Email deliverability for recruitment agencies in 2024
5 minute read
By Alex Mcauley on
When recruitment agencies communicate with potential candidates, email remains a crucial tool. However, one of the biggest challenges faced by these agencies is ensuring their emails actually reach the inboxes of their intended recipients. Often, emails sent by recruitment agencies are misidentified as spam or are blocked by email service providers. This problem can significantly impact the effectiveness of their recruitment efforts. To understand why this happens, it's essential to delve into three key concepts: DKIM, SPF, and DMARC.
Back in 2023 Google (gmail) and Yahoo announced extra inbox protections to tackle ever growing spam and phishing, in early 2024 these proections will be put in to practice which will likely affect your ability to reach the inbox of any client or candidate using their email services if your email service is not setup properly. If you're fortunate enough to be a client of ours then you're already covered as we help you do all of the required steps as part of our setup and onboarding process, however, not all vendors are equal so it's probably worth checking your email settings just incase.
We will run through the three main checks that Google, Yahoo (and other providers) use to authenticate the sender of an email to make sure the sending path is legitimate. Of course, passing these checks does not mean that your email will automatically end up in the intended inbox but failing them will certainly make sure it does not.
DomainKeys Identified Mail (DKIM)
DKIM is an email authentication method designed to detect forged sender addresses in emails. It allows the receiver to check that an email claiming to be from a specific domain was indeed authorised by the owner of that domain. This is achieved through a digital signature linked to the domain's name. When a recruitment agency sends an email, the DKIM protocol adds an encrypted signature to the header of the message. Email servers receiving the message then use this signature to verify the email's authenticity. If the DKIM signature is invalid or absent, the email might be rejected or marked as spam.
Sender Policy Framework (SPF)
SPF is another email authentication method that helps detect and block email spoofing. It allows the owner of a domain to specify which email servers are permitted to send emails on behalf of their domain. When an email is sent, the receiving server checks the SPF record of the sender's domain to verify that the email is coming from an authorised server. If an email from a recruitment agency is sent from a server not listed in the SPF record, it may be flagged as unauthorised or spam.
Domain-based Message Authentication, Reporting & Conformance (DMARC)
DMARC is a protocol that uses both DKIM and SPF to determine the authenticity of an email message. DMARC allows domain owners to indicate that their emails are protected by DKIM and/or SPF, and tells receiving email servers how to handle emails that fail these checks. It also provides a way for email senders to get feedback on how their messages are being handled. For recruitment agencies, implementing DMARC can significantly increase the chances of their emails being delivered successfully, as it gives more confidence to email servers about the legitimacy of their emails.
Why Emails May Not Get Through
- Incorrect DKIM Settings: If a recruitment agency's DKIM settings are misconfigured, their emails might fail the DKIM check, leading to delivery issues.
- SPF Failures: If the agency's emails are sent from a server not included in their SPF record, the emails could be rejected or marked as spam.
- Lack of DMARC Policy: Without a DMARC policy, there's no clear instruction for email servers on how to handle emails that fail DKIM and SPF checks. This can result in legitimate emails being blocked or sent to spam folders.
- Aggressive Spam Filters: Sometimes, even with proper DKIM, SPF, and DMARC settings, emails may still be caught by aggressive spam filters used by some email providers.
Extra protections
Alongside the email authentication protections mentioned above Google and Yahoo (specifically) have stated a couple of extra reqwuirements for their service they are as follows:
- Enable easy unsubscription - you will need to implement a single-click unsubscribe link within emails if they haven't already, to allow recipients to easily opt out.
- Only send emails users want - Gmail and Yahoo are getting serious about spam monitoring and senders will need to ensure they're keeping below a set spam rate threshold.
- Spam rate - your spam rate must be kept below 0.3%. Your spam rate is the rate of complaints versus the number of emails sent as an example; for every 1000 emails sent you can have no more than 3 spam complaints to be kept under this threshold. What does this mean in practice? Don't send emails that don't need to be sent or emails that are likely to be reported and choose your email wording wisely!
Both of these extra requirements should be no brainers, however, we see (and recieve) across the board emails from unscrupulous recruiters that are risking their sending domain and with it their ability to send valid transactional emails such as registration, job application, email alert and messaging notifications to their candidates and clients.
For recruitment agencies, understanding and correctly implementing DKIM, SPF, and DMARC is crucial for ensuring their emails reach the candidates. A misstep in any of these areas can mean the difference between a successful recruitment campaign and missed opportunities. As such, agencies should regularly review and update their email authentication practices to keep up with evolving email security standards.
If you are worried or concerned about the state of your email authentication or your current vendor doesn't know SPF from FBI then get in touch for a free email check and consultation. Being blacklisted from some of the largst email providers on the internet will certainly have dire effects on your recruitment agency and its ability to operate.