The Impact of A.I. on Spam Filtering and Deliverability

A.I.: Artificial Intelligence (also, me, Al Iverson! But today, the focus is on Artificial Intelligence. I'll try to write it as A.I. to help make it clear).

As A.I. rapidly evolves, the potential for its influence on email deliverability, spam filtering, and sender best practices is something that many email senders are worried about. But is Artificial Intelligence leading us to or through a sea change in email marketing and deliverability? Here, I'll share my two cents.

Don't Panic, It's Already Here

Some version of A.I. has been powering spam filtering at major mailbox providers for years. Google, in particular, has long used machine learning for spam detection and improving filtering mechanisms in addition to the old standard tests of engagement signals, sender reputation metrics, and authentication protocol checks.

It's very likely that spam filters can and will improve, utilizing the power of A.I. I think there's a good chance that they'll only get better, and faster, when it comes to identifying many types of phishing attempts, malicious emails, and low-quality marketing messages more effectively than in years past.

Beware of A.I. Run Amok

However, there's a risk in relying too much on A.I. alone to make deliverability decisions. Why? Because A.I. models are only as good as the data they are trained on.

A well-known recent example of A.I. misfiring is that recent Apple Mail beta update, where Apple Intelligence, Apple's A.I. engine, mistakenly flagged phishing emails as "important" rather than filtering them out. Whoops! We have to remember that A.I. isn't infallible, and bad training data, or bad model direction, can lead to significant filtering mistakes.

We Can't Forget Reputation and Engagement

And this highlights a significant potential risk -- the opportunity for over reliance on new, untested or questionable A.I. models for spam filtering while neglecting existing, proven reputation, filtering and authentication signals. When using A.I. to improve message handling and spam filtering, mailbox providers will need to be careful not to bypass:

• Domain reputation (Is the sender's domain known and trusted?)
• IP reputation (Is the sending IP associated with spam or good mail?)
• Email authentication (Does the email properly pass SPF, DKIM, and DMARC checks?)

There is ample data available today to make good filtering decisions, and A.I. should be enhancing -- not replacing -- these existing trust signals.

A worst-case scenario? A.I. bypassing authentication checks and mistakenly allowing phishing or spoofed emails to be delivered just because they appear legitimate. This is seemingly what happened with the Apple Mail beta bug, where phishing messages were incorrectly promoted as important emails. This incident serves as a warning that A.I. must be carefully implemented alongside, not in place of, fundamental security measures.

Perhaps this isn't a direct risk for email marketers and other email senders; but it highlights how sloppily implementing A.I. in email can have unintended consequences, and those potential various consequences are likely to end up affecting everyone involved; email senders, spam filterers, email security platforms and mailbox providers.

Bad Guys Love A.I., Too

Spammers and other bad actors are leveraging A.I. to their advantage as well, making it easier than ever to:

• Generate highly personalized phishing emails that mimic legitimate senders.
• Create adaptive, real-time attacks that modify content to evade detection.
• Craft human-like chatbot interactions for phishing and fraud attempts.

Those nefarious actors are already finding ways to trick A.I. models to bypass safeguards, automate attacks and find new and inventive ways to step up bad activity, and it's very likely to get worse. As a result, mailbox providers are (or will be) improving their mail-handling mechanisms, utilizing and evolving their own A.I. models to stay ahead of bad actors. Unfortunately, this tightening of spam filters means that legitimate marketers also face stricter inbox placement hurdles if they aren't closely following best practices.

TL;DR? A.I.-driven filtering raises the bar for senders who want to reach the inbox. Best practices matter more than ever, especially as mailbox providers are closing loopholes that allowed borderline practices to succeed in the past.

Remembering Our Old Friend, Best Practices

That's why adherence to best practices remains so important. 

• Negative signals are costly. Allowable complaint rates are likely to tighten up over time. Mailbox providers love "report spam" clicks, which generate a wealth of data to feed the filtering engines. 
• Email authentication is critical, notwithstanding the example bug noted above. SPF, DKIM and DMARC are now published requirements for Gmail and Yahoo Mail, with others likely to follow. There's no way around implementing these properly.
• Engagement (still) matters ever so much! Subscriber lifecycle management only grows in importance as spam filters get better at sorting wanted from unwanted and uninteresting email messages.

As I said on Validity's recent State of Email: Deliverability Deep Dive webinar, "The closer you adhere to best practices, the less chance you'll get caught by an AI-powered spam filter."

Look To the Rules For Guidance

Deliverability might end up a bit more difficult, but also fairer. We're in the midst of observing mailbox providers moving from "best practices" as suggestions and unwritten rules to hard, specific, published requirements. The result? Good senders who follow the rules will thrive, while bad actors will struggle to reach the inbox.

A.I. may accelerate those changes, and there's a good chance that we'll all experience a few bumps along the way, but it's clear to me that best practices and good sending will continue to win the day (and the inbox).