Seeing "recipient getting too much mail" delays at Gmail?

Here's a question I get asked from time to time: What does THIS Gmail SMTP delivery temp failure error actually mean? Here's the error in question:

450, "4.2.1", The user you are trying to contact is receiving mail at a rate that prevents additional messages from being delivered. Please resend your message at a later time. If the user is able to receive mail at that time, your message will be delivered. For more information, see Limits for sending & getting mail.

And here's what it means.

First, understand that it does NOT mean that your sending IP address and sending domain are blocked from sending mail to Gmail. This is not the same as being blocked for having a poor sending reputation!

What it means is that the RECIPIENT EMAIL ADDRESSES you're sending too are receiving too much mail, much too fast. There are a few different scenarios that can cause this.

First, are you using your own personal or test Gmail accounts to send many messages to for "load" or "stress" testing? Don't do this! Sending too much mail (they never say exactly how much is too much) to your own test addresses will cause this error message to be returned. And it can back up your own sending email queue, delaying delivery of legit mail to legit subscribers.

Any time you're going to do load testing or stress testing sends from an email platform, make sure you send ONLY to mailboxes you control at servers you control. Not mailboxes hosted by Gmail, Microsoft or some other ISP. Not mailboxes behind spam filtering like Proofpoint or Vade Secure. Trying to squirt a whole bunch of mail to a small number of test addresses is not a use case that most spam filterers or ISPs know how to account for. This happens somewhat often. I can't stress enough -- email stress testing is not compatible with ISP or service provider-hosted mailboxes.

This also can happen sometimes even at lower volumes, even if you're doing something like sending one email per minute to your test Gmail account to make sure a system is alive. Testing daily or perhaps even hourly is probably fine, but at some point if your interval is too small, you're going to have problems, and this is a primary way that those problems will manifest.

Next, is it possible that somebody is submitting a bunch of junk addresses to your subscriber list signup process and now those addresses are getting too much mail (maybe even overall, not just from you). If you are utilizing "lead gen" or "co-reg" email address signup processes, this can happen. It's a sign that your signup partner might be selling those same addresses to more senders than they've told you about. If one signup on one form results in a hundred email followups from a hundred different senders, you could end up with this. Payday loan senders are notorious for this, but others engage in it as well. Or, it could simply be some form of bot activity-- if it's not any sort of third-party related process, it could be as simple as fixing it by adding a CAPTCHA or double opt-in to the signup process.

Whoops, did you accidentally "mail bomb" a bunch of email recipients? Could it be that you accidentally launched an email campaign to the same subscriber list a bunch of times (10 times, 50 times, 5000 times) and your mail server is dutifully trying to deliver all those messages? It happens. But when it happens, see if you can work with your sending platform or your IT team (if it's an internal system) to delete pending email messages from the mail queue to clean it up.

The key here is whatever you're doing, whoever you're sending to, stop doing that. Figure out which process or practice or partner is the source of pain, and address it. That's what stops this from recurring.

For future reference, here is a link to Google's overview of the different Gmail SMTP error response codes.

Posted by on No comments:
Topics: , , ,

Problems delivering to Apple's iCloud today

If you've been trying to send mail to Apple's iCloud email domains today (mac.com, me.com, icloud.com), you might have run into this bounce message:

5.1.1 (bad destination mailbox address) <email address> : user lookup success but no user record found

It's not just you -- Apple appears to have had intermittent issues today. Their status page lists it as now resolved, but for some period of time, your attempts to mail a valid recipient might have been met with the bounce message seen above.

[ H/T: Andrew Barrett ]

Posted by on No comments:
Topics: , ,

Ask Al: What if domains don't match?

A friend recently asked me, "If sending domain is email-example.com and all URLs in the email body point to example.com, would that cause any deliverability issues?"

I get this question often, so I thought it would be a good thing to write up and share here, for future reference. Let's break it down. The concern raised here is that a sender could be sending from domain A, probably fully authenticated with SPF and DKIM, but links in the body of the email message reference domain B. Domain B could be example.com, it could be click.example.com/cl.example.com, it could be yahoo.com, or something else. The good news is, that's okay. It is expected. ISPs don't look at a comparison of the click tracking domain to the sending domain and make a determination that an email must be bad or questionable simply because those two domains don't match. If ISPs did immediately jump to conclusions about that sort of thing, I'd have trouble using my Gmail account to email a friend a link to a news article I just read on CNN.com. The from address would be me at gmail dot com, but the link(s) in the message body would say cnn.com.

Short answer: There's not much to worry about there. Longer answer, there can be two different caveats to be aware of.

  1. Domain reputation matters, even in the body of the message. Some ISPs block mail referencing or linking to domains that they consider to be excessively spammy. That means even if you're a good sender, if the body of your email contains a link to a spammy domain, the ISP could block that message. Does it specifically damage your sending reputation? Probably not, but it definitely means that the affected messages aren't going to get through. It'd be a bit glib to just say "don't do business with shady characters," because you don't always know what else a company may be up to or if they could have a negative domain reputation. This isn't always easily avoidable, if you send out emails containing links to other sites, but it's something to be aware of. When you start to get weird content-related blocks from just one or two ISPs, it's something you'll want to test for, isolating content and doing iterative testing to narrow down which bit of content -- which domain -- could be the culprit. These aren't always caused by Spamhaus listings, but it can't hurt to check the Spamhaus DBL to make sure your vendor, partner, or advertiser's domain(s) aren't listed there.
  2. Be careful with link wrapping. Microsoft, in particular, used to be pretty fussy about writing out one domain in a link that leads to a different domain. Meaning, don't write out www.yahoo.com in the hyperlinked part of a link, when it doesn't directly go to www.yahoo.com, without any layer or redirect or click tracking in-between. If the message source shows that the link goes to click.example.com (perhaps for click tracking), but the text between the A tags in your HTML say "www.yahoo.com," that's a potential red flag and some ISPs probably will perceive the message to be a phishing attempt. Be careful to avoid this, as the only fix for this is to stop doing it. Instead of writing out your domain name in the text as "www.example.com," Try writing it out as your company name or use some wording like "visit our website" instead.

Posted by on No comments:
Topics: , , , , , ,

Verizon launches new sender-focused portal

Verizon (AOL and Yahoo) just launched a new "sender focused portal," highlighting features like AMP for email, BIMI, Promotions and more. Check it out here.

(And don't forget to keep an eye on their Postmaster blog, where they announce stuff like this.

[ H/T: Verizon and Andrew Barrett. ]

Posted by on No comments:
Topics: , , , ,

Blocked at Mail.de? Here's what to do

Mail.de is a German provider of email services, founded in 2009. I can't find any information about the size of their user base, but they seem to be in the top ten or top fifteen ranking of mailbox providers in the region -- not the biggest, but certainly large enough that blocking of a sender's mail by mail.de could still be of significant concern.

Mail.de has a very helpful postmaster site where they provide useful information for senders and receivers alike. They provide ipv4 and ipv6 IP address information for their outbound mail servers, they indicate that outbound mail is authenticated with DKIM, and they also say that they use five different DNSBLs (spam blocking lists) to filter inbound mail server connection attempts (all.spamrats.com, bl.spamcop.net, ix.dnsbl.manitu.net, bl.mailspike.net, and Invaluement). They might also use some other tools to filter spam as well.

They provide a helpful postmaster contact address, useful for reaching out if you need to resolve a blocking issue. I recently ran into an issue there, and so I reached out to that address. I provided them my IP address, domain name, and a sample blocked message, saved as a zipped .eml file (as recommended by the provider, to prevent my sample message from being blocked before they could receive and review it), and they were able to resolve the blocking issue.

If you find yourself blocked, head on over to that postmaster site, reach out to the postmaster address as recommended there, and explain the situation and include appropriate information as I describe above. Assuming that your mail is indeed desired by mail.de recipients, I rather suspect that they'll be willing to address the issue.

Be sure to check those blocking lists, too, because those could be the underlying reason behind the blocking. An ISP will often defer to the blocking list with regard to spam filtering decisions -- meaning that if you're listed on a blocking list they use, they may not be willing to override that and let your mail through. The resolution to the delivery issue to mail.de subscribers is likely to require that you address the blocking list issue.

Posted by on No comments:

Cómo complacer a Gmail, en Español

Guy Hanson de Validity explica, en español, lo que necesita saber sobre el envío de correo electrónico a Gmail. Clic aquí para saber más.

Guy Hanson from Validity explains, in Spanish, what you need to know about sending email to Gmail. Click here to learn more.

Este es un buen consejo.

Posted by on No comments:
Topics: , ,

What identifies an email message?

Today, I'm trying to help a client answer the question of how Gmail decides in which tab to place a sender's email messages. That leads to the question of how does Gmail, or any other ISP, identify the sender or messages in question? Google, like most ISPs, does not explicitly say, but you can make some hypotheses based on observation.

So, let's theorize. I'll base this mostly on my prior observation, and say that I believe that ISPs identify senders primarily through some mix of these means:

  • Sending IP address,
  • Sending domain name,
  • DKIM authenticated from domain,
  • SPF authenticated return-path address or domain.

Most ISPs base most of this on the sending IP address. Google's Gmail leans more toward identification based on authenticated domain, if possible, primarily via DKIM. Perhaps also via SPF. Various other ISPs are a mix of one or more of these.

Then it becomes, how does Gmail identify the content of the message, to decide if it's an update, or a promotion, or what. Again, no explicit guidance is forthcoming, but one can theorize. My theories on how Google is going to identify content are that it could be any or all of these:

  • A fingerprint calculated based on review of the entire content and code,
  • A fingerprint calculated based on review of the HTML code only,
  • A fingerprint calculated based on review of the text but not code,
  • Matching certain phrases or text,
  • Identifying certain domains you link to or use to host images.

In this context, fingerprinting means "identifying various markers in an email message" and generating a sort of score or numeric checksum based on that. It is often done to identify the same email being sent by different IPs and domains. If a spammer is rotating through domains and IP addresses, fingerprinting the content allows you to identify that the messages are probably all from the same entity, even when those primary sender markers of IP address and sending domain are highly variable. Cloudmark and the Distributed Checksum Clearinghouse (DCC) are well known examples of systems that use fingerprinting.

Also, content and reputation overlap here. An example: Linking to a blocklisted domain can cause deliverability issues-- it can drive spam folder placement, or in some cases, it'll make an ISP block that given message. That's sort of a content issue in that it refers to something referenced in the body content of an email message, but it is also a reputation issue in that it is driven by the (poor) reputation of that domain that you might be linking to.

Bonus: Let's talk more about Gmail tab placement. From Andrew Barrett over on his "the Email Skinny" blog: There's definitely a way out of Gmail Promotions and into the Primary Tab, (But you’re not going to like it).

If you've got additional thoughts on how ISPs identify senders and content, feel free to weigh in via the comments. There are always things that I might not know, or haven't thought of!

Posted by on No comments:
Topics: , , , , ,
Subscribe to: Posts (Atom)