Industry Leaders Panel: Deliverability Matters!

ArunKumar Jagadeesan 1:02
All right, so thanks for thanks for your all of your time and now these are on air from Zoho, Zoho Corporation. Now I've been working with Zoho as an email delivery engineer the past five years, and I've been taking care of deliverability and the complaints and relationships. So, so I would, I would like to give on, I want, I want all the panellists to given, you know, a detailed introduction of water supply no matter what you do. And Tom, thanks for being here. So please carry Oh,

Matthew Vernhout 1:40
sure, I'll go next. My name is Matthew Vernhout. I'm the director of deliverability. Or sorry, that's my old title. I'm the director of privacy and industry relations here at validity. Formerly with 250OK. I've been in the industry doing deliverability stuff, almost 20 years. So lots of experience here. Feel free to ask those really tough questions. You got a pretty good group of people here to answer them. I'm involved heavily in all kinds of organisations from M3aawg to the authenticators Working Group, which is currently building the BIMI standard, and a whole bunch of other things as well. So like I said, feel free to throw questions at us. We got some things to talk about. But I'll pass off next to whomever would like to take the next shot.

Tom Corbett 2:35
Sure. So my name is Tom Corbett, I am a senior consultant at Cheetah Digital. And I've been working in the company for about five years now. Previously working in London now moved over to the States. And but I've been working in email for about 12 years, specialising in deliverability, for about nine now. had many hats work in many different roles. So feel free to ask questions.

Chaitanya Chinta 3:11
I am Chaitanya Chinta . I had email business globally for Netcore. And I'm also co founder of Pepipost. I've been in the industry for the last 14 years now. I was building anti spam filters for Juno and net zero back in the day, and moved on to build a global team for zeta global, and then moved on to start my own startup called Pepipost. And when we post put it back into Netcore, I started looking after their email business. So that's, that's the story. And yeah, feel free to ask any, any tough questions. Okay, well, the topics.

Matthew Vernhout 3:58
Yeah, why don't I get started? Like, we want to talk about sort of, you know, where do you look at basic authentication for email, right, like, that's a piece of deliverability that a lot of people either seem to have problems with, or, you know, have sort of trouble getting getting traction within the organisation to properly set up. Do you guys have comments or thoughts on that?

Tom Corbett 4:28
Yeah, I think for me, I've seen a lot of, we talked about transition, and yet we've seen comments about deliverability people saying, it's the way I used to do things. And customers trying to sign and sending domains so they work with multiple partners. And when migrating over, you know, we'll do our checks, and we'll find that extent using another third party provider that isn't currently configuring now. We want to set up you know, authentication standards, best practice and you're trying to get DMARC in place. When we're going through that process, it's it's having that conversation with businesses, to let them know that they're aware, this provider is not actually sending correctly authenticated metal on their behalf, and it's actually could be damaging their bottom line.

Chaitanya Chinta 5:18
Right. In fact, one of the observation that I've seen, at least with the, with our customers is that, you know, for large corporations, they don't really understand all the main streams that are flowing through, flowing, flowing across all the providers, or all the channels, it could be, you know, corporate communications that are going out, or marketing, communications or transactional, or applications delivering emails. So, when they're trying to do DMARC, specifically, I think, oftentimes, they they miss out on one or the two, one or two main streams, and that I've seen, you know, showing up in the DMARC reports, as failures, and we had to, we had to work with them to fix it. So that's a common trend. I mean, and without understanding the entire mainstream, they try to, you know, do authentication on one main stream, and then enable DMARC. And then they don't, they don't really test it fully, right. I mean, they don't do it with they don't start with none and then gradually upgrade. It's, it's, it's they, you know, and primarily for the banking companies that we work with it, it goes directly into reject. And then they realise that, oh, wow, there's there's one main stream that we did that we don't authenticate, and then, you know, this evolving is getting rejected. So that's, that's, that's, that's, that's been quite an experience for us.

Matthew Vernhout 6:45
Also aggressive DMARC rollout. Yeah, I've heard that too. And I've heard all sorts of horror stories of, you know, people implementing DMARC, even at a nun policy and getting to actually see their entire network in one place, from corporate mail to potentially streams that they've never had control over from either a marketing team or an IT team or things like that. And, you know, I talked with a former postmaster that expected that 300 mail servers when they turned on DMARC, and ended up having 3000. So they were off by a factor, which makes it really sort of complicated. I've also seen, you know, oh, we only have four email service providers. And they find out later they the team, because different teams doing different things. Is that similar to what you guys have seen coming across as clients try to set these things up?

Chaitanya Chinta 7:49
Yeah, yeah, absolutely. Absolutely. In fact, so that's a, that's a common scenario, actually. The room

ArunKumar Jagadeesan 8:00
is even, we have even we have a lot of customers, enterprise customers, they don't know how to segregate their mainstream and we do have indication when it comes to SPF or decline, or the new DMARC setup. So for ya falls for some of the mainstream. Some of the major things they don't do, but this is going this this is definitely you know, when when they when the time they realise that issue, they come to us and asking, then we pay, then we given a detailed explanation of what is happening, then they realise then they'll go on and do this authentications. So yeah, initially, our customers don't have an clear view of like, you know, how to where they should start with and how to do this demo authentication setups. So yeah.

Matthew Vernhout 8:57
The question here and around the individual's views on Sunset policies for email. I'm sure we all have slightly different views. Generally, maybe we all think they're a good thing. But anyone have advice around setting up sunset policies or, you know, when? When is the right time to say goodbye?

Tom Corbett 9:21
It's a great question. I mean, I think every business is going to be different, right? You know, if you're in the automotive industry, that sunset clause, you might be very different to that of retail. Us you're having conversations with customers, it's looking at the data and trying to get them to test load, segmenting it into different kind of date ranges to understand where that real tail off is. And then addressing it and testing it in that manner. So it could be 365 data, say or 12 months and it's also looking at what countries what what legislations what, like kind of opt in consent. They truly have Then becomes a bigger conversation, I found your customers want to always extend it. And it kind of ties into kind of Andrews asking about what the blocklist provides was saying, if the further they push too big an impact they're going to have and some customers don't listen to our advice and the sunset policy and, and make it themselves into a little bother. And but I think it's just trying to have those conversations is just testing, don't be afraid to trim it down quite aggressively. And if they're truly engaged with the brand, they will come back, they they know where to find you don't feel like you have to send to everyone just because they're missing out on 20%. That's not to everyone, that's not critically important.

Matthew Vernhout 10:46
Any other thoughts?

Chaitanya Chinta 10:49
Yeah, I think, I think that isn't it with with Tom, you know, every business is different. And every business can have a different kind of sunset policies. You know, so we typically design a custom sunset policy for each business, we know, depending on the kind of the kind of, you know, activity that the list generates, and all of that. But yeah, implementing one is, is almost a must, in these days, to to list a stain, stain inbox, at least with the recent, you know, changes with in Gmail filters, I think they've really made it very, you know, they're stressing us out on defence of policy, too, I think. I think that's, that's, that's a must now. Yeah, I

Matthew Vernhout 11:42
agree. I think, you know, being in Canada, having legislation a 24 month, implied consent policy, always sets that as sort of the outer bound for these types of discussions when people are relying on implied consent. But, Tom, I agree, when you have, you know, long purchase cycles, such as automobile, you know, the auto industry, where you might keep a car for five or six years, you know, you need to look beyond either the implied consent and get an express consent, or find ways to keep that relationship going. Whether that's, you know, a drip campaign every three months to be like, did you get your oil changed yet? Those types of things, I think that's businesses needs to look at that. And I actually think these sunset programmes should be built in as a drip. So that when people meet that criteria of hitting 12 months with no opens or no clicks, or no, whatever your engagement metric is, that they're automatically triggered. And you're right, I don't think there's a specific industry benchmark for when to do this. But you know, if you're having problems, 12 months is where I would start, and then adjust from there. We have another question here. from Kent, around the new office 365. validation, sorry, the authentication validation, that just came out. So Ken saying validation is ignoring people's non DMARC policies, which I think first off, that's not exactly what's happening. So DMARC is assuming or office 365 is assuming sort of the unauthenticated Mail as authenticated. So it's similar to what Google's doing in regards to the best guess authentication. They're also looking at domain alignment much more aggressively than other platforms. So they're not necessarily ignoring p equals none. But they're assuming that you have at least some level of DMARC and some level of proper authentication. And they're being very aggressive when it comes to brands that don't have alignment don't have branded Deacon keys, things like that. And your if you look in the headers at hotmail, you're gonna see the same calculations that you're seeing in Oh, 365 they just don't seem to be applying them at the same aggressive level on both platforms at this time, and you guys started to notice those changes are how hotmail and oh 365 have made those changes in the last last since January, I believe it was I just wrote an article about it. And I know Laura, Word to the wise has as well.

Tom Corbett 14:28
Yeah, I think I ended January definitely seen some changes. It's always great. You know, when you see your peers and everyone in the workspace kind of come together, putting articles and showing that information. And it just kind of makes it important like to get the basics, get that authentication correct. And when send us not seeing that change is a good chance, a good piece of advice to look at yourself and make those required changes to stay ahead of the curve, right. You don't want to fall behind and have your whole programme for

Matthew Vernhout 14:59
a reason. Did you have anything to add? I know you've been in and out of camera. So I want to make sure you're hearing us and that maybe? Yeah. Did you have anything to add around the office 365 comments?

ArunKumar Jagadeesan 15:26
Well, I think, I think Yeah, I'm sorry for that. One does pay for basic device very clear. So it's good.

Matthew Vernhout 15:43
It's a little beyond what the normal standard is for authentication. And it's almost like they're taking some of the Sender ID behaviour, looking at the the visible from in the mail, like the sender from the mail from slightly different and trying to make sure that there's at least some alignment there happening within the message. So it's pretty interesting. There was a follow up to our sunsetting question as well. I don't know if anyone had a comment on around, should it be implemented at the ISP level? versus at the programme level? Anyone have thoughts on that?

Chaitanya Chinta 16:25
I'd say it has to be mainstream specific. If I'm not wrong. I mean, at least i'd i'd i'd say, you know, sunset policy should be applied from a business level to, you know, probably at the mainstream level. And I think that's it. That's about it. I don't I don't think it has to be like I spy or mailbox provider wise, in that sense.

Matthew Vernhout 16:46
So don't run separate programmes for Gmail versus hotmail versus everyone else. Yeah. Yeah. Yeah. What about as a tangent to that? You know, Gmail is now displaying a pop up for people that haven't engaged in your emails for what they consider to be. I'm prolonged period of time, even 30 days or 60 days. You know, it's less common, but people are starting to see it. Do you think that should be a trigger that people want to look at those timelines for? sunsetting?

Tom Corbett 17:24
I think it's a good thing. Yeah,

Chaitanya Chinta 17:25
I think I think that should be it. That's a good indicator, and then it should it should be a trigger for looking at sunset policy. But I don't think it has to be limited only to Gmail, I mean, the activity is, is across, right? I mean, the if, if a particular user base is, you know, not responding to your emails, I mean, it has to be across the user base. Yeah, and

ArunKumar Jagadeesan 17:50
I agree, it's always good to, you know, every three months or once, so at least, you know, your customer or user can segregate their emails, or is having a proper segmentation of this? It could be you know, but it is always too good to check with, with everything once once whether is opening the image not opening? So yeah.

Matthew Vernhout 18:39
Sure.

Tom Corbett 18:19
Yeah, I'd have to agree about what you said. It's like, it's that indicator, right, that something's not quite right with your mouth with your mouth stream, and adjusting your segmentation. And it should be the business's responsibility. And I think providers like Gmail, the others are just trying to help their recipients just clean up their mailbox and get another one. Yeah. I totally agree with all of that. We got another question here. How do you keep up with deliverability changes? Is it simply through observation? I'll go first, I think it's just having a wide network of people to talk to. So it's not just observation, it's talking to a lot of people internally monitoring. And I've met a lot of personal alerts setup for when things change, watching your own bounce codes, having conversations like this, these types of events to help educate, educate people and share knowledge, reading blogs, you guys are doing anything else other than that, and that kind of what you're doing here.

Tom Corbett 19:25
You're doing the exact same thing except nobody on the staff is really.

Chaitanya Chinta 19:33
Yeah, I think the vaccine for I think most of us,

Matthew Vernhout 19:37
do you have any go to resources. Question?

Chaitanya Chinta 19:43
Well, apart from observation, I think email geeks was one. Another way to look at or talk to, folks that I know so that's, uh, yeah, that's it. That's my Water Resources and logs.

Matthew Vernhout 20:08
Any others that we have retaken? Yeah. Good, good. Let's see, we have a another question here. We've seen Gmail open. We've seen Gmail opening emails of recipients before recipients actually opening. So this is sort of pre conference, fetching type stuff. In regards to maybe image caching and things, do you guys have thoughts on that and how it's impacting email?

Tom Corbett 20:43
I mean, it's been done for the right purposes, right. And even the caching is to prevent a malicious activity from occurring. And I think we've, and we've talked in the past, and everyone's focused on open rates, but reading click throughs is probably a more powerful metric. And I think it's just reeducation right to focus on using different metrics rather than just the open because the open isn't going to get you the conversion and the money you need.

Matthew Vernhout 21:12
To earn Do you have thoughts on that?

ArunKumar Jagadeesan 21:16
Yeah, I don't see any any changes in the last three months? I'm checking in those last six months, but I don't. So I don't see any any changes in last six months?

Matthew Vernhout 21:28
I haven't seen anyone.

ArunKumar Jagadeesan 21:32
Sorry, go ahead. Yeah, I was able to, have you guys seen any any changes, like, you know, Gmail is opening the emails before the actual recipients open it?

Matthew Vernhout 21:48
I, I think this is becoming more of an issue in general. I know, there's lots of other discussion, you know, working groups and such that are trying to deal with this issue from security companies clicking on links to validate that they're not leading to malware, through prefetching images to make sure that they're not, you know, some type of leader for malware, things like that, or caching them to protect user locations and privacy. So these types of things are there because they are becoming more prevalent, I will say, more security companies are doing them. And as senders, it's our responsibility to sort of educate our clients of these things happening. And make sure they understand that some metrics are changing, some metrics are becoming maybe less useful, such as open, but things like length of read, frequency of read, clicks, conversions, those types of things will become more important. As we go even though, you know, like I had mentioned, we're seeing security companies click links as well. So just understanding that. Any other thoughts?

Tom Corbett 23:09
No, I agree with you. Okay.

Matthew Vernhout 23:14
we did. We had talked for we're getting sort of set up for this around, you know, people are still obsessed with tabs. Right, where's Where did my mail go in the Gmail tabs? Is it in the primary or the updates or things like that? What are your thoughts on tabs in regards to you know, how much people should actually care about them?

ArunKumar Jagadeesan 23:42
I still receive my customers, why my emails are, you know, in promotions for primary is really hard to explain them, like, you know, these tabs are also part of inbox. So yes, it's, we have to know, tell them like, you know, this, we're part of an inbox and, well, obviously, there's anything in marketing and promotional emails, which should be classified as a promotional tab. But it's based on the engagement with the recipients and the users. So if they have, you know, good, good engagement with their recipients, probably the most, primary primary tab of motions. So having the engagement make changes.

Matthew Vernhout 24:32
Anyone else? I've kind of tabs or so that's, I'm in the tabs. We're in the inbox tag camp.

Tom Corbett 24:39
And I think the conversation comes up occasionally, when a customer or senior leader gets one of those promotional emails suddenly goes into the primary tab. And then that's where the conversation comes back again, how do we keep it there? And it's just helping support customer that education explaining that this is all still The inbox and not to focus so much time and effort I'm just trying to

Matthew Vernhout 25:07
read. I think we only have, like one minute left on our scheduled time. So if there's no more questions. Okay, so here's one last question. Oh, we're gonna extend as well. So we have five minutes. So we'll do two more questions. And so I guess the first one will take from the audience and the last one I'm going to reserve for myself, because I think it's a hot topic right now. Quick view on large enterprise changing espys recommendations around warm up, this is always a great conversation, because everybody has a slightly different view, did you want to just give me your 32nd rundown on IP warm up and changing platforms.

Chaitanya Chinta 25:56
So maybe I'll go first. See, depending on the mainstream, if, let's say if, if, if the mainstream is more like a, you know, a daily newsletter or something like that, then I'd recommend to go start slow, and then you know, increase, increasing gradually at around, maybe around 20 25%, every opportunity to grow slowly. And, you know, typically do reach a million million emails a day by about 45 days or so. But again, again, it depends on the data quality, and a lot of things that comes into play to do that, you know, time to time analysis, and then share the feedback back to the customer and then get that can be updated, warmup done. But it actually means i don't i don't think a warmup is specifically necessary. But you could start like, let's say, transactional email, it's more like signup, confirmations and stuff like that. I don't think you would use specifically need a warm up, you could directly start from a good I mean, an existing domain and still continue to do it. So that would be my that'd be my take on it.

Matthew Vernhout 27:11
Arun your next go?

ArunKumar Jagadeesan 27:22
Oh, yeah. So when when the larger enterprises will switch over the vsps, they have to consider about the IP warm up, because if they continue with the same column count, we say used in in a previous psps, it may result in you know, reputation damage. So they have they have to check with a with the data they have and how many IPS has been allocated to them? And what is the IP reputation they have in the new ESP. And they can, yeah, they should start with slow and check the reputation status, you know, there are several tools, right now, in Gmail, they can check the reputation of the domain and the IPS, then, based on that they can increase the volumes. yard, it will take at least three to four days to reach out to their existing volume.

Matthew Vernhout 28:22
Tom, your loss, buddy?

Tom Corbett 28:23
Yeah, I'm not gonna repeat what everyone else is telling you. We follow very similar approaches, I think. We like to do a bit of an audit, you know, with migration, and we like to have an understanding of the IP warming and challenges they had. And I think the key piece a lot of businesses forget to do is give themselves some overlap with the previous provider, don't have a hard cutoff. If your contract ends tomorrow, you have to send everything tomorrow with us. Because it's not going to happen. You need a period of time to warm up. If you came across the challenge, you still have a fall back on your previous provider on getting that revenue to wash to address that challenge that may occur. And nothing is gonna happen. But prepare.

Matthew Vernhout 29:05
Now. That's good advice. That's great advice. We'll try to get to the last question in the chat. But I wanted to ask your thoughts on all these emails that everyone's receiving right now. You know, it seems every time we have a big global event, whether it's can spam or whether it's castle or GDPR. In this case, now it's the Coronavirus or COVID-19. And everybody under the sun you've ever given your email address to is sending you an email about what they're doing. What are your thoughts around a are these necessary? b? If they are, how do you send them in a way that's not becoming annoying? Like I probably received 50 of them last week. So nice to meet Okay, yes, please go ahead.

Chaitanya Chinta 30:01
I see a lot of brands. Yeah, sorry. I see a lot of brands doing it. In fact, I have a large bunch of our customers who are also doing COVID-19 emailers. I don't think I don't think all of them are necessary. Absolutely. Almost all of them are saying, same thing, same thing. If it's, if it's if it's adding value to the customer, at this point of time, maybe, for example, there are a few businesses that can that can really help, right? I mean, for example, on groceries, essentials, that that are needed, for staying at home and then get, you know, still be able to continue whatever they're doing daily, right. So if they're, if, if the, if the brand is helping the end user in in any ways, females are absolutely relevant in that context. But otherwise, if you're just sending about, you know, what, what we are doing to in this COVID-19, where, you know, the end user is not even in touch with you physically, at any point of time. For example, a SaaS company. I mean, it does not really resonate, right. I mean, it does not really help. So that's my view on it.

Matthew Vernhout 31:17
Yeah, I think I'd agree with that. I don't know if there's any legal obligation to send these notices, period. I think a lot of them being informational, such as you know, we've closed our locations, you can access online, or, you know, we've significantly changed the policy within our brick and mortar locations, those types of things certainly makes sense, especially for things like grocery stores and restaurants. But I had a loyalty programme that has no physical locations that I can ever attend, that has a lot of, you know, have a lot of partners. But they sent me one as an example. It's like, so I can use my loyalty card somewhere, and you're gonna make changes to really implement this. And the worst part about it is I've been unsubscribed from your newsletter for about seven years. I still use their loyalty programme, but I don't get their newsletter anymore. And they're still sending me these types of things. So I think there's information that's useful for services that are considered essential grocery stores, pharmacies, you know, those types of things. Yes, it's important, send me that information. Amazon doesn't need to send me that information, as an example, because they don't have a physical location for me to Anyways, I'm going to order from them online. And if they want to say yes, we clean our shipping and receiving locations thoroughly, okay, but you don't need to send every person that's ever had your address, or you've ever used had their address, I think, you know, active customers, if you're going to do that, definitely not people that have unsubscribed. Those types of things. Yeah, we had one last question that I want to try to get to. And I know we're over. Just around Do you think tracking pixels impact? Gmail? deliverability. But I think deliverability in general, anyone? I have opinions on this. I wrote an article about it. So I'm not going to answer a question my Um, okay. Sorry. Anyone? Yeah. I think I just answered it. And the answer is no. That's Yes.Well, yeah, I suppose you could read my article? And, yes, I certainly believe that in cases. In some cases, all links will impact your deliverability to a certain degree, especially when you have links that are shared across multiple service providers, links that are shared across multiple clients, some which may be doing good things, so much, maybe doing bad things. But in the case of if you can brand, your link tracking your pixel tracking as one of your domains, it should not, unless you have bad practices in general, impact your deliverability. I think that's all the time we have. And actually, Andrew, let us go over just a little Thank you. for that. All our Twitter handles are out somewhere. Andrew tweeted them on the inbox Expo account. You can find us there. Were all these to find. And thanks for joining us today. Thank you very much.

Matthew Vernhout 34:45
Thanks. Thanks for joining us today. And stay safe. Thanks. Thank you.