Why Are My Emails Bouncing? Email Authentication for Small Business

purple email

Have you experienced lower-than-usual open rates for your email marketing lately? If you open an email marketing campaign and ask yourself, “why are my emails bouncing?” or “why is my open rate so low?” you’ve come to the right place. There’s a good reason, and an easy (ish) fix.

What Is Happening?

Unless you work in IT (or a quasi-related field like web design), you may not have noticed the sea change going on in the world of email. Email security protocols are changing, and it’s having an effect on email deliverability for all businesses. The area I first noticed this in is email marketing.

The definition of email marketing is connecting with your audience via email to conduct promotion and sales.

In Canada (as in most other jurisdictions), there is legislation called anti-spam legislation. One part of this type of legislation insists businesses give their audience a straightforward way to opt out of their mailing list. That’s why most companies choose to use some kind of customer relationship management (CRM) software to send these emails because they make unsubscribing easier. Examples of software I have used for this include SendinBlue, Aweber, Hubspot, Constant Contact, Keap, and my personal favourite for small business, Mailchimp.

In using these types of email marketing programs, I realized email deliverability is in flux right now because this type of program tells you exactly how your clients interact with your emails.

Email Performance is Suffering

It started when I opened my client’s Mailchimp account and viewed their stats with dismay.

“TWENTY-ONE percent?” I muttered, “What the $#@!?”

I was horrified because email marketing is my forte. I pride myself on having open rates at least 15% higher than the industry average. I freak out a little if I don’t see at least 30% of recipients open my emails. And having an open rate of around 20% has happened to me TWICE in the past two months.

It’s not a trend, but it’s enough of a departure to warrant a little research.

Over the years, connecting with people who work in giant organizations has been illuminating my work with small organizations. Because big companies have both the budget and the need for extensive IT departments, they’re often better able to stay on top of the latest security concerns.

Someone I know, who has asked to remain anonymous, is an executive for the Canadian arm of a multinational distribution company. This company was a high-profile victim of a ransomware attack earlier in 2021.

purple building

What is Ransomware?

Ransomware is when bad actors get control of an organization’s computer system, lock employees out, and hold the system hostage until they get paid. Once they have their money, they give the company some computer code that allows the business to regain control. It can involve theft and data resale, but it is often simply about being a nuisance and getting paid.

In 2021, ransomware attacks increased 151%. Companies like meatpacking giant JBS, Acer Computers, and Colonial Pipeline are among those who experienced ransomware earlier this year. Government departments like hospitals, police detachments, and municipalities have been targets too.

Here are some of the random and interesting things I learned about 2021’s significant ransomware attacks.

  • This company learned one of its own employees sold or lost their login information, which is how the hackers got in.
  • The company paid the ransom. No organization can afford to lose access to its system. This company paid between $4 – $7 million to get it back. A cybersecurity survey shows 70% of organizations choose to pay.
  • In the email sent out demanding payment, the hackers seemed very concerned with having good customer service. The email from the hackers demanding the ransom offered this reassurance, “You can trust our code to recover your files. It’s how we make our money.” This proves my point that good reviews are foundational to everyone’s marketing program, even cybercriminals

Why Is This Happening?

Experts believe the sharp jump in cybersecurity issues is directly related to more people working from home on less secure devices and networks.

In an interview with CTV News, cybersecurity expert Marc Gaudet says, “It feels like the pandemic forced ten years of cybersecurity adoption to happen in about ten weeks,” said Gaudet.

“[Organizations] implemented new policies, technologies, and security training boot camps for staff, protections they plan to keep in place long after the pandemic.”

These protections include tightening what’s called the email authentication process, so only emails that clearly label themselves as “safe” make it through their filers. And THAT is why you (and I) may be experiencing sudden problems with email deliverability.

Stepping Up Email Security: Phishing, Spoofing and Spam

Ninety-one percent of ransomware attacks start with a phishing email. Phishing is when an email from hackers appears to be legit but asks the recipient to click on a link. Once that link is clicked, the hackers can bypass security defences and gain access to sensitive data.

These phishing emails typically come from what is called a “spoofed” domain. For example, they may look like they come from Amazon, asking you to confirm an order. However, the email is not actually from Amazon; the hackers have “spoofed” the Amazon domain.

Email authentication is the technical process of confirming that your email is coming from you, not a hacker impersonating your domain. Email authentication protocols sometimes have the effect of screening out legit emails, especially when the sender uses a third-party software like Mailchimp, etc to send the emails. It’s the email equivalent of a criminal records check before you are allowed to coach a kids’ soccer team. On one hand, it’s a piece of bureaucracy no one wants to bother with. On the other, we all realize how important it is to protect kids from dangerous adults, so the criminal records check is important.

How Can You Reduce Email Bounce Rate?

Suppose your recipient has recently started using stricter email authentication and your email marketing campaign no longer passes their filers. In that case, it means the number of emails you send that bounce or “soft bounce” goes up. This means your open rates and click rates go down. Fewer people receive your emails.

Increased bounces start a vicious cycle because better list engagement makes future emails more likely to hit the main inbox than getting stuck in your customers’ promotions, spam, or junk folders. (This is also why you should just delete people on your list who don’t open your emails. I’ll write about that another time)

The good news is you can enhance your email authentication protocols. Enhanced authentication protocols not only help you get through the filters and get better open rates they also protect you from phishing, spoofing, and spam. Win-win!

Enhanced Email Authentication: SPF, DKIM, DMARC, and BIMI

I need to point out that I am not an IT specialist. I have gone through this process for my own email, as well as for 3 of my clients who don’t employ full-time IT people. However, my area of expertise is writing, not cybersecurity. If you aren’t tech-savvy, don’t mess around in your domain provider account; hire an expert to do it for you. I hope small business owners can use this article to learn how to ask for help, not necessarily make these changes themselves.

Email authentication adds rules to your domain name server, or DNS, that allow your email and the recipient’s inbox to talk to each other and determine that your email is safe.

There are four main ways servers authenticate emails. To improve your email open rates, you need to make sure you are employing all four. Annoyingly, all four email authentication protocols are named using acronyms: SPF, DKIM, DMARC and BIMI.

Most of them aren’t terribly challenging to employ, but take some time mucking around on the back end of your domain provider adding .txt files. Again, if this isn’t an area you’re comfortable with, hire a pro.

Protect Your Reputation

For many of us, this all seems hopelessly technical, but it really isn’t. All you need to know is that there is yet another fallout of the pandemic, and it’s an increase in mailbox security for email. You need to take the four steps to ensure your email is trustworthy, either by reading the instructions for email authentication for your particular mailbox provider, or by hiring an IT specialist to do this for you. For example, here are the instructions for Google Workspace that I used to learn how to set up my own email authentication.

It isn’t fun, but it’s essential. Part of protecting your brand’s reputation is ensuring your audience can trust you. If you diminish your or someone else’s cybersecurity, the effect on your brand is of course very detrimental. It also causes reputational damage for all of us who communicate via email with our clients. Our subscribers trust us to respect their inbox, and ensuring your email is secure is crucial to demonstrate that.

Picture of author, Bridget Brown

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.