Deep Dive – What is “spam” and how can you improve the deliverability of your emails?

30 Jul 2022, by Slade Baylis

When it comes to a term like “spam” you’d be forgiven for thinking that it’s a four letter abbreviation for some obscure technical term, something like “Spontaneous Promotional and Advertisement Messages” – however, surprisingly the history of the term actually has more to do with the sense of humour of early internet folk than anything technical, as it’s actually a reference to a Monty Python skit.

However, receiving spam, or having your own sent emails being falsely blocked as spam, is no joke.  Nowadays, spam doesn’t just encompass unwanted marketing emails, it also includes much more sinister emails containing malware and viruses.  And having your own emails be caught up in a spam filter can be a large problem too - as timing is key when it comes to making a sale or solving issues for your clients in a reasonable timeframe. 

Not only that, but if the receiver’s email server isn’t configured to send out “bounce” messages to let you know that your email was rejected, it could be days before you realise that the email you sent actually never arrived.  It could be that you only find out when the person you emailed contacts you to say they haven’t received it, making you seem unresponsive and unprofessional.  It’s for these reasons, that for most businesses, email deliverability and spam protection is one of the most important aspects of their online presence – after all, it’s how most people communicate with their clients.

That’s why we’ve put together this article explaining what spam is, how you can avoid it, as well as what you can do to help improve the deliverability of your emails to stop them from being falsely caught up in spam filters.

What is spam (and why is it called that)?

As previously mentioned, the term “spam” isn’t an abbreviation of some technical description of unwanted email communication - the actual technical term for this is Unsolicited Commercial Email (or UCE).  The term “spam” is actually a reference to a Monty Python skit called “Spam” in which every menu item at a small café has the canned luncheon meat spam included (some with extra helpings of spam!).

The term was first used in 1994 on an old internet communication platform called USENET.  At the time, programs were created to automate the process of sending promotional messages to every board on the platform.  The users of the system (who were clearly fans of Monty Python) starting using the term “spam”  -  as they received the promotional messages whether they wanted to or not!

However, as light-hearted as the situation was that spawned the term, spam has long since been known as something much more sinister.  From emails containing malware and viruses, social engineering emails trying to gain confidential information from staff, to fraudulent emails trying to scam vulnerable people, spam is actually much darker than the name would suggest.  This is why over time, many different ways have been developed to try and prevent spam from being sent and received.

Inbound Spam Protection & Filtering

When it comes to incoming email, the main method of stopping spam from getting to its destination has been through the use of spam filtering services.  These services effectively keep a list of common patterns that they look out for that either increase or decrease the likelihood that any email in particular is spam.  They then use that information to decide whether they should either accept or reject emails from being delivered. 

For example, one more obvious pattern that could be detected as a warning sign by one of these services could be having an email that is all capital letters.  Whilst it could be that a completely legitimate email contained all caps, either due to a mistakenly pressed Caps Lock key (OR SOMEONE TRYING HARD TO GET THEIR ANGER ACROSS!), this will likely get flagged by any spam filtering service as a red flag.  Many more unsophisticated spam emails use this tactic to try and grab the attention of people that receive their emails.

This is just one example though - there are many different patterns that such services look out for – and with each of these services, different “weights” are given to each pattern based on how suspicious it is.  If your email has too many warning signs, it’s rejected and usually a bounce-back is sent to the originator to let them know.  These bounce-backs are sent just in case the sender of the email is actually sending a legitimate email, so that they can know both that the email didn’t arrive and that something in their email is running afoul of the spam filtering rules.

As you have probably inferred from the information above, as spam filtering services are continuously trying to analyse emails and see if they “look like” spam, and spam is constantly changing to try and evade spam filters, this process is a constant game of cat and mouse.  Not only does this constantly-moving goal post make the job of the developers of these email filtering rules harder, but unfortunately, it also affects everyone who uses email on the internet. 

With these constantly shifting rules, an email that sent completely fine yesterday can all of a sudden run afoul of new spam rules that are implemented.  Most bounce-back messages won’t provide much insight as to which rule the email ran afoul of either, as providing that information to spammers would give them the exact information they need to avoid the filter next time, defeating the point of having filters in the first place.

However, even with the constant shift in spam filtering rules, there are ways to help mitigate the risks of having your emails marked as spam – these mostly come down to the use of email authentication protocols.

Improving email deliverability through domain based authentication

Much like how spam filtering was developed to solve the problem of unwanted emails being sent en masse – separate protocols were developed to help legitimate email senders improve their email deliverability and avoid mistakenly having their emails marked as spam.

It’s not widely known outside of email server administrators, but with emails, it’s possible to send emails made to look like they were sent from another address entirely – this is known as “email spoofing”.  What this means is that it’s possible for nefarious third-parties to send an email and make it look like it came from your businesses’ domain, adding credibility to whatever malicious emails they send out to the internet or even to your customers specifically.  As you can imagine, this is quite a big flaw in the email protocol, which is why additional protocols were developed to help put a stop to it. 

SPF Records

One of the simpler and more easily implementable forms of email authentication are SPF (Sender-Policy Framework) records.  An SPF record is just a simple DNS record created on your domain that sets the policy for any emails claiming to be from your domain.  At the most basic level, it simply lists the IP addresses of any servers that are allowed to send emails for your domain. 

This record is checked by any servers that receive your email to make sure the sender’s email server was allowed to send emails on your behalf.  Not only does this stop any unauthorised senders from being able to spoof your address, it also has become a sign that your email is more legitimate and will help improve your email deliverability.  It’s not uncommon for a missing SPF to be the cause of emails not arriving at their destination, as it’s almost become a requirement for any reputable business email server.

DKIM Records

SPF wasn’t the only protocol developed to help solve this type of problem though.  Others were also developed, which when used in tandem, can greatly reduce the likelihood of email systems mistakenly rejecting your emails as spam.  DKIMs or DomainKeys Identified Mail is the second most common, with its main objective being to help ensure that content of any email hasn’t been changed between a sender and its eventual recipient.

In a similar way to the SPF record mentioned above, a “public key” is added as a DNS record on your domain name. Unlike SPF records though, this public key isn’t used to show that the server is authorised to send email, instead it’s used to verify that the information in an email hasn’t be tampered with. Without trying to get too down in the weeds, the information within the email is used to create a unique code using cryptography and a secret “private key”.  That unique code is then sent along with the message to the recipient. When an email is received from your domain, the receiver’s server looks up the public key for your domain within your domain’s DNS, which it is able to use to verify that the unique code was generated using the valid matching private key.

This achieves two objectives, it proves that the sender’s server did in fact have the correct private key, which only the owner of the domain could have provided, as well as proves that the content within the email hasn’t been tampered with in transit.

DMARC Records

With the previous two protocols, they are able to be used to either help receivers determine that content is from authorised sources or ensure it hasn’t been modified in transit. However, neither protocol includes information about what should be done if an email is found to be in violation of one of those rules.  This is where DMARC (Domain-based Message Authentication, Reporting, and Conformance) comes in.

Just like the previous two protocols, DMARC uses information added to a domain's DNS to provide information to email servers that receive emails from that domain.  However, the main purpose of a DMARC record is to control what happens if a message fails either the SPF or DKIM tests.  For example, should the messages be outright rejected, quarantined, or let through?  When an email is received claiming to be from your domain, the recipient’s main server checks to see if there is a DMARC record and uses that information to determine the next action to take.

In addition to determining how email should be handled, it’s also used for reporting.  Once an action has been taken on an email, the receiver’s mail server will send a report on the outcome of the message through to an email address specified in the domain’s DMARC record – that report is called DMARC Aggregate Report.  Through these reports, organisations are able to gain visibility over who is trying to use your domain to send emails across the internet, either legitimately or through spoofing – this information would otherwise be impossible to know without these reports.

Whilst incoming filtering helps stop spam emails from being received, and these email authentication methods help legitimate emails being received, there is one area that still needs to be mentioned – that of stopping spam emails from being sent in the first place.

Outbound Spam Protection & Filtering

It should sound fairly obvious that the best way to stop spam is to prevent it being sent in the first place, but outbound email filtering has only really become the standard over the last few years.  Previously, web hosting offerings would provide email services along with their website hosting plans with little in the way to stop malicious emails being sent.  At most, providers would monitor meta information about the outbound emails and take action if it was obvious that large quantities of malicious emails were being sent.  However, it’s now become the norm for services that offer mail servers and email hosting to also filter their outgoing email, just as they have been filtering incoming email.

The benefits of this are great, but to explain why, we’ll have to take a quick detour and go over email IP reputation.  Within the world of email, it’s become the standard for mail servers the globe over to utilise email IP reputation services called RBLs (Realtime Blackhole Lists), which allow these servers to check the reputation of the server they’ve received an email from.  These lists use many methods to try to detect if certain servers are sending malicious emails, and then allow mail servers to use that information to block emails from those servers from being received.  Being able to reject emails from servers that are either known-spammer services, or legitimate mail servers that have been compromised to send spam, makes it much easier to stop spam from being received.

However, there is one large problem with this approach, in that for mail services that are used by many different clients, a few bad actors can affect the reputation of the mail servers and affect the email deliverability of other clients.  This is why it’s become the norm to also filter outbound emails - as this way the reputation of the mail servers can be preserved and protected, ensuring legitimate emails are always able to be sent.

In fact, whilst our premium email hosting solution, Hosted Exchange, has had this protection in place since its inception, we’ve also recently added it to our Cloud Web Hosting fleet to help improve email deliverability across the board.

Summary – A multi-levelled approach to preventing spam whilst ensuring email deliverability

As is usually the case with any complex issue, the methods used to try and prevent spam from being received and sent whilst also reducing the likelihood of false positives, are many and quite varied.  By using multiple different approaches in tandem, you can quite easily achieve all three.

Through inbound filtering to reduce the probability of receiving spam emails, using multiple email authentication methods to increase email deliverability, and using outbound filtering to make the world of email just that little bit “cleaner”, each approach has its own unique benefit that every business should look at implementing.

Looking to host your emails with Micron21?

Are you looking to host your emails with Micron21?  We have multiple different options, depending on the size of your business and how you prefer to access your emails.  We use a combination of anti-spam and anti-malware tools, the pinnacle of which is our Cisco IronPort platform – bonus being these tools can also be used in combination with any of our cloud services.

Reach out to us on 1300 769 972 (Option #1) or via email at sales@micron21.com to have a discussion about your unique requirements – we’ll be able to help you choose the right approach for your business.

See it for yourself.

Australia’s first Tier IV Data Centre
in Melbourne!

Speak to our Australian based team.

24 hours a day, 7 days a week
1300 769 972

Sign up for the Micron21 Newsletter