that is returned to the server that sent it. Bounced emails are classified as either
hard or soft. A hard bounce indicates a permanent failure due to a non-existent address or a blocking
condition by the receiver. A soft bounce means there has been a temporary failure due to a full mailbox or
unavailable server.
Bulk Mail Folder: Also called spam or junk folder, the folder where questionable email is routed.
Dedicated IP Address: An IP address or IP range that is dedicated to a specific domain and organization.
Domain: A named Internet address that resolves to the numbered Internet Protocol (IP) addresses
computers use to connect.
DomainKeys Identified Mail (DKIM): An email authentication method developed by Yahoo! that checks
an encrypted key embedded in each email sent against a list of public records to positively confirm the
identity of the sender.

Email Infrastructure Guide - 7/18/12

sendgrid.com p9

Domain Name System (DNS): DNS translates a domain name into an IP address to find the owners site.
Email Authentication: Technical standards to help ISPs and other receivers validate the identity of
an email sender. There are three authentication standards in use: Sender Policy Framework (SPF)
developed by AOL, SenderID developed by Microsoft and DomainKeys Identified Mail (DKIM) developed
by Yahoo!
Feedback Loop: The process by which an ISP forwards emails reported as spam (see complaint) for
immediate removal by the sender.
Header: The documentation that accompanies the body of an email message, the header contains
information on the email and the route it has taken across the Internet. Email readers display the to
(identity of the recipient) and from (identity of the sender) in the inbox.
IP Address: A unique number assigned to each device connected to the Internet. An IP address can
be dynamic, meaning it changes each time an email message is deployed, or it can be static meaning it
does not change. A static IP address is recommended for senders of commercial email.
MTA (Mail Transfer Agent): Software that transfers electronic mail messages from one computer to
another using a clientserver application architecture. An MTA implements both the client (sending) and
server (receiving) portions of the SMTP (Simple Mail Transfer Protocol).
MX Record: A Mail Exchanger (MX) record in the DNS system specifies a mail server responsible for
accepting email addresses on behalf of a domain. The MX records associated with a domain assure
that the email is properly routed via Simple Mail Transfer Protocol (SMTP).
Open Relay: An SMTP server configured in such a way that it allows anyone on the Internet to send
email through it, not just mail destined for or originating from known users. This is not a recommended
configuration because it can be exploited by spammers and servers with open relays are routinely
blocked and/or blacklisted.
Phishing: Technique for acquiring information such as user names, passwords, credit cards, social
security numbers and other personal data by masquerading as a trusted business like a bank or credit
card company. With phish messages, the email appears to be sent by the trusted entity and the
consumer is tricked into providing their personal information.
Reverse DNS: The resolution of an IP address to a designated domain name. The reverse of the process
where computer networks use DNS to determine the IP address associated with a domain name.

Email Infrastructure Guide - 7/18/12

sendgrid.com p10

SenderID: An email authentication standard developed by Microsoft that compares the email senders
From address to the IP address to verify that it is authorized to send email from that domain.
Shared IP Address: In the context of deploying email, this means that a single IP address or IP
range is used to send email for multiple domains. The reputation of this IP is based on the aggregate
performance of all the senders that use it.
SPF (Sender Policy Framework): An email authentication standard developed by AOL that compares
the email senders actual IP address to a list of IP addresses authorized to send mail from that domain.
The IP list is published in the domains DNS record.
SMTP: Simple Mail Transfer Protocol, the server-to-server process used to send email across the Internet.
Spam Filter: Software filters that block email on a range of attributes from words or phases within the email
to header information and other factors. The goal is to identify spam before it is delivered to the inbox.
Spam Trap: Also called a honeypot, email addresses are created (or re-activated) by ISPs specifically
to lure spammers. In many cases, the only way to acquire the address is through an automated email
address harvesting process.
Spoofing: Technique where forged email addresses are used to trick recipients into opening an email
because the source has been hidden. This deceptive tactic is used to spread viruses and other malicious
programs.
Suppression List: A list of email addresses kept by an organization that cannot be mailed because the
recipients have request removal either by unsubscribing or by logging a complaint.
Unknown User: A hard bounce error indicating the email address (user) does not exist at the
organization or domain.
Whitelist: A list of trusted IP addresses and domains for which all mail is delivered, bypassing spam filters.
WHOIS Record: A record of domain registration whereby you can discover when and by whom a
domain was registered along with contact information and expiry dates.

Email Infrastructure Guide - 7/18/12

sendgrid.com p11