Spam Control Guidelines and Best Practices
Incoming emails - Spam Processing
Zoho Mail automatically scans all the incoming emails for Spam based on various parameters. Apart from the built-in Spam filters, the organization administrators can control the spam settings, add emails and domains to Blocked List and Allowed List, monitor using quarantine, or bounce back emails based on various rules and email policies.
Popular and custom Blocked List:
The incoming IP Address/ Domains/ Email addresses are processed against different blocked lists. In case IP Addresses/domains/email addresses are found to be listed in any of the popular Blocklists, such incoming emails are blocked and bounced back.
Organization Blocked List and user-level blocklists:
Apart from the custom Blocklists, the IP Addresses and domains are also checked against our exhaustive lists, at various levels. The organization's Blocked List defined by the administrator, the individual Blocklists created by individual users is also used for Spam filtering.
SPF/ DKIM checks:
The incoming emails are validated for SPF and DKIM records and are also analyzed for DMARC policy based on the domain settings. In case there are SPF/ DKIM failures, such emails are classified as Spam and considered as spoofed emails generated from suspicious sources. You can customize the level of SPF/ DKIM filtering from the Spam Control section in the control panel.
Spam matching:
Further, the emails are also automatically filtered for Spam/ Phishing email patterns. Only the emails that do not get marked any of those lists reach your Inbox as Not-Spam or valid emails.
Spam Incident Reports:
When the emails generated from a particular domain is found to be spam, such incidents are reported to the email addresses abuse@thedomain.com and postmaster@thedomain.com. As service providers for the domain, we need to take appropriate actions on such reports, communicate to the administrator of the domain, and report back to other service providers, regarding the action taken on the abuse complaint/ spam report/ malware notification.
Hence we monitor the emails sent to abuse@ and postmaster@ aliases belonging to your domain. Hence you will not be able to use these email addresses as individual accounts or aliases for individual accounts. However, you can create Groups named abuse and postmaster and add yourselves as members to the Group. By doing so, the member added will receive a copy of the email being sent to those email addresses. The Zoho abuse monitoring team will also receive a copy of the same email.
Spam emails in the Inbox
Even after multi-layered Spam filtering, some spam emails may end up in your Inbox, escaping and overcoming all the filters. In such cases, we recommend you to use 'Mark as Spam' to mark such emails as Spam. Our Spam filters are designed to learn based on your markings and patterns. This will help future emails from similar sources or in similar patterns to be identified as Spam emails for the particular user.
Guidelines to avoid incoming Spam:
Avoid providing your email address in public forums/ blogs -
Spammers have automatic scripts that scan through the pages, looking for links and email addresses to add them to their lists. Once you get on a Spam list, you will never be able to get out of the list. If you must share, better send it as a direct message or use plain text formats like username (at) me (dot) com instead of formatted email addresses.
Avoid giving your Email address for other Website Sign up:
It is better to avoid giving your official email address for signing up on a website. Mainly if the privacy policy of the website does not assure you that they do not provide your email address to third parties, it is advisable to use temporary email aliases, which can be disposed of later when no longer needed. When you use disposable aliases, it is easier to identify the source of Spam and delete the alias that may no longer be necessary.
Don't use out of office replies to external messages:
When you set up vacation responses or auto-response for emails, make sure that you set auto-response to be sent only to your contacts and not for all the emails. This way you can avoid unknown contacts from being in your Allowed List/Allowlist, based on your response to the unknown email addresses.
Disable external image auto-download and display:
In most of the Spam/ Phishing emails, spammers embed external images and send emails. When users open the emails and display the images, they automatically track the user based on displayed images and clicks.
Unsubscribe from unwanted newsletters/ notifications:
If you keep receiving tons of unwanted emails from a website you signed up decades ago, try unsubscribing from those lists. During Signup, look for 'Newsletter subscription' or 'announcement subscription' check boxes ad uncheck them, if you do not want to receive newsletters from the website.
Similarly, you can disable email notifications or consider receiving email digests every week or every month to reduce the frequency of such emails or handle them better.
Outgoing emails - Better deliverability guidelines
SPF/ DKIM/ DMARC:
When you send emails to your contacts, the recipient servers also validate your emails to check if it is spam. The domains need to have proper SPF/ DKIM/ DMARC configuration to make sure that they do not get marked as Spam.
Avoid sending bulk emails/ mass emails or newsletters from Zoho Mail.
If you have to send mass emails or newsletters, it is better to avoid sending such emails using automated programs using your normal email credentials. You can use specific services (like Zoho Campaigns), which have bulk sender guidelines, features to create subscriber list and remove unsubscribers based on their interest, and provide detailed reports about the email delivery and open rate.
You can also use Zoho ZeptoMail which is specifically designed and optimized to send transactional emails to your customers.
Embedding external images in emails:
In signatures, it is better to directly insert an image instead of inserting an external image and adding a hyperlink to it. Some of the email servers do not accept emails embedded with external images. In case you notice that your emails are being bounced by some particular servers, you can check once by sending emails without any external images to check if that server has restrictions in accepting emails with external images.