BLOG

Ask Laura: Should I let my ESP give me a shared IP?

GraniteTrees


Dear Laura,
Our company has been shopping around for ESPs and most of them want to put us on a shared IP address. I have always heard that senders should get dedicated IPs. Will this hurt our deliverability?
Regards,
Sharing is Hard


Dear Sharing,
For a long time, IP reputation was the major factor in identifying good mail from bad mail. Good IPs helped mail get into the inbox. Poor IPs were blocked or mail was sent to the bulk folder.
Today, IP reputation isn’t as important, and here’s a look at how this evolved:
The first big thing that happened was spammers and cybercriminals figured out how to manipulate IP-based filters. They stole reputations, used tens of hundreds of IP addresses, registered hundreds of thousands of fake email accounts to influence ISP reputation filters, and many other things. Some highlights from our blog (you’ll notice we haven’t written much about IP reputation recently…):

  • Email moved to IPv6. IPv6 space is big. Really Big. Bigger than you think. Because it’s so big, IP blocking isn’t going to work the same over v6. IP addresses are so plentiful in v6 that spammers could use one IP per email and basically never run out of IPs, even in the allocation most ISPs are giving to home users. Filtering had to change or ISPs were going to melt down from being unable to handle so many v6 addresses.
  • Technology got better. It’s only been in the last decade or so that machine learning technology has become ubiquitous and affordable (for more on the current state of machine learning, check out Google’s publications list). We are in the era of big data, so it makes sense that big data can be used for filtering. Machines can evaluate so many factors they can identify spam that’s trying to elude spam filters.

With this shift in reliance on IP reputation, it isn’t as much of an issue to use shared IP addresses:

  • With a shared IP, you get to avoid many of the challenges of warming up a new address when you change ESPs.
  • Many good ESPs have shared pools that they monitor for bad behavior. (They monitor dedicated IPs, too, but often with dedicated IPs, they assume any bad behavior is yours, and may not rush to help you resolve them as quickly).
  • ISPs are applying reputation to more than just IPs. They’re measuring domain reputation, URL reputation and authenticated domain reputation. We don’t get a lot of feedback about those — there aren’t domain FBLs really — but the ISPs have that data.

We have a few suggestions for senders who use shared IP addresses:

  • Use your own domain in the DKIM signature so you can establish your own domain reputation separate from the other tenants on the IP address
  • Take advantage of any personalization the ESP allows in the return path.
  • Brand your emails clearly and use consistent visual design elements so the mail looks like yours to both the filters and your recipients.

Overall, I don’t expect a well managed shared IP to contribute to any more deliverability problems than a well managed dedicated IP. The ISPs have gotten extremely good at splitting out mail streams that share the same IP. Your mail, if it’s good, will be inboxed even if there is bad mail going across your shared IP. Thats not 100% of course, really bad senders can contaminate whole IP ranges. But most of the time a shared IP is fine for most senders. The only real downside of a shared IP is that it is ineligible for certification. But the vast majority of my clients aren’t certified and make it to the inbox just fine.
Sharing the love on shared IPs,
Laura


Confused about delivery in general? Trying to keep up on changing policies and terminology? Need some Email 101 basics? This is the place to ask. We can’t answer specific questions about your server configuration or look at your message structure for the column (please get in touch if you’d like our help with more technical or forensic investigations!), but we’d love to answer your questions about how email works, trends in the industry, or the joys and challenges of cohabiting with felines.

5 comments

  1. Ken O'Driscoll says

    Hi Laura,
    While I agree that IP reputation as a means of spam classification is on the decline, I think it’s premature to write it off just yet.
    1. IPv6 is nowhere near universal roll-out. Sure, large mailbox providers may support it, but the vast majority of the Internet and consequently email systems are still communicating over IPv4.
    2. Even with most efficient ESP anti-abuse desks, RBL de-listing will always take some time.
    3. On-premise email servers and filtering appliances still weight IP reputation to a greater degree than some cloud providers.
    I believe a dedicated sending IP, even for low-volume senders, still has it’s advantages.
    Ken.

  2. Joanna Roberts says

    Great article, thanks Laura. I just wanted to comment on something you said in your last paragraph, that shared IPs are ineligible for Certification. With the introduction of Domain Certification earlier this year, I’m happy to say that senders on shared IPs can now be certified with Return Path. We just published a blog post of our own about IPv6 and Domain Certification here: https://blog.returnpath.com/shared-ips-domain-certification/. Hope this helps clarify things a bit!

    1. laura says

      The IPs still aren’t certified, are they? Just the domains?

  3. Dale Langley says

    Great article as always Laura. Spammers have been involved in a game of cat & mouse with ISP’s since the first filters were introduced and will always look for ways to game the system.
    The use of dedicated IP’s was initially a good method of being able to recognise good vs. bad senders but advances in technology (and machine learning) have made it now possible for ISP’s to do the same on shared IP’s. Because ISP’s are able to measure subscriber interaction (with a senders IP/domain OR the actual mailbox) they’re able to much more accurate in filtering decisions across shared/dedicated IP’s and now IPv6.
    So regardless of what type of IP you’re using, if you as a sender are sending mostly to mailboxes that are logged into regularly and where email (from any sender) is frequently read, that’s a huge positive and it shows you’re sending to an active mailbox. If your email is being read, replied-to and archived, that’s another positive sign.
    However, if your email is being deleted without reading, marked as spam, ignored or sent to inactive mailboxes/mailboxes where subscribers only read a low percentage of all the email they receive, that’s a negative and could lead to your email being filtered to the junk folder.
    We’ve published a lot on the use of these metrics in deliverability so if anyone wants to learn more, I’d encourage a watch / read of these:
    Webinar: https://returnpath.com/webinars/hidden-metrics-email-deliverability-webinar/
    ebook: https://returnpath.com/downloads/metrics-benchmark/
    I also think this graphic from your blog is a great illustration of the various factors that influence a senders deliverability: http://wordtothewise.com/wp-content/uploads/2015/11/NewDeliverabilityModel.png

  4. Morgan says

    Hi Laura,
    Thanks for the insite. We’ve been using Return Path for almost 5 years for IP certification, however we just found out that our IP is actually in terrible shape. Do you think it’s worth being certified if partners like Return Path don’t have relationships with Gmail?

Comment:

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.