All Collections
Store Setup
Email Notifications
Email Analysis by Anti-Spam Systems
Email Analysis by Anti-Spam Systems

Learn why your store emails may be treated as spam and what you can do to improve the situation.

Olga Tereshina avatar
Written by Olga Tereshina
Updated over a week ago

A great deal of communication with your X-Cart store users will happen via email. It includes automatic email notifications, email marketing messages like abandoned cart reminders, and - sometimes - newsletters. If you take communication with your customers seriously, you will invest some time and effort into the design and content of your emails. However, after all that work, there's still a chance your emails will find a way to the spam folder of your customer email boxes. This article discusses why this may happen and what you can do to improve the situation from your end.

According to recent research, up to 80-90% of all email on the Internet is spam. Spam is terrible, be it unsolicited promotional business materials, virus spam, illegal money transfer scam, or phishing to obtain sensitive information. It causes financial harm, interferes with day-to-day work, and makes it more difficult for people to find legitimate emails they may have received.

To stop the bombardment by spam emails, people and businesses are using all kinds of spam prevention tools and techniques to receive only relevant content.

Advanced anti-spam systems of today use three major types of email analysis (or their variations) to determine if an email message is a spam:

  1. Analysis of the email sending server IP address.

  2. Analysis of the SPF/DMARC records of the sender's domain and the DKIM signature.

  3. Email content analysis (headers, subject, body, links, etc.).

For example, IP addresses are essential when it comes to determining the credibility of an inbound email. Every time a receiving host gets connected by a sending host for email transfer, it takes steps to resolve the domain name presented to it as the sender's domain name to an IP address. Then it contacts the DNS server of the identified domain to confirm via SPF records that the mail server specified by the IP address in question is on the list of servers and IP addresses authorized to send an email for that specific domain. The SPF(Sender Policy Framework) email authentication helps the receiving host confirm that inbound mail has not been forged. Simply put, one cannot send email from a domain they do not own. It includes free mail services like Gmail and Yahoo Mail. If you try to send an email from your website specifying a address as the sender, the first thing your addressee's mail server will do is check if you are authorized to use a Gmail email address on mail sent from your website. Since Gmail's servers do not have SPF records for your domain, your mail will be deemed unauthorized. As a result, it will be blocked or end up in the spam folder.

Another popular method many servers use to combat forged emails is DKIM (DomainKeys Identified Mail). DKIM authentication provides a way to sign and verify email messages using public and private keys at the message transfer agent level. When DKIM is used, an email is signed with a key generated for its origin domain. Then, when the email is received, the receiving email server grabs the key from the DNS records of the sender domain and uses this key to perform a cryptographic authentication to ensure the email was not modified during the sending process.

Then, of course, there are sender IP blacklists and various filters that identify spam based on the characteristics of email content (like wrong keywords or phrases typical of spam, suspicious HTML, broken links, etc.)

The diversity of anti-spam tools and methods used today makes us think about many factors that must be taken into account to ensure the deliverability of your emails. Unfortunately, it is not enough to compose a nice-looking message and to hope that X-Cart will deliver it to the planned recipient. To get your emails delivered as intended, you must ensure your mail server and DNS records are appropriately configured for email authentication.

Related pages:

Did this answer your question?