Ask Laura: Should I let my ESP give me a shared IP?

GraniteTrees

Dear Laura,
Our company has been shopping around for ESPs and most of them want to put us on a shared IP address. I have always heard that senders should get dedicated IPs. Will this hurt our deliverability?
Regards,
Sharing is Hard

Dear Sharing,
For a long time, IP reputation was the major factor in identifying good mail from bad mail. Good IPs helped mail get into the inbox. Poor IPs were blocked or mail was sent to the bulk folder.
Today, IP reputation isn’t as important, and here’s a look at how this evolved:
The first big thing that happened was spammers and cybercriminals figured out how to manipulate IP-based filters. They stole reputations, used tens of hundreds of IP addresses, registered hundreds of thousands of fake email accounts to influence ISP reputation filters, and many other things. Some highlights from our blog (you’ll notice we haven’t written much about IP reputation recently…):

  • Email moved to IPv6. IPv6 space is big. Really Big. Bigger than you think. Because it’s so big, IP blocking isn’t going to work the same over v6. IP addresses are so plentiful in v6 that spammers could use one IP per email and basically never run out of IPs, even in the allocation most ISPs are giving to home users. Filtering had to change or ISPs were going to melt down from being unable to handle so many v6 addresses.
  • Technology got better. It’s only been in the last decade or so that machine learning technology has become ubiquitous and affordable (for more on the current state of machine learning, check out Google’s publications list). We are in the era of big data, so it makes sense that big data can be used for filtering. Machines can evaluate so many factors they can identify spam that’s trying to elude spam filters.

With this shift in reliance on IP reputation, it isn’t as much of an issue to use shared IP addresses:

  • With a shared IP, you get to avoid many of the challenges of warming up a new address when you change ESPs.
  • Many good ESPs have shared pools that they monitor for bad behavior. (They monitor dedicated IPs, too, but often with dedicated IPs, they assume any bad behavior is yours, and may not rush to help you resolve them as quickly).
  • ISPs are applying reputation to more than just IPs. They’re measuring domain reputation, URL reputation and authenticated domain reputation. We don’t get a lot of feedback about those — there aren’t domain FBLs really — but the ISPs have that data.

We have a few suggestions for senders who use shared IP addresses:

  • Use your own domain in the DKIM signature so you can establish your own domain reputation separate from the other tenants on the IP address
  • Take advantage of any personalization the ESP allows in the return path.
  • Brand your emails clearly and use consistent visual design elements so the mail looks like yours to both the filters and your recipients.

Overall, I don’t expect a well managed shared IP to contribute to any more deliverability problems than a well managed dedicated IP. The ISPs have gotten extremely good at splitting out mail streams that share the same IP. Your mail, if it’s good, will be inboxed even if there is bad mail going across your shared IP. Thats not 100% of course, really bad senders can contaminate whole IP ranges. But most of the time a shared IP is fine for most senders. The only real downside of a shared IP is that it is ineligible for certification. But the vast majority of my clients aren’t certified and make it to the inbox just fine.
Sharing the love on shared IPs,
Laura

Confused about delivery in general? Trying to keep up on changing policies and terminology? Need some Email 101 basics? This is the place to ask. We can’t answer specific questions about your server configuration or look at your message structure for the column (please get in touch if you’d like our help with more technical or forensic investigations!), but we’d love to answer your questions about how email works, trends in the industry, or the joys and challenges of cohabiting with felines.

Related Posts

Deliverability and IP addresses

Almost 2 years ago I wrote a blog post titled The Death of IP Based Reputation. These days I’m even more sure that IP based reputation is well and truly dead for legitimate senders.
There are a lot of reasons for this continued change. Deliverability is hard when some people like the same email other people think is spam

Read More

IP Reputation

A throwback post from a few years ago on IP reputation.

Read More

Hunting the Human Representative

Yesterday’s post was inspired by a number of questions I’ve fielded recently from people in the email industry. Some were clients, some were colleagues on mailing lists, but in most cases they’d found a delivery issue that they couldn’t solve and were looking for the elusive Human Representative of an ISP.
There was a time when having a contact inside an ISP was almost required to have good delivery. ISPs didn’t have very transparent systems and SMTP rejection messages weren’t very helpful to a sender. Only a very few ISPs even had postmaster pages, and the information there wasn’t always helpful.
More recently that’s changed. It’s no longer required to have a good relationship at the ISPs to get inbox delivery. I can point to a number of reasons this is the case.
ISPs have figured out that providing postmaster pages and more information in rejection messages lowers the cost of dealing with senders. As the economy has struggled ISPs have had to cut back on staff, much like every other business out there. Supporting senders turned into a money and personnel sink that they just couldn’t afford any longer.
Another big issue is the improvement in filters and processing power. Filters that relied on IP addresses and IP reputation did so for mostly technical reasons. IP addresses are the one thing that spammers couldn’t forge (mostly) and checking them could be done quickly so as not to bottleneck mail delivery. But modern fast processors allow more complex information analysis in short periods of time. Not only does this mean more granular filters, but filters can also be more dynamic. Filters block mail, but also self resolve in some set period of time. People don’t need to babysit the filters because if sender behaviour improves, then the filters automatically notice and fall off.
Then we have authentication and the protocols now being layered on top of that. This is a technology that is benefiting everyone, but has been strongly influenced by the ISPs and employees of the ISPs. This permits ISPs to filter on more than just IP reputation, but to include specific domain reputations as well.
Another factor in the removal of the human is that there are a lot of dishonest people out there. Some of those dishonest people send mail. Some of them even found contacts inside the ISPs. Yes, there are some bad people who lied and cheated their way into filtering exceptions. These people were bad enough and caused enough problems for the ISPs and the ISP employees who were lied to that systems started to have fewer and fewer places a human could override the automatic decisions.
All of this contributes to the fact that the Human Representative is becoming a more and more elusive target. In a way that’s good, though; it levels the playing field and doesn’t give con artists and scammers better access to the inbox than honest people. It means that smaller senders have a chance to get mail to the inbox, and it means that fewer people have to make judgement calls about the filters and what mail is worthy or not. All mail is subject to the same conditions.
The Human Representative is endangered. And I think this is a good thing for email.

Read More