As an Emarsys client, you will benefit from the highest standards in email marketing: state-of-the-art infrastructure, the fastest available mail servers and reliable applications. We also set the standard for security in email marketing and have achieved the highest level of security accreditation: the ISO 27001 certification.

Our Deliverability team ensures optimal results for all our clients by actively managing thousands of IP addresses, all grouped for optimal performance and deliverability.

Our Deliverability policy is a unified list of requirements that help you meet the following two criteria:

  1. ISP Policies and Best Practices – required for content to get to the inboxes of the various ISPs around the world.
  2. Legal Requirements – which ensure that you do not risk litigation when sending content to recipients.

In short, we take care of almost every aspect of email marketing which can facilitate your success.

However, there are aspects that will always require additional cooperation and action from you. To make it easy for you to be compliant, we have prepared these guidelines that must be followed in order to send via our infrastructure and applications. They also include best practices, which help you to achieve perfect deliverability results, right from the start.

Note: Our excellent sending reputation is a result of all our clients satisfying our high quality standards. It is therefore vital that every single account complies with these guidelines in order for everyone to benefit.

Contents
  1. Permission to Send / User Registration
  2. List Hygiene
  3. Sender Authentication – Domain Configurations
  4. Content Requirements

1. Permission to Send / User Registration

Registration Compliance

The single, most important requirement is that you only send to recipients who have given you their prior, explicit and verifiable permission to send that specific type of material (i.e. opted in).

The only exception to this rule (applicable in a very small number of countries) is if there is a pre-existing business relationship between sender and recipient, for example a previous purchase, in which case an opt-in is not required for very specific content types. In this case, content or promotions can be sent as long as the content is similar to the previous purchase. However, not all countries accept these kinds of relationships as valid reasons not to have an opt-in, which can translate to risks to your brand and reputation.

Important: ‘Similar’ is open to interpretation, which can cause unintended issues, so so our recommendation is that the term is treated as ‘virtually identical, used in the same way and for the same purpose’. We strongly recommend that you only send to contacts who have opted in, even if there is a pre-existing business relationship. Sending content that is not related to similar products purchased is not compliant with our sending policy, and in many cases is a breach of local legislation. This may result in your messages being blocked due to recipient complaints, and may even result in litigation by the recipient.

Opt-in at Emarsys

The Emarsys basic requirement is the ‘confirmed opt-in’, where a confirmation email is sent to the registering contact with a highly visible and easy-to-use unsubscribe option. For optimal list hygiene, we strongly recommend adopting our gold standard of using a Double opt-in (DOI), where the recipient is sent an email with an opt-in confirmation link to make sure they are serious about receiving your content.

Opt-in Types

Type Definition
Single opt-in No confirmation is sent, an email address is added to your contacts DB without any interaction or verification with the client. Important: This is insufficient for Emarsys clients.
Confirmed opt-in (COI) A confirmation email is sent to the recipient with an unsubscribe link. Content can start to be sent as soon as the initial request is received.
Double opt-in (DOI) An opt-in request confirmation email is sent to the recipient asking them to confirm the opt-in. Content cannot be sent to the recipient until their reply, with the opt-in confirmation, is received.

Registration Forms

In order for your contacts to opt in they generally use a registration form, and it is important to capture the appropriate information to prevent any erroneous registrations. To do this, the form needs to:

  • Set the right expectations at the point of contact registration.
  • Give full disclosure on what types of content will be sent, and at what frequency.
  • Clearly state if registration data will be shared with partner companies.

When creating the registration form keep in mind there are two types of forms that can be used: simple registration form and combined registration form. The difference between the two form types is:

  • The number of mandatory fields required.
  • The number of marketing channels that can be signed up to using the form.

There is no limit to the number of optional fields that can be included on either type of form, as long as the mandatory requirements have been met.

Simple Registration Forms

A plain newsletter or promotional offer registration consists, in the simplest form, of a mandatory form field for the email address and a button to submit the registration request.

The only prerequisite is that the registration requires a conscious and explicit action by the person wishing to subscribe, i.e. clicking the Subscribe button. The recipient’s email address is the only required field, and any additional fields for personal data can be included as long as they are optional only.

Even though it is not required, we strongly recommend including information about the privacy policy (including a link), and stating that recipients can unsubscribe from the content at any time. Simple registration forms are usually used to sign up to newsletter subscriptions.

The following is an excellent example of a simple registration form:

deliv-simple-registration-form

The form includes:

  • A clear title.
  • What the purpose of the form is.
  • The mandatory email address field.
  • A clear Subscribe button.
  • A description of what is being signed up to, including:
    • How the data will be handled.
    • That they can unsubscribe at any time.
  • Additional sales pitch Newsletter Benefits.

Combined Registration Forms

If a form lets the contact sign up to more than just a newsletter, then it is a combined registration form. The main aim of such forms is to offer multiple content types and channels, as well as additional services such as account creation.

For example:

  • A contact signs up to a new account for an online shop, and is given the option to subscribe to newsletters or SMS notifications as part of the account registration process.
  • At a shopping basket checkout, a buyer can sign up to newsletters or SMS notifications as part of the checkout process.

Such combined registration forms have the following requirements in addition to the mandatory email address field:

  • The channels must be clearly separated, with each one having a separate checkbox to use for opt-in purposes.
  • Registering for one type of content is independent to the other. For example, a shopping basket checkout that gives the option of signing up to both a newsletter subscription and SMS marketing at the same time must have two separate checkboxes. Each checkbox should be optional, i.e. they are not required for the form to submit.
  • Each opt-in checkbox must be de-selected by default, i.e. the person has to expressly click to opt in to each content type.
  • An explicit statement that the recipient can unsubscribe from the newsletter content at any time. An alternative to this is to include a mandatory checkbox that states the recipient has read and opts in to the linked privacy policy (as long as it contains the same unsubscribe information), i.e. that they can unsubscribe at any time.

A registration form is usually the start of the opt-in process.

Privacy Policy

As outlined in our own Anti-Spam Policy, to comply with current legal requirements your website must have a privacy policy. The privacy policy also relates closely to the opt-in, as it gives the recipients information as to who the organization is that sends the mail, and what they will do with the data that is entered (i.e. the personal information).

The privacy policy must:

  • Be clearly visible and displayed to the registering person, usually via a link. You can optionally include a checkbox in combined registration forms that the user must check to confirm that they have read and accepted before granting permission to send (opt-in).

    Note: This checkbox must be separate from the opt-in checkbox and must not be pre-checked.

  • Contain information on the services provided and types of emails to be sent following the registration.

    Important: Emarsys does not allow the sending of 3rd-party emails.

  • Provide clear information on how you collect and use data, as well as how you disclose, transfer and store subscriber information.
  • Clearly outline the unsubscribe process i.e. an easy-to-use unsubscribe link must be available in every email, and explain the steps that will be taken as part of an unsubscribe request.
  • Include a physical and summonable company address for your business.
  • Include your company’s telephone number and a contact email address.

The privacy policy can be included in the Terms of Service or Terms & Conditions, as long as it is clearly titled as the Privacy Policy. Every page on your website should have a link to this information, ideally in the footer of your email template and website as a global link.

Registration Data Requirement Summary

All of the following must be available for each recipient in case of complaints or legal issues arising, as they help prove the legality of the permission to send (i.e. when recipients complain and you need to prove they really did request the content):

  • The IP from which the client registration originated.
  • The date and time of registration.
  • A copy of the Privacy Policy as shown at the point of registration.
  • A copy of the registration page as shown at the point of registration.
  • In the case of pre-existing customer relationships, the following is also required:
    • The date and time of the last purchase.
    • What items were purchased.
    • All shipping information (e.g. database logs, confirmation of receipt, etc.).
  • And any additional registration data (e.g. personal data) that can help prove the legality of registration.

2. List Hygiene

List Hygiene is how you keep your contact lists free from any potentially harmful contacts by removing those who are not happy to receive your emails. This means cleaning your contact database regularly and quickly addressing any deliverability issues that arise including hard bounces, soft bounces, unsubscribe requests, etc. If a contact loses interest and opts out, but still receives content, then a complaint from them becomes a very real risk.

ISPs are highly likely to block senders that receive high numbers of complaints, or continuously send to non-existent email addresses. Emarsys will take care of managing your list hygiene automatically, but for our other products you will need to maintain list hygiene yourself.

A process has to be set up which automatically runs on a daily basis (i.e. every 24 hrs.) and cleans the database by removing the addresses of recipients who should no longer receive content. This data is comprised of addresses that have been flagged as any of the following response types:

  • Complaint
  • Hard bounce
  • Unsubscribe request

Soft bounces do not have an immediate impact on your deliverability; however, we recommend removing the corresponding addresses after 2-4 bounces.

3. Sender Authentication – Domain Configurations

Sender Authentication is a collection of technologies and standards that confirm to an ISP that the stated sender of email content is genuine and whom they claim to be.

Emarsys meets all industry standard requirements regarding sender authentication and domain configuration as outlined by the various ISPs across the globe. Different ISPs favor different mechanisms, or combinations of mechanisms, and as such we require our clients to meet all these requirements.

Type Required for
SPF Domain/IP authentication on the Returnpath / Envelope-From.
MX Required to receive email. Required by rfc2142 and necessary to be able to register for the Yahoo! Feedback Loop.
DKIM Private/public key pair authentication.
DMARC Authentication conformance and reporting.

As such, all our client domains are configured with valid records for:

  • SPF – configured for the return path/envelope by Emarsys.
  • MX – a valid MX record is required in order to receive reply mails and/or complaints. In addition, a postmaster@ and abuse@ address for every sender domain have to be available as these addresses are necessary for receiving confirmation emails from Yahoo! to ensure Y! Feedback Loop compliance.
  • DKIM – configured in the DNS of the client domains and our MTAs.
  • DMARC – The “p” switch must be set to “reject”, as this allows senders to bypass certain spam filters at major ISPs.

In addition to the sender authentication requirements, a valid CNAME that points to the respective environment and application is required for all trackable link domain(s). Information regarding CNAME is provided during the account setup process.

4. Content Requirements

The email content itself is a very important defining factor for your deliverability rates, and therefore the success of your campaigns. The following section contains basic content requirements and content-level unsubscribe requirements that make sure you can avoid any legal issues that would arise from non-compliance.

Even if you are an existing customer, please take a moment to see how many of the following practices you currently follow. These are the easiest ways for you to ensure stable deliverability, and have been divided into general engagement requirements, content unsubscribe requirements and campaign-specific recommendations.

General Engagement Requirements

There are some important factors to keep in mind when looking at how well your recipient engagement is performing:

  • Only organically grown data can guarantee stable delivery. Data sharing or acquisition is not allowed, and has serious implications for your sender reputation, performance, etc.!
  • Your sending strategy should focus on the activity of recipients (this doesn’t necessarily mean less volume).
  • Reactivation emails should not comprise more than 5% of total volume at any time.
  • Do not send to contacts that have not received a message in the past 12 months, as the addresses may have been turned into spam-traps in the meantime.

A passive expression of lack of interest should be honored in the same way as an active opt-out. So if a recipient has ignored you for six months, or their address keeps causing soft-bounces, take the hint and unsubscribe them.

Unsubscribe Content Requirements

With regards to the content of an email, there are a number of legal and policy requirements outlined and implemented by most major ISPs, which we have combined in our own anti-spam policy.

Any email sent by an Emarsys client must contain the following:

  • An easy (‘one-click’) unsubscribe link, i.e. after clicking the link, recipients are redirected to an unsubscribe page or form where they can unsubscribe with a single click. The unsubscribe form must comply with the following five requirements:
    • No login is required to unsubscribe, i.e. it should be readily accessible by anyone.
    • No extra steps are required to unsubscribe, i.e. it does not lead to additional forms, pages or links to complete.
    • No persuasive language is used to entice a person to remain subscribed.
    • No costs to unsubscribe, i.e. it has to be free.
    • No advertising is used in the form.
  • A link to the privacy policy on the client’s website.
  • The full physical, summonable address of the client’s company.

Note: Offering the unsubscribe functionality via email (‘mailto: unsubscribe@example.com’) or telephone is not a substitute for the one-click process. We do recommend that you provide these channels as additional unsubscribe options, but they are not a valid substitute.

Campaign-specific Recommendations

The following tips and tricks might seem obvious, but can significantly improve your deliverability rates and customer engagement.

  • Include a request to add the sender to the address book or safe sender list. This enables the image content of your email to be displayed automatically the next time they receive an email from you. This easily and drastically increases your open rates, reputation, and subsequently your deliverability performance. We have provided instructions on how to do this in the most common email clients so please feel free to include this link in your request.
  • Place the unsubscribe link at the top of the email. Avoid low contrast combinations, (e.g. light grey text on dark grey background) so that the link is visible and accessible to all recipients. The more accessible the unsubscribe link is, the more your recipients will trust you (knowing they can opt out at any time) and the fewer complaints and unsubscribes you will receive.
  • Use Personalization. This is an easy and effective way to engage with your recipients, increasing their trust, response rates, and as a consequence your reputation and deliverability.
  • Balance your text and HTML/image content ratio. Aim for your email to be comprised of 50% text and 50% HTML/images, but the more text content you have the better.
  • Do not send HTML versions with images only. It is important that recipients are able to read the content without opening or displaying the images.
  • Use an Emarsys template rather than custom HTML, as the code standards in our templates are designed and tested to render well on most email clients.
  • Avoid using HTML design for web pages. If you do use custom HTML, please make sure that meta-tags (charset) are not present.
  • Check that none of your links can be mistaken for phishing links. These are links in the text that point to a different domain, and are usually blocked by Gmail and other major ISPs because those are the typical characteristics of phishing links.