Ask Laura: Should I let my ESP give me a shared IP?

GraniteTrees

Dear Laura,
Our company has been shopping around for ESPs and most of them want to put us on a shared IP address. I have always heard that senders should get dedicated IPs. Will this hurt our deliverability?
Regards,
Sharing is Hard

Dear Sharing,
For a long time, IP reputation was the major factor in identifying good mail from bad mail. Good IPs helped mail get into the inbox. Poor IPs were blocked or mail was sent to the bulk folder.
Today, IP reputation isn’t as important, and here’s a look at how this evolved:
The first big thing that happened was spammers and cybercriminals figured out how to manipulate IP-based filters. They stole reputations, used tens of hundreds of IP addresses, registered hundreds of thousands of fake email accounts to influence ISP reputation filters, and many other things. Some highlights from our blog (you’ll notice we haven’t written much about IP reputation recently…):

  • Email moved to IPv6. IPv6 space is big. Really Big. Bigger than you think. Because it’s so big, IP blocking isn’t going to work the same over v6. IP addresses are so plentiful in v6 that spammers could use one IP per email and basically never run out of IPs, even in the allocation most ISPs are giving to home users. Filtering had to change or ISPs were going to melt down from being unable to handle so many v6 addresses.
  • Technology got better. It’s only been in the last decade or so that machine learning technology has become ubiquitous and affordable (for more on the current state of machine learning, check out Google’s publications list). We are in the era of big data, so it makes sense that big data can be used for filtering. Machines can evaluate so many factors they can identify spam that’s trying to elude spam filters.

With this shift in reliance on IP reputation, it isn’t as much of an issue to use shared IP addresses:

  • With a shared IP, you get to avoid many of the challenges of warming up a new address when you change ESPs.
  • Many good ESPs have shared pools that they monitor for bad behavior. (They monitor dedicated IPs, too, but often with dedicated IPs, they assume any bad behavior is yours, and may not rush to help you resolve them as quickly).
  • ISPs are applying reputation to more than just IPs. They’re measuring domain reputation, URL reputation and authenticated domain reputation. We don’t get a lot of feedback about those — there aren’t domain FBLs really — but the ISPs have that data.

We have a few suggestions for senders who use shared IP addresses:

  • Use your own domain in the DKIM signature so you can establish your own domain reputation separate from the other tenants on the IP address
  • Take advantage of any personalization the ESP allows in the return path.
  • Brand your emails clearly and use consistent visual design elements so the mail looks like yours to both the filters and your recipients.

Overall, I don’t expect a well managed shared IP to contribute to any more deliverability problems than a well managed dedicated IP. The ISPs have gotten extremely good at splitting out mail streams that share the same IP. Your mail, if it’s good, will be inboxed even if there is bad mail going across your shared IP. Thats not 100% of course, really bad senders can contaminate whole IP ranges. But most of the time a shared IP is fine for most senders. The only real downside of a shared IP is that it is ineligible for certification. But the vast majority of my clients aren’t certified and make it to the inbox just fine.
Sharing the love on shared IPs,
Laura

Confused about delivery in general? Trying to keep up on changing policies and terminology? Need some Email 101 basics? This is the place to ask. We can’t answer specific questions about your server configuration or look at your message structure for the column (please get in touch if you’d like our help with more technical or forensic investigations!), but we’d love to answer your questions about how email works, trends in the industry, or the joys and challenges of cohabiting with felines.

Related Posts

The death of IP based reputation

Back in the dark ages of email delivery the only thing that really mattered to get your email into the inbox was having a good IP reputation. If your IP sent good mail most of the time, then that mail got into the inbox and all was well with the world. All that mattered was that good IP reputation. Even better for the people who wanted to game the system and get their spam into the inbox, there were many ways to get around IP reputation.
Every time the ISPs and spam filtering companies would work out a way to block spam using IP addresses, spammers would figure out a way around the problem. ISPs started blocking IPs so spammers moved to open relays. Filters started blocking open relays, so spammers moved to open proxies. Filters started blocking mail open proxies so spammers created botnets. Filters started blocking botnets, so spammers started stealing IP reputation by compromising ESP and ISP user accounts.  Filters were constantly playing catchup with the next new method of getting a good IP reputation, while still sending spam.
While spammers were adapting and subverting IP based filtering a number of other things were happening. Many smart people in the email space were looking at improving authentication technology. SPF was the beginning, but problems with SPF led to Domains Keys and DKIM. Now we’re even seeing protocols (DMARC) layered on top of DKIM. Additionally, the price of data storage and processing got cheaper and data mining software got better.
The improvement in processing power, data mining and data storage made it actually feasible for ISPs and filtering companies to analyze content at standard email delivery speeds. Since all IPv4 addresses are now allocated, most companies are planning for mail services to migrate to IPv6. There are too many IPv6 IPss to rely on IP reputation for delivery decisions.
What this means is that in the modern email filtering system, IPs are only a portion of the information filters look at when making delivery decisions. Now, filters look at the overall content of the email, including images and URLs. Many filters are even following URLs to confirm the landing pages aren’t hosting malicious software, or isn’t content that’s been blocked before. Some filters are looking at DNS entries like nameservers and seeing if those nameservers are associated with bad mail. That’s even before we get to the user feedback, in the form of “this is spam” or “this is not spam” clicks, which now seem to affect both content, domain and IP reputation.
I don’t expect IP reputation to become a complete non-issue. I think it’s still valuable data for ISPs and filters to evaluate as part of the delivery decision process. That being said, IP reputation is so much less a guiding factor in good email delivery than it was 3 or 4 years ago. Just having an IP with a great reputation is not sufficient for inbox delivery. You have to have a good IP reputation and good content and good URLs.
Anyone who wants good email delivery should consider their IP reputation, but only as one piece of the delivery strategy. Focusing on a great IP reputation will not guarantee good inbox delivery. Look at the whole program, not just a small part of it.

Read More

Yes, we have no IP addresses, we have no addresses today

We’ve just about run out of the Internet equivalent of a natural resource – IP addresses.

Read More

Reputation is about behavior

meter19
Reputation is calculated based on actions. Send mail people want and like and interact with and get a good reputation. Send mail people don’t want and don’t like and don’t interact with and get a bad reputation.
 
Reputation is not
… about who the sender is.
… about legitimacy.
… about speech.
… about message.
Reputation is
… about sender behavior.
… about recipient behavior.
… about how wanted a particular mail is forecast to be.
… based on facts.
Reputation isn’t really that complicated, but there are a lot of different beliefs about reputation that seem to make it complicated.
The reputation of a sender can be different at different receivers.
Senders sometimes target domains differently. That means one receiver may see acceptable behavior but another receiver may see a completely different behavior.  
Receivers sometimes have different standards. These include standards for what bad behavior is and how it is measured. They may also have different thresholds for things like complaints and bounces.
What this means is that delivery at one receiver has no impact on delivery at another. Just because ISP A delivers a particular mail to the inbox doesn’t mean that ISP B will accept the same mail. Each receiver has their own standards and sometimes senders need to tune mail for a specific receiver. One of my clients, for instance, tunes engagement filters based on the webmail domain in the email address. Webmail domain A needs a different level of engagement than webmail domain B.
Public reputation measures are based on data feeds.
There are multiple public sources where senders can check their reputation. Most of these sources depend on data feeds from receiver partners. Sometimes they curate and maintain their own data sources, often in the form of spamtrap feeds. But these public sources are only as good as their data analysis. Sometimes, they can show a good reputation where there isn’t one, or a bad reputation where there isn’t one.
Email reputation is composed of lots of different reputations. 
Email reputation determines delivery.  Getting to the inbox doesn’t mean sending from an IP with a good reputation. IP reputation is combined with domain reputation and content reputation to get the email reputation. IP reputation is often treated as the only valuable reputation because of the prevalence of IP based blocking. But there are SMTP level blocks against domains as well, often for phishing or virus links. Good IP reputation is necessary but not sufficient for good email delivery.
Reputation is about what a sender does, not about who a sender is.
Just because a company is a household name doesn’t mean their practices are good enough to make it to the inbox. Email is a meritocracy. Send mail that merits the inbox and it will get to recipients. Send email that doesn’t, and suffer the repercussions.

Read More