What affects email deliverability more, DKIM signing or sender score?

EQ Admin

EQ Forum Admin
Staff member
I was recently involved in a discussion about what matters more, Sender Score or DKIM signing?

As an ISP email engineer that provides SMTP relay service for email sent by others, my primary focus is protecting the Sender Scores of those SMTP relays, for example:

Sender Score 98.jpg


A growing number of customers have SPF records. A few have implemented DKIM / DomainKeys.

It is my experience, based on what typically helps get customer tickets resolved, that SPF and DKIM help get email delivered to the inbox vs. the spam folder, but they don't play a major role in bypassing reputation checks that determine a sender has a low sender score. A high sender score is required to even consider getting an email looked at, and the the SPF & DKIM are some of the factors that can help with not getting filtered to the spam folder.

I'm expecting that other factors matter more such as long term positive interactions such as are their recipients at large email services replying to and clicking links in the email?

A broken or misconfigured SPF and/or DKIM record can override a great sender score and cause deliverability issues.

My ranking of what seems to matter the most can be found from top to bottom in this recent post:

Gmail delivers email from my exchange server to the spam folder | Email Questions

The next example I'd like to discuss is the owner of a VPS with a fairly big forum who recently changed IP addresses:

Sender Score 55.jpg


The specific high impact metric impacting that score is "sender rejected"

The IP has a PTR that appears dynamic and not statically assigned to a mail server.

It was reported that the forum has issues with being marked as spam before the IP address change.

Without knowing the specifics of the email being sent I'd recommend checking the following:
  • Check the outgoing mail logs for any signs of a compromised plugin sending spam
  • Are too many registration confirmation emails being sent to spammers?
  • Is there a plugin sending "forum newsletters" to email addresses that didn't subscribe?
  • Are there other web sites on the same server that could be causing the score to stay low?
  • Are members with email addresses that bounce getting their thread subscriptions removed?
  • Is the IP on any blacklists related to a previous account at the hosting company?
Again, working off personal experience and not concrete facts from the logs, I'm expecting ISP's such as Comcast to possibly be outright blocking the email based on sender score, while large email service providers such as Google weighting the score and using additional factors to determine Inbox vs. Spam.

In this case, if nothing else improves, how much could creating an SPF record and DKIM signing outgoing email help the forum owner to get their emails accepted and delivered to the inbox?

How does that answer change as more email services implement DMARC on their incoming mail servers?

Keep in mind this type of sender is probably not trying to help get bad email blocked so much as trying to get what is supposed to be good email accepted.

Should we expect at least a small shift away from the importance of Sender Score?

The last case I'd like to bring up is that of the sender with no sender score:

Sender Score Insufficient.jpg


There are senders in this category that believe creating SPF records and DKIM signing play a HUGE role in helping email service providers determine what to do with their email.

What is the actual impact these improvements should make on getting email accepted and inbox delivered?

I suspect no sender score is better than a score below 60, and that it varies by provider how suspicious they treat the email.

A sender in this category stated an improvement from email rejected to email accepted by Hotmail.

It's unknown to me if that meant accepted but delivered to the Junk folder.

I don't think any of the senders in the 55 or insufficient group know if they're going mostly to the Inbox or Junk and that they are relying on member feedback to find out if/when there are problems.

All that said, I'm left wondering which matters more, DKIM signing or Sender Score?

My take is that Sender Score gets you in the door and SPF/DKIM help get you to the inbox.
 
Last edited:

EQ Admin

EQ Forum Admin
Staff member
The following from the Yahoo Mail deliverability FAQ helps to put Sender Score (IP address reputation) and DKIM into perspective:

How does Yahoo Mail determine a mailer's overall reputation?

Yahoo Mail considers many factors including, but not limited to:
  • IP address reputation
  • URL reputation
  • Domain reputation
  • Sender reputation
  • Autonomous System Number (ASN) reputation
  • DomainKeys Identified Mail (DKIM) signatures
  • Domain-based Message Authentication Reporting and Conformance (DMARC) authentication
 

EQ Admin

EQ Forum Admin
Staff member
I linked back to this discussion from the Sender Score row of the encrypted email service providers page.

Why do the sender scores matter? Low sender scores can result in email being rejected or delivered to the spam folder.

If you sign up for a new email address, and your contacts can't receive your email, that's a problem.

Here are the scores I was able to verify during the past 24 hours:

@hushmail :
Hushmail Sender Score.jpg


@ProtonMail :

ProtonMail Sender Score.jpg


@Sergei :
SCRYPTmail Sender Score.jpg


@Tutanota : - Tutanota email delivers to the spam folder at Gmail | Email Questions
Tutanota Sender Score Down.jpg
 
Last edited:

KentM

ReturnPath
I was recently involved in a discussion about what matters more, Sender Score or DKIM signing?

Overall a high SenderScore will impact deliverability more than just DKIM alone, but maybe not for the reasons you think.

Although authentication (DKIM, SPF and DMARC) is the very cornerstone of reputation it is not too often you will see mailbox providers outright block email because of failed authentication unless you have a p=reject DMARC policy, but you may see increased bulking.

SenderScore is like a credit score only for an IP, the higher the score the more likely the email is to be delivered to the inbox and the better the reputation of the IP. Does that mean that all IPs with a high SenderScore will automatically hit the inbox at all mailbox providers? No, the metrics that lead to a high score do play a huge role in the reputation of the IP, but not all mailbox providers use SenderScore in their filtering decisions. Now while they might not use it in their filtering decisions we can show a direct relation to IPs with a high score and inbox placement due to the metrics we look at to determine the score, such as unknown user rate, spam trap hits, complaints, messages rejected and volume. Senders with poor practices will end up with lower scores and in turn will have delivery issues because of it.

One thing I did want to clear up, you state that a high score will result in bypassing some reputation checks at mailbox providers, that is not the case. IPs that are part of our certification program (Certification - Return Path) can bypass some of the reputation checks, but a high SenderScore alone will not do that.

Kent McGovern
ReturnPath
 

compleo

Valued Member
I noticed in Proton a black circle with a white check mark when i opened an e mail.So shows this," i moused over it,"DKIM is valid",had no clue as to what this meant.The e mail provider chart shows the sender score but should the DKIM also be mentioned.

I use Tutanota & Scrypt also & Proton is the only e mail provider that shows the DKIM in the inbox mail.
 

EQ Admin

EQ Forum Admin
Staff member
As a user I believe DKIM's biggest impact on your email experience is that you should be less likely to receive forged email from well known domains. It should cut down on the PayPal, ISP, and other customersupport@ types of phishing emails that try to get you to clink links and steal your passwords. It helps the email service providers make decisions about an email as it's being received/delivered. If a trusted company signs their email, and an unsigned email shows up claiming to e from them, that's a red flag. End result is that when your email provider starts validating you should get less spam & phishing email to your inbox.
 
Top