What is Spam? How does it work? And what should we do to prevent it?

Of course, everyone needs an exact answer for this question. But at first, you need to understand how email works and what information it carries.

Have you ever sent a simple postal mail or letter? I Do and I'm sure almost all of you did it too.

Once you write your message & put it into an envelope, stamp it, and drop it in your letter box. The postman will pick it up and carry your letter to the local post office. Then it goes to a distribution center. Finally, it reaches another local post office (destination post office). A postman at the destination carries it to the recipient and drops it in his box.

 

This is the complete postal delivery process and it very much matches to our email delivery system.

 

When you typed your message and hit the send button. What happens next?

Your ISP (Internet Service Provider) has a mail server which collects mail. Once you hit the send button your computer contacts to a mail server and uses a protocol known as SMTP (simple mail transfer protocol) to transfer the message. SMTP is a language that your mail program uses to communicate to a mail server or we can say SMTP is a communication medium between mail servers.

 

Your recipient also has an ISP and mail server. Then, your mail server will contact recipient's mail server using SMTP to transfer the message. These two mail servers are like the local post offices that we use for postal mail.

 

When the recipient decides to check the email, his email program connects to the SMTP server and retrieves mail from the server. Post Office Protocol (POP3) or IMAP (Internet Message Access Protocol), are further used to receive and read emails.

 

Structure of The Message

An email message basically consists of two parts – Header and Body. Let's take a look at both their parts in details to understand the structure.

 

Anatomy of Header

Header is most interesting part of an email. Header includes the information we need in order to track the origin and authenticity of a message. 

 

To understand it here's an example of a message header for an email sent from Sarv.com to sales@sarv.com

 

Delivered-To: pawan.k@sarv.com
Received: by 10.25.162.12 with SMTP id l12csp1774408lfe;
        Tue, 25 Apr 2017 05:08:27 -0700 (PDT)
X-Received: by 10.84.224.70 with SMTP id a6mr38101001plt.25.1493122107536;
        Tue, 25 Apr 2017 05:08:27 -0700 (PDT)
Return-Path: 
Received: from t2.sarv.com (t2.sarv.com. [103.255.102.190])
        by mx.google.com with ESMTPS id 189si22184119pgb.323.2017.04.25.05.08.26
        for 
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Tue, 25 Apr 2017 05:08:27 -0700 (PDT)
Received-SPF: pass (google.com: domain of b-41535503-pawan.k=sarv.com@track.sarv.com designates 103.255.102.190 as permitted sender) client-ip=103.255.102.190;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@sarv.com;
       spf=pass (google.com: domain of b-41535503-pawan.k=sarv.com@track.sarv.com designates 103.255.102.190 as permitted sender) smtp.mailfrom=b-41535503-shambhu.v=sarv.com@track.sarv.com;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=sarv.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sarv.com;
 q=dns/txt; s=sarvtes; bh=z2di1yE7zydcW2/2Oo+wpZVD8AD2dK0H84OAvOLHkoI=;
 h=from:reply-to:subject:to:mime-version:content-type;
 b=RNRG4PK3Stlnx7eWJNkDKJAYK0JiIUHXt/Cs4kSsl8eH7yf2+CpAN3olJp3tc2kYWFgP/aOwgihr
 qav3WRjnlQo6fu6A39gUkG1JSD84Wmx3IAVDMy1cWG9Ai9YBdO36N6AIi3a8vChgD7pTClatICFL
 EyeDNngI0vPWlQzftc8=
Received: from (127.0.0.1) by t2.sarv.com id
 3A2CE68A-3EDF-4371-80BC-7261173B0EA0.1 for ; Tue, 25
 Apr 2017 12:08:23 +0000 (envelope-from
 )
X-Priority: normal
X-Mailer: Sarv.email
MIME-Version: 1.0
Reply-To: Sarv 
X-Unique-Id: <7c91403f68e4e988f96c527f5ccb8926@localhost>
From: Sarv 
To: pawan.k@sarv.com
Subject: Verify your domain for Sarv
Message-Id: <7c91403f68e4e988f96c527f5ccb8926@t2.sarv.com>
Date: Tue, 25 Apr 2017 12:08:23 +0000
X-Mta-Unique-Id:
 pbRqends.pnRssdpd--41535503-3A2CE68A-3EDF-4371-80BC-7261173B0EA0.1.1
Content-Type: multipart/alternative;@sarv.com>@sarv.com>=sarv.com@track.sarv.com>@sarv.com>@sarv.com>=sarv.com@track.sarv.com>

 

   

Takeaway: When you read an email header, the data at the top is the most recent event. If you want to trace the email from sender to recipient, start at the bottom.

 

Header Part -1 (Sender's Computer) 

When Sarv composes the email

  

From: Sarv <support@sarv.com>
To: pawan.k@sarv.com
Subject: Verify your domain for Sarv
Date: Tue, 25 Apr 2017 12:08:23 +0000@sarv.com>

 

Header Part – 2 (Sender's Email Server)

 

When the email is sent through Sarv's mail server

 

Message-Id: <7c91403f68e4e988f96c527f5ccb8926@t2.sarv.com>

Received: from (127.0.0.1) by t2.sarv.com id 3A2CE68A-3EDF-4371-80BC-7261173B0EA0.1 for ; Tue, 25 Apr 2017 12:08:23 +0000 (envelope-from )=sarv.com@track.sarv.com>@sarv.com>

 

Header Part – 3 (Way to Recipient's Email Server)

When the message transfers from Sarv's mail server to Sales official email address

 

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sarv.com;
 q=dns/txt; s=sarvtes; bh=z2di1yE7zydcW2/2Oo+wpZVD8AD2dK0H84OAvOLHkoI=;
 h=from:reply-to:subject:to:mime-version:content-type;
 b=RNRG4PK3Stlnx7eWJNkDKJAYK0JiIUHXt/Cs4kSsl8eH7yf2+CpAN3olJp3tc2kYWFgP/aOwgihr
 qav3WRjnlQo6fu6A39gUkG1JSD84Wmx3IAVDMy1cWG9Ai9YBdO36N6AIi3a8vChgD7pTClatICFL
 EyeDNngI0vPWlQzftc8=
Received-SPF: pass (google.com: domain of b-41535503-pawan.k=sarv.com@track.sarv.com designates 103.255.102.190 as permitted sender) client-ip=103.255.102.190; Authentication-Results: mx.google.com; dkim=pass header.i=@sarv.com; spf=pass (google.com: domain of b-41535503-shambhu.v=sarv.com@track.sarv.com designates 103.255.102.190 as permitted sender) smtp.mailfrom=b-41535503-shambhu.v=sarv.com@track.sarv.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=sarv.com
Received: from t2.sarv.com (t2.sarv.com. [103.255.102.190])
        by mx.google.com with ESMTPS id 189si22184119pgb.323.2017.04.25.05.08.26
        for 
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Tue, 25 Apr 2017 05:08:27 -0700 (PDT)@sarv.com>

 

Additional Header Part (At the Recipient's Email Server)

More information added to the header

 

Delivered-To: pawan.k@sarv.com
Received: by 10.25.162.12 with SMTP id l12csp1774408lfe; Tue, 25 Apr 2017 05:08:27 -0700 (PDT)
Return-Path: <b-41535503-pawan.k=sarv.com@track.sarv.com>

 

Description of all parts

 

Delivered-To: pawan.k@sarv.com

 

Refers to destination email address to which the message will be delivered.
 

from (127.0.0.1) by t2.sarv.com id
 3A2CE68A-3EDF-4371-80BC-7261173B0EA0.1 for ; Tue, 25
 Apr 2017 12:08:23 +0000 (envelope-from @sarv.com><b-41535503-shambhu.v=sarv.com@track.sarv.com>)@sarv.com>@sarv.com>  

 

This part performs a WHOIS check up on IP address. It adds more confidence that email is legitimate. The IP address gives much information about the sender, the location of the sender and the provider.

 

Message-Id: <7c91403f68e4e988f96c527f5ccb8926@t2.sarv.com>

A unique number assigned by t2.sarv.com to recognize the message.

 

Received: from t2.sarv.com (t2.sarv.com. [103.255.102.190])
        by mx.google.com with ESMTPS id 189si22184119pgb.323.2017.04.25.05.08.26
        for 
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Tue, 25 Apr 2017 05:08:27 -0700 (PDT)@sarv.com>

 

Message was transferred from sender's mail server. Message received from t2.sarv.com, by a Gmail server (MX-mail exchanger) on 25 april at 05:08PM

 

Return-Path: <b-41535503-pawan.k=sarv.com@track.sarv.com>=sarv.com@track.sarv.com>

  
Every e-mail message has a field called the "Return-Path" address (sometimes called a "bounce address" or "envelope sender address"). This is the address a message really originated from, and it's the address to which any undeliverable message notices ("bounces") are sent.

 

X-Received: by 10.84.224.70 with SMTP id a6mr38101001plt.25.1493122107536;
        Tue, 25 Apr 2017 05:08:27 -0700 (PDT)

 

This shows the message being received at the first server. Then an ID is applied to it so the message can be tracked. A not required portion of the header.

 

Received: by 10.25.162.12 with SMTP id l12csp1774408lfe;
        Tue, 25 Apr 2017 05:08:27 -0700 (PDT)

 

The message was finally received by the recipient's mail server (Gmail Server) from the recipient's mail exchanger.

 

MIME-Version: 1.0

 

MIME stands for Multipurpose Internet Mail Extension. “MIME-Version: 1.0” is currently the only defined MIME version header. Identify the MIME-type of data in the body.

 

Content-Type: text/plain;

 

If MIME type is “text/plain” mail software knows to handle it as plain text.
 

Content-Type: text/html;

 

If MIME type is “text/HTML” mail software knows to handle it as HTML form.

 

What is SPF?

SPF stands for "Sender Policy Framework". SPF is a DNS record which when created in a domain helps tracking which IP is used to send mails using your domain. SPF record is a great medium to prevent spammers from sending messages with forged From address.
 

Make sure to create the SPF records for all IPs used in sending mails. If there is any IP found without SPF records, then mails will land in junk/spam folder or will be ultimately blocked by the ISPs. Your each mails will be judged by the ISPs before entering the inbox or even mailbox. 

 

Note: SPF is not directly about stopping spam email. Remember not all spam is forged, virtually all forgeries are spam.

 

If messages were SPF-authenticated, a ‘mailed-by’ header with the domain will appear.

 

SPF is a way for ISPs (like Gmail, Yahoo, etc) to verify that a mail server is authorized to send email for a domain.

 

What is DKIM?

DKIM stands for “DomainKeys Identified Mail”. It is another method used to authenticate an email. This process is very helpful to protect receivers and senders from forgery and phishing.
 

'The message which you sent is similar to the received message or not', this is confirmed via DKIM records which are made in DNS records of the domain. This is necessary to bypass certain malicious intermediate activities and to ensure correct delivery.

 

There are two corresponding "keys" - one Public Key and one Private Key.

 

When email is sent, it is encrypted (sender's mail server) using a private key and decrypted using a public key on the receiving mail server.

 

DKIM failure is considered negative by ISPs, thus landing mails either in junk or blocked altogether. DKIM is a method to validate the authenticity of email messages.

 

If a message was DKIM authenticated, a ‘signed-by’ header with domain will appear.
 

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sarv.com;
 q=dns/txt; s=sarvtes; bh=z2di1yE7zydcW2/2Oo+wpZVD8AD2dK0H84OAvOLHkoI=;
 h=from:reply-to:subject:to:mime-version:content-type;
 b=RNRG4PK3Stlnx7eWJNkDKJAYK0JiIUHXt/Cs4kSsl8eH7yf2+CpAN3olJp3tc2kYWFgP/aOwgihr
 qav3WRjnlQo6fu6A39gUkG1JSD84Wmx3IAVDMy1cWG9Ai9YBdO36N6AIi3a8vChgD7pTClatICFL
 EyeDNngI0vPWlQzftc8=

 

 Explanation of parts:

v – DKIM version

 
v=1


 
a – signing algorithm (algorithm used to generate the signature)

 
a=rsa-sha256


 
c - the canonicalization algorithm(s) for header and body – Simple algo & relaxed algo

 
c=relaxed/relaxed

 

 
d – signing domain (domain that sends the message)

 
d=sarv.com
 

q = the default query method (The method used to look up the key on the signing domain)

 
q=dns/txt
 

s – selector (used to find the corresponding Public Key to validate the signature)

s=sarvtes 

 

bh – Body Hash

bh=z2di1yE7zydcW2/2Oo+wpZVD8AD2dK0H84OAvOLHkoI= 


h – list of signed header fields (list of fields that have been "signed" to verify that they have not been modified)

 
h=from:reply-to:subject:to:mime-version:content-type

b - Actual digital signature (body & headers) of email

b=RNRG4PK3Stlnx7eWJNkDKJAYK0JiIUHXt/Cs4kSsl8eH7yf2+CpAN3olJp3tc2kYWFgP/aOwgihr
 qav3WRjnlQo6fu6A39gUkG1JSD84Wmx3IAVDMy1cWG9Ai9YBdO36N6AIi3a8vChgD7pTClatICFL
 EyeDNngI0vPWlQzftc8=

 

DMARC

DMARC stands for “Domain-based Message Authentication, Reporting & Conformance.”

 

If a domain is not signed with DKIM & SPF then DMARC is authorized to handle authentication part; accept mail, reject mail or filter mail. This is another factor which will decide the sender reputation by deciding the domain reputation. For implementing DMARC one needs to check all the IPs which are sending mails and whether these IPs are listed in SPF or not. If not then DMARC will take next decision.

 

DMARC helps to prevent spammers from email spoofing, phishing related activities. DMARC comes in action when either of SPF or DKIM are missing. 

 

Ex: Paypal Spoofing - a spammer sends an email to you pretending to be a bank or financial agency in an effort to obtain your account information. DMARC ensures these emails get blocked before you even see them in your mail-box.

 

Anatomy of Email Body

If you want to get more out of your email campaigns, your email content must convey your message clearly to your subscribers. You must create a perfect email design.
 

Here are some essential elements of the perfect email design.

 

• Pre-header

• Header

• Primary Message

• Secondary Message

• CTA

• Footer

 

Here's an example of Sarv.com email newsletter

   

Let's discuss all the elements in particular order.

 

Pre-header

• The pre-header is important because the pre-header text actually shows up next to your subject line.

• Pre-header text is an extension of your subject line

   

• It gives recipients an idea about your message content outline, so secommended is to mention the motive of your email without revealing everything.

• Don't repeat your subject line in your pre-header text. Create something new.

• Don't delete your view online link.

 

As you can see in Sarv.com Email Newsletter
 

 

Vidyard Pre-header Example

 

 

Header

• Header is the first thing visible to your recipients when they open your email.

• It must contain logo, navigation links, and along with this we may add unsubscribe link, social media links or other additional information (phone number).

• Keep your header consistent.

• Make it responsive for mobile users.

 

See Sarv.com Header
 

 

See Fab's email header

   

Kizoa Header Example 

 

 

Primary Message

• The primary message is the part which gives a detailed information which you wanted to share.

• It could be anything like – You're offering something, promoting a new product/service, or encouraging people to sign up for a webinar/event etc.

• Your message should be very clear & concise shown within this section. If nature of your email is trsansactional choose content accordingly without misxing marketing content

• It must contain a title, some text (short description), a visual and a clear call-to-action (CTA).

• Be creative with your primary message so that the reader can complete it at least within 10 seconds. Make sure you write in a way that important info is read for sure. Its no big problem if the reader left out some non-essential part of message, but they should know the overall essence of message.  

 

As you can see in Sarv.com Newsletter
 

 

Here's another example of Wix.com Newsletter

 

 

Secondary Message

• What if your subscribers are not interested in your primary message? Secondary messages give you an opportunity to provide more offers, content or products that your prospects might be interested in.

• Secondary content should also contain a title, a short description, a call-to-action, and an image.

• Don't use multiple secondary messages in your email. Subscribers don't have much time to see your message and It can irritate them.

 

See how Sarv.com use Secondary Message in Newsletter

     

 

 

Call-to-Action (CTA)

• Your email (primary & secondary message) must have a clear, well-defined & actionable call-to-action.

• Call to action can be defined as an image, text, or button that encourage the subscribers to click on it. So, the name is “call” to take an “action”.

• Don't use terms like click here. Use descriptive phrases which tell what you want your subscribers to do. Example – Shop Now (Offer or discount), Get the Demo (New product), Reserve Your Seat (Event or webinar), Register For The Free Webinar, Download the Guide etc.

• Make it large enough to click on mobile devices.

 

CTA is the best option to make your newsletter more attractive. It's the great way to get more conversions if used the intelligently. Don't forget to Test your CTAs.

 

How Sarv.com use CTA in this Campaign, See Below
 

 

Here's an example of Marketo Webinar Newsletter

   

 

 

In this email of Photobucket – the whole image act as CTA
 

 

Footer

• The footer should include address, social media icons, forward to a friend link, unsubscribe link, email signature, terms of use, privacy policy or other useful information.

• DON'T hide your unsubscribe link. If you do that; it's going to encourage subscribers to mark your email as Spam.

 

See Sarv.com Footer in Newsletter
 

 

Here is an example of Photobucket footer
 

 


We hope now you have understood the anatomy of an email message. Do you want to share something? or you have any queries? Please do drop in the comment section below!