We are working on a project that requires us to allow users to register to receive email notifications of certain events. There will potentially be tens or hundreds of thousands of email messages based on any one event.
I know that this is done every day all over the web, but what I don't know is how email campaigns are managed such that the sender is not blacklisted as a spammer when a single mail provider recognizes large numbers of messages from a single source -- I'm especially concerned with high profile mail providers like Yahoo, MSN, AOL, etc. who will likely receive the bulk of the messages that we send.
Is there a standard methodology that is employed in order to conduct legitimate email campaigns that users have voluntarily registered for?
Four steps that will significantly increase your chances:
- Make sure that your outgoing mail server is using well-behaved software (I suggest postfix). Ill-behaved mail software can cause problems for you by doing things that make servers reject you.
- Make sure that your server's forward- and reverse-DNS match. Many mail servers will reject mail from other servers which are not properly configured.
- Set up SPF records for your domain and test them.
- Set up DomainKeys for your domain, which can be a little complex.
- Sign up for ISP feedback loops – (e.g. Yahoo's)
When rolling out one of our websites, our mail server was throttled by Yahoo! because of the volume of e-mail we were sending – all of which was sign-up notifications. We were getting so many new users that they throttled our server. We got around that by flushing that server's mail queue to another server. After three servers got throttled, we managed to get the rest of our mail delivered, and we've been fine since.
You may also wish to consider a third-party service, like CertifiedEmail, which may cost money but which may also ensure a higher rate of delivery.
Finally, send test messages through your system to test accounts on all free webmail services, every ISP you can find, and every mail client you can get your hands on. Only after you've done all of the above should you even consider sending out mail.
Once you're ready to go, I suggest starting with a small group of subscribers and then moving up to the full list later. Better to find problems while they're small.
The "Spam Best Practices" are a starting point, though mostly non-technical.
On a slightly more technical level, a simplistic and important step is to send yourself a test email using your system and look at the headers to see if there's anything that screams trouble, like X-Authentication-Warning headers.
An instantly-working unsubscribe link is absolutely indispensable.
You can read:
http://spamlinks.net/prevent-marketers.htm and
http://spam.abuse.net/marketerhelp/
No matter what you do, people and machines will incorrectly classify your messages as spam. Therefore, you'll tend to get your IP address(es) blacklisted.
The best option is to set up some automated monitoring to detect when your IPs get blacklisted (hook it into your normal monitoring system) - you should monitor at least most of the big public blacklists if possible.
If you can, you could also automatically monitor delivery to selected third parties (Hotmail, Yahoo, Google) to detect when they've stopped delivering your mail - they presumably have private blacklists you can't query programmatically.
AOL I've found to be a particular problem, their policy was barely documented and subject to change without notice. Moreover, their users are some of the most stupid in the business and tend to flag anything as spam. However, they do (in my experience) respond to support requests and will whitelist your IPs if you ask nicely and are legitimate.
If you find an IP blacklisted, you can take steps to remove it, or switch to another one temporarily (you'd still need to get the original one un-blacklisted as you'd probably want to reuse it eventually).