What Gmail Teaches Us About Spam Filtering

  |  May 10, 2012   |  Comments

The three steps to avoid being marked as a phish or forgery by Gmail. Part one in a two-part series.

In March Google added more detailed information about why messages are being filtered as spam in Gmail. Looking at that information provides some interesting insights into what's going on, how Google is analyzing and categorizing email, and even explodes a few myths about deliverability. The value of this insight goes beyond users with an @gmail.com address. Google has combined its Postini spam filtering service into Gmail so the learnings here are applicable to the four million businesses using Google apps and enterprises using Postini directly. In addition, how Google categorizes spam is not that different to other major ISPs, so many of the learnings will apply elsewhere.

To see this information yourself simply go into your Gmail spam folder and open one of the emails. Look just below the header (the bit that shows who it's from, who it's to, and when it was sent). Here you'll find a description of why it is in the spam folder and a link to learn more.

There are two primary reasons why a message may be in the spam folder. The first is that Google considers it a potential forgery or phishing message and the second is that Google considers the message to be spam. There are multiple causes and reasons behind each of these dispositions and Google does provide some more details.

I'll start with the forgery and phishing disposition. Phishing is the act of sending an email to a user falsely claiming to be a legitimate enterprise in an attempt to scam them into surrendering private information that will be used for identity theft. Forged emails are those that are not from whom they purport to be. All phishing emails are forgeries but not all forgeries are phishes, hence the distinction in the Gmail system.

Messages that indicate this disposition include:

  1. Our systems couldn't verify that this message was really sent by yyy.com.
  2. This message may not have been sent by xxx@yyy.com.
  3. Similar messages were used to steal people's personal information. Unless you trust the sender, don't click links or reply with personal information.

If you're a marketer and your email is being marked as a phish or forgery the problem is almost certainly technical. Avoiding being marked as a phish or forgery is just a matter of having a properly configured email infrastructure, of dotting the i's and crossing the t's. To do this takes three steps.

The first is to confirm that there are no technical errors in your messages. This should be handled by your email service provider or technology group. Your sending email servers should have valid name entries (aka forward and reverse DNS), content should be appropriately encoded, and the messages should adhere to email standards (aka RFCs). The second is to verify your from and reply-to addresses. These should be valid and owned by your organization. Also confirm that the domain you're utilizing is owned by your organization. Ideally make sure you're using your commonly recognized domain. This is especially important if yours is a well-recognized brand. Sending from email.mycompany.com is better than mycompany-email.com since the latter could be a domain registered by an unscrupulous third party.

The final step is to implement authentication. Authentication confirms to recipients (in this case Google) that the messages really were sent by you.

There are two ways to do this: Domain Keys Identified Mail (DKIM), which cryptographically signs every outbound message and so proves the message was not tampered with and was sent by who it claims. The other is Sender Policy Framework (SPF), which simply defines which email servers are permitted to send email for your organization. You should implement both technologies. Some recipients check only one but many check both of these.

Take these three simple steps and Gmail (and other ISPs) will be left in no doubt as to the authenticity of your messages, and warnings about forgeries and personal data theft will go away.

In my next column I'll look at the causes of the spam disposition, what it tells us about how Google categorizes and filters email, and what steps you can take to prevent it.

Until next time,

Derek

Tags:

ClickZ Live New York What's New for 2015?
You spoke, we listened! ClickZ Live New York (Mar 30-Apr 1) is back with a brand new streamlined agenda. Don't miss the latest digital marketing tips, tricks and tools that will make you re-think your strategy and revolutionize your marketing campaigns. Super Saver Rates are available now. Register today!

ABOUT THE AUTHOR

Derek Harding

Derek is the managing director of J-Labs, Javelin Marketing Group's technology skunkworks, a role that draws on his 20 years of experience and leadership in the fields of marketing and technology. A British expatriate based in Seattle, Washington, Derek is perhaps better known as the founder and technologist behind Innovyx, one of the first email service providers later acquired by the Omnicom Group. An industry veteran and thought-leader, Derek is a regular expert author, contributor, conference speaker, and takes an active role in a number of industry and trade groups.

COMMENTSCommenting policy

comments powered by Disqus

Get ClickZ Email newsletters delivered right to your inbox. Subscribe today!

COMMENTS

UPCOMING EVENTS

UPCOMING TRAINING

Featured White Papers

Google My Business Listings Demystified

Google My Business Listings Demystified
To help brands control how they appear online, Google has developed a new offering: Google My Business Locations. This whitepaper helps marketers understand how to use this powerful new tool.

5 Ways to Personalize Beyond the Subject Line

5 Ways to Personalize Beyond the Subject Line
82 percent of shoppers say they would buy more items from a brand if the emails they sent were more personalized. This white paper offer five tactics that will personalize your email beyond the subject line and drive real business growth.

WEBINARS

Resources

Jobs

    • Customer Service Consultant
      Customer Service Consultant (Bonner and Partners) - Delray BeachBonner & Partners: Full-time Customer Service Consultant Position Who we are...
    • Financial Editor
      Financial Editor (Confidential) - DurhamSIX FIGURE EDITORS WANTED: To enforce lofty NEW editing standards. Easy Conditions Unlikely. Promotion and...
    • Information Processing Specialist
      Information Processing Specialist (Agora Inc. ) - BaltimoreInformation Processing Specialist – The IP specialist position ensures the successful...