by Anil Jalela | Aug 6, 2025 | Email
Google has introduced a new “Manage Subscriptions” feature in Gmail, giving users unprecedented control over their inboxes. With a centralized dashboard and a one-click unsubscribe option, people can now manage promotional emails with ease. For marketers, this means the days of relying on passive subscribers are over. The focus must shift toward delivering relevant, personalized, and genuinely valuable content.
While unsubscribe rates may increase in the short term, the long-term benefits are clear. Fewer spam complaints, stronger sender reputations, and cleaner subscriber lists will ultimately create a healthier email ecosystem built around engaged audiences.
How the Feature Works:-
With this update, Gmail now provides a Manage Subscriptions tab where users can see all their active email subscriptions in one place. These subscriptions are often organized by sending frequency, making it easy to spot who is sending the most.
From this dashboard, users can unsubscribe from any sender with a single click. They no longer need to scroll to the bottom of an email to find the unsubscribe link. The process of decluttering an inbox becomes much faster, giving users complete control over their email flow. Below is 3 main functionality of the Manage Subscriptions
Consolidated View
Gmail users have access to a central “Manage Subscriptions” tab that displays all active subscriptions, often sorted by frequency.
One-Click Unsubscribe
Users can unsubscribe from any sender instantly, without hunting for links inside the email footer.
Simplified Inbox Management
This dashboard makes it easier for users to declutter their inboxes and control the flow of promotional messages.
Impact on Email Marketers:-
Increased Unsubscribes
Marketers should expect unsubscribe rates to rise, especially in certain situations. People are more likely to opt out when content is irrelevant, when they receive too many emails in a short period, or when the value of the messages is low. Inactive subscribers who have not engaged for months are also more likely to leave once reminded of their subscription. Poor onboarding, where expectations about email frequency or content type are unclear, also drives unsubscribes.
Unsubscribe rates are expected to rise under specific conditions:
Irrelevant Content – Messages that don’t reflect subscriber interests.
High Frequency – Sending too many emails in a short time.
Low Value – Repetitive or generic promotions with little benefit.
Inactive Subscribers – People who haven’t engaged for months.
Unclear Expectations – Onboarding that fails to explain content type or frequency.
Focus on Quality Over Quantity
The new feature reinforces the need to send fewer but higher-quality emails. Subscribers will quickly abandon lists that rely on mass blasts with no personalization, campaigns that push constant promotions without value, or irrelevant offers sent without proper segmentation.
Subscribers are more likely to stay engaged when content meets their needs. Unsubscribes increase if marketers rely on:
Mass Blasts – One-size-fits-all messages with no personalization.
Lack of Segmentation – Sending irrelevant
Over-Promotion – Constant sales-driven emails with little educational or useful content.
Opportunity for List Hygiene
Although higher unsubscribes may feel discouraging, they lead to healthier lists. Removing inactive or disinterested subscribers ensures that only engaged people remain. Re-engagement campaigns can give dormant subscribers a chance to confirm their interest, while making the unsubscribe option easy prevents frustration and spam complaints.
The feature helps marketers maintain cleaner, more engaged lists. Best practices include:
Removing Inactives Regularly – Subscribers inactive for 6–12 months should be suppressed.
Re-engagement Campaigns – Offering dormant users the chance to confirm interest.
Easy Opt-Outs – Encouraging unsubscribes instead of risking spam complaints.
Improved Sender Reputation
A cleaner list means fewer spam complaints and better engagement signals such as opens and clicks. Internet service providers view this as a positive sign, improving deliverability over time. Respecting unsubscribes immediately also demonstrates compliance and builds trust with Gmail and other providers.
Deliverability improves when unsubscribes are respected:
Lower Spam Complaints – Fewer users resort to the “Report Spam” button.
Stronger Engagement Signals – Opens and clicks improve as only engaged users remain.
Compliance Signals – Honoring unsubscribes immediately builds trust with Gmail and other providers.
Emphasis on Customer-Centric Strategies
Marketers must put the subscriber first. This means using data to personalize content, offering preference centers where people can choose frequency or topics, and delivering messages that inform, entertain, or provide genuine help. Respecting consent and sending only to those who opted in is no longer optional — it is essential.
Success will rely on customer-first approaches such as:
Data-Driven Personalization – Tailoring content to behavior and preferences.
Preference Centers – Letting subscribers choose topics and frequency.
Balanced Content – Mixing promotions with helpful or educational information.
Respecting Consent – Emailing only those who have clearly opted in.
What Happens When Users Unsubscribe
When someone unsubscribes through Gmail’s Manage Subscriptions dashboard, a one-click unsubscribe request is sent using the industry standard defined in RFC 8058. This request is designed to remove the email address from all of the sender’s mailing lists.
If marketers ignore the unsubscribe request and continue sending, the consequences are serious. Users will likely mark those emails as spam, and Gmail may treat the sender as non-compliant. Over time, this damages deliverability, reduces inbox placement, and harms both domain and IP reputation.
Another challenge arises when the same email address is stored across multiple lists under the same sender. From the user’s perspective, unsubscribing once should stop all unwanted emails. If only one list is updated but others remain active, subscribers feel misled. This not only leads to frustration and spam reports but also increases legal risks under regulations such as CAN-SPAM and GDPR. The best practice is to apply unsubscribes globally across all lists tied to the same address, unless the user specifically manages preferences in a transparent preference center.
How Marketers Can Adapt
To succeed in this new environment, marketers must prioritize personalization and relevance. Messages should be crafted to match subscriber needs and interests. Audience segmentation is critical to ensure that the right people receive the right content at the right time.
Value must be at the heart of every campaign. Content should provide a clear benefit, whether that is education, entertainment, or practical help. Standard best practices such as double opt-in, careful data collection, and AI-driven personalization will continue to be important. Most importantly, marketers should honor unsubscribes immediately and treat one-click unsubscribes as a signal to stop all non-transactional emails.
Note:- To resubscribe, you must locate an email from the sender in your spam folder, then select the “Report not spam” option to move it back to your inbox, which can reactivate the subscription.
Final Thoughts
Google’s Manage Subscriptions feature is a reminder that the inbox belongs to the user. Marketers who rely on inflated lists or outdated tactics will see higher unsubscribes. But those who respect user choice, focus on relevance, and build trust will thrive.Unsubscribes are not the end of a relationship; they are the beginning of a cleaner, more engaged audience. The future of email marketing belongs to those who earn attention rather than demand it.
by Anil Jalela | Jun 5, 2025 | Email
Understanding the CAN-SPAM Act: A Practical Guide for Ethical Email Marketing. In a time where inboxes are flooded with daily messages, email continues to be one of the most effective and direct tools for business communication and digital marketing. However, this power must be used responsibly. If your organization is sending commercial emails to recipients in the United States, it is your legal duty to comply with the CAN-SPAM Act.
Failure to do so can result in substantial penalties, reputational harm, and long-term deliverability issues. At Nitwings, we support clients in building email strategies that go beyond performance,we ensure every message is legally compliant, ethical, and aligned with best practices in digital communication.
Below is a full-length guide to the CAN-SPAM Act, its key requirements, and actionable examples for applying them correctly.
What Is the CAN-SPAM Act?
The CAN-SPAM Act stands for Controlling the Assault of Non-Solicited Pornography and Marketing. It was enacted in 2003 to protect consumers from deceptive and unwanted commercial email messages(UCE). The law applies to all commercial email,not just bulk messages,and gives recipients the right to opt out of future emails. It also outlines rules for proper email identification and mandates transparency in content.
Under this law, each separate email that violates CAN-SPAM can result in fines of up to $51,744, making compliance not just a best practice, but a business imperative.
The law applies to:
=> Promotional email campaigns
=> Product announcements
=> Newsletter content with a commercial intent
=> Affiliate marketing communications
=> B2B marketing emails
The 7 Key Requirements of the CAN-SPAM Act (With Expanded Examples)
1. Do Not Use False or Misleading Header Information
The “From,” “To,” “Reply-To,” and domain routing details must clearly identify who is sending the email. These fields must not misrepresent the identity of the sender, nor should they try to obscure your brand’s true digital signature.
Compliant Example:
From: Nitwings Support <[email protected]>
This address matches the domain owned by Nitwings, giving the recipient confidence in the sender’s identity.
Non-Compliant Example:
From: Admin Team <[email protected]>
This appears generic, possibly deceptive, and doesn’t clearly indicate who the sender is or what business they represent.
Tip: Use a branded sending domain and make sure DNS records (SPF, DKIM, DMARC) are correctly configured to avoid being flagged as spoofed or fraudulent.
2. Do Not Use Deceptive Subject Lines
The subject line must truthfully represent the actual content of the message. Misleading subject lines are not only a breach of trust,they are explicitly prohibited under the CAN-SPAM Act.
Compliant Example:
Subject: “Get 25% Off Our Email Health Check Services – Offer Ends This Week”
This is promotional and makes it clear what the recipient can expect in the email body.
Non-Compliant Example:
Subject: “Your Account Is Suspended – Click to Reactivate”
If this email is just a marketing pitch for a product or service, this subject line is deceptive and could even be flagged as phishing.
Best Practice: Always aim for clarity over clickbait. Your reputation as a trustworthy sender is at stake with every subject line.
3. Identify the Message as an Advertisement
The recipient must be clearly informed that your email contains promotional content or commercial intent. There is flexibility in how this is disclosed, but the law requires that it be “clear and conspicuous.”
Compliant Example:
Footer note: “This email is an advertisement from Nitwings Technologies Pvt. Ltd. You are receiving this because you opted in or interacted with our services.”
Non-Compliant Example:
Email appears personal or transactional, with no disclosure that the content is promotional in nature.
Best Practice: Include this disclosure either at the top or in the footer. Make it clear but not obtrusive.
4. Include a Valid Physical Postal Address
All commercial emails must include a valid physical address.
This can be:
Your current business street address
A registered P.O. box with the U.S. Postal Service
A commercial mail receiving agency (CMRA) with appropriate registration
Compliant Example:
Nitwings Technologies Pvt. Ltd., 2nd Floor, ABC Tower, MG Road, Bengaluru – 560001, India
Non-Compliant Example:
No address listed, or using a fictitious address such as “123 Internet Blvd.”
Why It Matters: Including a real-world address helps establish credibility, and gives the recipient a way to contact you outside of email if necessary.
5. Provide a Clear Way to Opt Out of Future Emails
You must give recipients an easy, visible, and effective way to unsubscribe. The opt-out mechanism must be operational for at least 30 days after the email is sent.
Compliant Example:
Footer includes: “To stop receiving these updates, [click here to unsubscribe].”
Non-Compliant Example:
No unsubscribe link, or requiring the recipient to log in to an account to opt out.
Best Practice: Make unsubscribe links clear and easily clickable. Never hide them in small fonts or white text.
6. Honor Opt-Out Requests Promptly
Once a recipient unsubscribes, you must honor the request within 10 business days. Furthermore, you must not:
Charge a fee for unsubscribing
Require users to submit any additional information
Sell or transfer the unsubscribed email address (except for legal compliance purposes)
Compliant Example:
A subscriber opts out on June 1, and is fully removed from the list by June 5.
Non-Compliant Example:
Subscriber continues to receive emails weeks after opting out.
Tip: Automate your unsubscribe handling and integrate your CRM to instantly update suppression lists.
7. Monitor What Others Are Doing on Your Behalf
Even if a third party is managing your email campaigns, you remain legally responsible for what is being sent in your name.
Compliant Example:
You review and approve campaign content from agencies, and audit their compliance with unsubscribe requests and sender identity.
Non-Compliant Example:
You allow affiliates to send promotional emails using your brand without oversight.
Important: Always monitor affiliate or partner communications. Implement a compliance policy for all vendors.
Some more details
Quick Compliance Checklist Before You Hit “Send”
Use the following checklist to ensure every email is 100% CAN-SPAM compliant:
=> Include a working unsubscribe link that is easy to find.
=> Ensure opt-out requests are honored within 10 business days.
=> Display a valid, physical postal address in every email.
=> Use accurate “From” and “Reply-To” fields with branded domains.
=> Make sure the subject line truthfully reflects the content.
=> Clearly disclose the commercial nature of the message.
=> Regularly audit any third-party vendors or partners sending on your behalf.
Final Thoughts
The CAN-SPAM Act is not just a legal formality,it’s a foundational aspect of respectful, compliant digital marketing. Ethical email marketing builds trust, strengthens your sender reputation, and ensures long-term engagement with your audience.
At Nitwings, we are committed to helping brands not only reach the inbox but also stay compliant with all relevant regulations. From DNS setup to unsubscribe automation, our deliverability consultants are equipped to audit and optimize your campaigns from end to end.
Let’s deliver email the right way,smart, respectful.
by Anil Jalela | May 1, 2025 | Email
Microsoft has implement stricter email deliverability requirements for all bulk email senders from May 5, 2025. This move mirrors the sender policy enforcement already adopted by Gmail and Yahoo in 2024 and aims to strengthen email authentication, reduce spam, and protect inbox integrity across Outlook, Hotmail, Live, and MSN domains.
Key Requirements for Senders:
To maintain inbox placement and avoid delivery issues, bulk senders must comply with the following:
==>SPF (Sender Policy Framework)
Ensure a valid SPF record that authorizes your sending IPs and platforms (e.g., SendGrid, Amazon SES).
==>DKIM (DomainKeys Identified Mail)
Emails must be DKIM-signed to confirm authenticity and prevent tampering.
==>DMARC (Domain-based Message Authentication, Reporting & Conformance)
A published DMARC policy is mandatory. At minimum: p=none, with proper alignment of the From domain with SPF or DKIM (ideally both).
==>Valid “From” and “Reply-To” Addresses
Both must point to real, functional inboxes that can accept replies. Microsoft explicitly discourages the use of dummy, blackholed, or unmonitored addresses like noreply@.
==>Local Parts (Before the @) to Avoid:
noreply@, admin@, root@, postmaster@, donotreply@, test@, spam@, bulk@, marketing@ (if not aligned), mailer@, info@ (if unmonitored), support@ (if fake)
==>Recommended Email Identities:
[email protected], news@, updates@, reply@, contact@, [email protected]
==>Applies To All Microsoft Consumer Domains:
Including but not limited to: hotmail.com, live.com, outlook.com, msn.com, and over 50 regional variants (hotmail.be, hotmail.ch, hotmail.co.id, hotmail.co.il, hotmail.co.jp, hotmail.co.kr, hotmail.com, hotmail.com.ar, hotmail.com.au, hotmail.com.br, hotmail.com.hk, hotmail.com.tr, hotmail.com.tw, hotmail.com.vn, hotmail.co.nz, hotmail.co.th, hotmail.co.uk, hotmail.co.za, hotmail.cz, hotmail.de, hotmail.dk, hotmail.es, hotmail.fi, hotmail.fr, hotmail.gr, hotmail.it, hotmail.my, hotmail.no, hotmail.ph, hotmail.rs, hotmail.se, hotmail.sg, live.at, live.be, live.ca, live.cl, live.cn, live.co.kr, live.com, live.com.ar, live.com.au, live.com.mx, live.com.my, live.com.ph, live.com.pt, live.com.sg, live.co.uk, live.co.za, live.de, live.dk, live.fr, live.hk, live.ie, live.in, live.it, live.jp, livemail.tw, live.nl, live.no, live.ru, live.se, microsoft, msn.cn, msn.com, outlook.com, windowslive.com)
==>What need to test:
audit your SPF, DKIM, and DMARC configurations.
Review your sending addresses(from & Reply-To ) and ensure replies are accepted.
Avoid using placeholder, fake, or unmonitored inboxes.
| Authentication Volume Threshold |
5,000+ messages/day to Gmail, Yahoo doesn’t hold to a strict number but it is in the ballpark of 5000. |
5,000+ messages/day to Outlook.com, Hotmail.com, Live.com |
| SPF (Sender Policy Framework) |
Required |
Required |
| DKIM (DomainKeys Identified Mail) |
Required |
Required |
| DMARC Policy |
Required. Minimum policy: p=none. Must align with SPF or DKIM. |
Required. Minimum policy: p=none. Must align with SPF or DKIM. |
| One-Click Unsubscribe (RFC 8058) |
Required. Bulk senders must include RFC 8058-compliant unsubscribe. |
Unsubscribe link required. RFC 8058 not required |
| List Unsubscribe Header |
Required. Must support List-Unsubscribe header with both mailto: and URL. |
Not explicitly required. |
| Spam Rate Threshold |
Required. Must stay below Gmail/Yahoo’s spam complaint thresholds of 0.3% |
No threshold defined, required to have clean lists and enforce best practices. Non compliant senders may experience negative action. |
| TLS (Transport Layer Security) |
Required. Emails must be sent over TLS. |
Not mentioned in Microsoft’s latest policy updates. |
| Valid HELO/EHLO |
Required. Must not use a dynamic IP or malformed hostname. |
Not explicitly required. |
| Forward/Proxy Detection |
Gmail penalizes misaligned forwarding or proxy behavior. |
No explicit guidance provided. |
| From: Header Alignment |
Must align with DKIM/DMARC domain. |
Recommended |
| Inactive/Invalid User Management |
Indirectly enforced through spam rate and complaint thresholds. |
Recommended |
| Functional Reply-To Address |
Recommended |
Recommended |
| Transparency (Subject lines, headers) |
Recommended to avoid misleading info. |
Recommended to avoid misleading info. |
| Timeline for Enforcement |
Full enforcement began February 2024. |
Enforcement begins May 5, 2025 with rejections at a later TBD. |
by Anil Jalela | Feb 21, 2025 | Linux
A Message-ID is a unique identifier assigned to each email to help track and reference the message across mail servers. It is mostly unique-identifier(at)yourdomain.com .The length of a Message-ID depends on its format, but generally, it should not exceed 255 characters, as per RFC 5322.
Basic Message-ID (e.g., <[email protected]>) → ~30–50 characters
Structured Message-ID (with campaign, recipient, client, timestamp, and randomness) → ~70–120 characters
Breakdown of Components
| ID |
Components |
Purpose |
| 1 |
campaignID |
Identifies the email campaign |
| 2 |
recipientID |
Unique ID per recipient (hashed if needed) |
| 3 |
clientID |
Internal client or sender identifier |
| 4 |
timestamp |
Ensures uniqueness (nanosecond precision) |
| 5 |
random |
Additional randomness (6-byte hex) |
| 6 |
@domain.com |
Matches your sending domain |
What we can include in Structured Message-ID
| Id |
Identifies |
Approx Length |
| 1 |
Campaign-ID |
5–10 chars |
| 2 |
Recipien-ID |
8–12 chars |
| 3 |
Clien-ID |
5–10 chars |
| 4 |
Timestamp |
19 chars (nanosecond precision) |
| 5 |
Rando-String |
12 chars (6-byte hex) |
| 6 |
Domain-Name |
15–30 chars |
|
Total |
70–120 chars |
Benefits of This Approach
Improves Deliverability: Follows Gmail & ESP best practices.
Tracking & Analytics: Easily track messages per campaign, recipient, or client.
Ensures Uniqueness: Timestamp + randomness avoids duplication.
Customizable: Adapt it based on your business needs.
Best Practices
Keep it under 255 characters
Ensure global uniqueness
Use a valid domain
Avoid sensitive data (e.g., email addresses)
Domain Components:-
The Return-Path (Envelope From) is used for bounce handling and is critical for deliverability because it directly impacts SPF authentication. The From address is the visible sender shown to recipients and must align with DKIM for DMARC compliance.
The Message-ID domain identifies the message source but does not directly impact authentication. However, it should ideally match the Return-Path domain to establish trust with receiving mail servers.
Return-Path (Envelope From) and From domain is different
From: Example [email protected]
Return-Path: [email protected]
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=y.eample.com;
Authentication-Results: spf=pass (sender IP is 1.1.1.1)smtp.mailfrom=x.y.eample.com; dkim=pass (signature was verified)header.d=y.eample.com; dmarc=pass action=none header.from=y.eample.com; compauth=pass reason=100
Which Domain Should Be Used in the Message-ID?
In this case, the SPF and DKIM authentication pass successfully, and DMARC aligns with y.eample.com. Because of this, the safest choice for the Message-ID domain is y.eample.com.
Recommended Message-ID Format
To maintain consistency and improve tracking, the Message-ID should be structured using unique identifiers such as a campaign ID, recipient ID, client ID, timestamp, and a random string.
Message-ID:<[email protected]>
Example Generated Message-ID:<[email protected]>
Best Practices for Message-ID Generation Ensure uniqueness by using a combination of timestamp, random string, and tracking identifiers. Use a domain you control, ideally one that aligns with your Return-Path or DKIM domain for consistency. Avoid using free/public domains like Gmail or Yahoo, as this can create authentication issues.
Following these guidelines helps improve email deliverability, authentication alignment, and tracking accuracy.
by Anil Jalela | Feb 3, 2025 | Linux
Gmail Spam Feedback Loop (FBL) for ESPs
Gmail is rolling out the Feedback Loop (FBL) program pilot for ESPs/Bulk senders to help them with spam/abuse detection at the source and identify bad actors exploiting their systems. To protect user privacy, this feedback will at best contain aggregate data that cannot be attributed or traced to a particular recipient. Gmail discussed with various ESPs to understand how best Gmail could address their feedback requirements while respecting user privacy, the most agreed-upon solution was to provide aggregated spam statistics per customer and/or per campaign. Thus, the FBL will report the percentage of user spam markings per campaign and/or per each customer of an ESP for a given day. The purpose of the FBL is purely to help ESPs with identifying spammers/outliers in their traffic and is not meant to assist with deliverability and/or delivery evaluation. The expectation is that the data should be used only for spam and abuse prevention.
Implementation Details:
ESPs will need to embed a header consisting of parameters (called Identifiers) that uniquely identify their customers and/or campaigns for the traffic that they wish to receive the feedback data. Gmail would aggregate and send out feedback reports based on these identifiers.
The header should be in the format:
Feedback-ID: a:b:c:ESPid
- Feedback-ID is the name of the header to be embedded.
- a, b, c are (optional) fields that can be used by the ESP to embed identifiers of their choice (campaign/customer/other). These can be at most 3.
- ESPid is a (mandatory) unique identifier (of length 5 to 15 characters) chosen by the ESP and should be consistent across the mail stream.
The aggregate data will be generated for the first 4 fields (as separated by ‘:’) of the Feedback-ID, starting from the right-hand side. Thus, in the absence (or excess) of a given field, the data will be generated for the rest (except in the case of ESPid – in the absence of which, no data will be generated).
To prevent spoofing of the Feedback-ID by spammers, traffic being sent to Gmail needs to be DKIM signed by a domain owned by the ESP, after the addition of this header. This will be over and above any previous DKIM signing by the ESP’s customers.
A maximum of 10 such unique DKIM (d=) domains may be used across the ESP’s mail stream. Alternatively, the ESP can use multiple subdomains from the same domain(s) as well.
ESPs should ensure that all of their outgoing mail has only one such verified header and overwrite any that might be present already.
Further, the ESPs will have to publish the IPs from which they are sending mail in the SPF records of their signing domains as well – this would also prevent possible issues with the IP list going stale or IPs being relinquished. The sending IPs must have PTR records and resolve to a valid hostname (preferably one of the DKIM domains).
When generating the FBL report, data would be aggregated across the published IPs.
In order to prevent any potential abuse of the system, by way of campaigns having just a single mail or a few emails each, an FBL report will be generated only if a given Feedback-ID Identifier is associated with greater than a certain number of emails, distinct recipients, and user spam reports in a given day’s traffic.
The FBL data will consist of the percentage of user spam markings for each qualifying field(s) in the Feedback-ID, aggregated across all emails received from the ESP on a given day.
An FBL report, consisting of a CSV attachment, will be sent over email (when applicable) daily to an address of the ESP’s choice. The report will pertain to the ESP’s traffic received by Gmail on the previous day.
The FBL data will be generated only for gmail.com recipients (and NOT for recipients on Google Apps or other Google domains).
Appendix:
FBL data will be aggregated by way of each identifier independently and NOT grouped across identifiers, i.e., we will be reporting the spam percentages across all the mails containing a given identifier, irrespective of the position of the identifier in the header.
This is mainly for 3 reasons:
- To keep the fields a, b, c in
Feedback-ID: a:b:c:ESPid open for the ESP to assign any identifiers of their choice and not be restricted by any particular order that we specify for the sake of grouping.
- Allow the use of a limited number of identifiers, i.e., something like
Feedback-ID: a:b:ESPid.
- Allow the use of identifiers that are unrelated to each other.
So, for a given day’s traffic, the ESP should ensure that the identifier namespace is unique across fields so that data is not aggregated on unrelated identifiers. For example, an identifier (say a1) used for a CustomerID should not be re-used as CampaignID within the same day’s traffic to ensure that data is not aggregated by unrelated/wrong keys.
If there is a concern about how the identifier namespace can be kept unique or if the preference is for the data to be grouped between two identifiers, the hash of one identifier can be appended to the other, per use case. For example, if the CustomerID is a1 and the Campaign number is 3, a unique identifier a1_3 can be used as a CampaignID.
Also, when choosing identifiers, an ESP should avoid selecting a parameter that will be unique across every single mail (like a unique message ID), as there will be no scope for aggregation on that field.
Below is an example of a Feedback-ID header for illustration:
Feedback-ID: CustomerID2:CampaignIDX:MailTypeID3:ESPid
where
- CustomerID2 is a unique customer identifier.
- CampaignIDX is a campaign identifier and is unique across the board (i.e., no two customers share the same campaign ID).
- MailTypeID3 is an identifier for the nature of the mail (e.g., offers/newsletters/product-update mails, etc.) and can be unique to a customer. Alternatively, in case the ESP would like to measure the spam rate for that mail type throughout their traffic, they can simply keep this identifier common across customers.
- ESPid is the ESP’s unique identifier and can be used for overall stats.
In the above case, we will be sending the spam percentages for each of the 4 identifiers independently (provided they meet the qualifying criterion – as mentioned in the previous section).
Next Steps:
Once you are implementation-ready, please use the confirmation form at (email me for link)to send us the details of your DKIM domain(s) (i.e., the domain in d=), ESPid (of your choice), and the designated email address for the FBL reports to be sent. On receiving these details through the form, we will onboard you in about a week and send you a confirmation email. You will then start receiving FBL reports, whenever there is sizable spam in your traffic.
Note: Do not fill out the form until you are ready with your implementation. Once you enter the data through the form, it cannot be modified – so please be sure to enter the correct details.
In case you have any questions, please refer to the FAQs here. Almost every implementation-related question you may have should be covered in the FAQs.
Our expectation is that you will be acting on the bad actors reported through FBL and prevent them from sending spam in the future.
What is an Identifier?
An Identifier is a key by which you’d like the spam rate aggregated for your FBL report. Examples of Identifiers are: CustomerID_22, CampaignID_67, MailCategoryID_3, etc.
Is it Feedback-ID or X-Feedback-ID?
As you might know, the X in an X-header stands for experimental. The early testers for the Gmail FBL were asked to use X-Feedback-ID since the FBL was an experimental feature back then – but that is not the case anymore.
So, for all current/newer FBL implementations use ONLY Feedback-ID.
What is the ESPid? Do we get to choose our own ESPid or are we assigned one?
ESPid is a unique identifier for each ESP. You can choose an ESPid of your choice. However, when choosing an ESPid, please choose something that is descriptive, 5 to 15 characters long, and contains at least a few letters – ideally the name of your ESP.
Why do we need to DKIM sign our traffic to be eligible for FBL?
This is important for us to correctly identify and aggregate mail coming from your ESP and prevent any spoofing.
My customers are already signing their mail with their own DKIM domains. What do we do?
All you need to do is simply re-sign your traffic after adding the Feedback-ID header with a DKIM (d=) domain owned by your ESP. You have the option to use up to 10 such unique domains to sign your traffic. Gmail supports multiple DKIM signatures.
We have heard that a particular MTA vendor does not support double DKIM signing, an FBL requirement?
Please check with your MTA vendor directly rather than assume. Most vendors have already enabled support for double DKIM, making it simple and seamless to implement the Gmail FBL.
As an ESP, we already sign all our traffic with a DKIM domain owned by us. Do we still need to resign with another domain?
No. All you need to do is add the Feedback-ID before DKIM signing.
Our whitelist customer(s) has an issue with the idea of our ESP re-signing their mail with our DKIM domain, which is an FBL requirement. What do we do about it?
If you feel that a customer of yours might have an issue and cannot be convinced otherwise, you may leave them out and tag the rest of your traffic for the FBL. If you have given a particular customer of yours a “whitelist” status, they must be trustworthy enough indeed for you. Moreover, the Gmail spam FBL is primarily aimed at exposing spammers and outliers in your traffic – an impeccable customer might never even get flagged. You could still use a method like List-Unsubscribe to gather data for such “whitelist” senders.
Why is there an option to sign traffic with up to 10 different DKIM domains?
A lot of ESPs already have an existing setup to sign each category/tier of their traffic with a different DKIM domain. In order to make the Gmail FBL implementation process as less disruptive as possible for them, we have offered the option to use up to 10 distinct DKIM (d=) signing domains.
Do we have to necessarily sign our traffic with 10 different DKIM domains?
No. The upper limit on the number of unique domains that can be used to DKIM sign mail across your traffic is 10.
Can we sign with subdomains of our chosen DKIM domains? If yes, up to how many unique subdomains can we use?
Yes indeed, you can use subdomains of your designated DKIM domains to sign your mail. While there is no upper limit on the number of subdomains, the subdomains should all come from the (at most) 10 unique domains.
What about the selector? Do we need to use a particular selector (s=) if/when double DKIM signing traffic, with a domain owned by us (the ESP)?
The value of the selector (s=) or the lack of it does not matter.
Aside from using a domain owned by our ESP to DKIM sign mail, is there anything different that we need to do in our current DKIM signing process?
Please make sure to add the Feedback-ID header before you (re)sign with your ESP DKIM domain (and sign the Feedback-ID header as well). Nothing else changes – just DKIM sign in your usual way.
Can we use more than 3 Identifiers, other than the ESPid?
No, the maximum number of Identifiers you can use is 3 (excluding the mandatory ESPid).
What if we have less than 3 Identifiers?
That’s not a problem. Just include only your chosen Identifiers in the Feedback-ID. For example: Feedback-ID: a:ESPID or Feedback-ID: a:b:ESPID are all perfectly valid.
Can we use special characters when naming an Identifier?
Yes, except ‘:’ (i.e., colon) – which is to be used as a delimiter between Identifiers, any other special characters are acceptable.
Why is it recommended that we keep the Identifier namespace unique? Can we have Identifiers that overlap?
Since data is aggregated by each unique Identifier (irrespective of its position in the Feedback-ID), for a given day’s traffic, you should ensure that the Identifiers (across fields) are unique and not repeated, so that data is not aggregated across unrelated Identifiers.
For example, Feedback-ID: a1:b1:a1:ESPid will result in data being aggregated on the identifier a1 twice and result in erroneous reports.
Is the data grouped across Identifiers?
No. Data is only aggregated per Identifier and not grouped across. For example, if 3 different spam mails in your traffic had the below Identifiers:
Feedback-ID: a1:b1:c1:ESPidFeedback-ID: b1:ESPidFeedback-ID: c2:b1:ESPid
The count for b1 would be 3, given that it occurs thrice (irrespective of its position in the Feedback-ID).
Should we include all the IPs from which we are sending traffic to Gmail in the SPF records of all the DKIM domains we are using to sign our traffic?
Yes. Please make sure that your SPF records are up to date with all your sending IPs.
What if we decide to send from newer IPs?
Just update your SPF record with the newer IPs and continue to sign the traffic with your designated DKIM domain(s) as usual.
Is there a timeline for when we should be implementation-ready?
While we do not have a strict deadline, the sooner the better.
How long will it be, after we are enrolled, before we start receiving reports?
You should start to receive FBL reports once there is a sizable amount of user-reported spam for any given Identifier in your traffic.
Will we receive FBL reports every day? Will we receive FBL reports for every Identifier that we are using?
You will receive an FBL report as and when there is a sizable amount of spam corresponding to a given Identifier.
What is the Spam_rate column seen in the FBL CSV report?
The Spam_rate is the percentage of user spam markings over all mail delivered to the Inbox (across tabs).
How do we interpret the spam_rate?
The Gmail spam FBL has been designed to report only spammers and outliers. It is safe to assume that anything that gets reported in the FBL, irrespective of the spam rate, is a cause for concern and has the potential to disrupt the deliverability of the rest of your email. So, please investigate and take action upon everything reported – ensure that the spam comes to a stop.
What is the time span over which Gmail FBL aggregates data for each report?
The FBL report that you receive on a given day pertains to your traffic from the previous day (that was tagged with the Feedback-ID header). All user spam markings (for the previous day’s traffic) received till the time of the report generation are counted to calculate the spam_rate.
Help! Our ESP has implemented the FBL and filled out the form. We have not yet received a single report?
Remember that you will receive an FBL report only when there is a sizable amount of spam in your traffic that has received user spam markings. This is important to keep FBL reports noise-free, aside from other reasons.
- Are you signing (and tagging with Feedback-ID) all your Gmail traffic? We have observed that it takes at least 80% of (Gmail) traffic to be signed before ESPs start receiving FBL reports.
- Do your identifiers each correspond to enough mail volume? It may take a given Identifier to be present in a sizable volume of traffic to get sufficient user spam markings. So, make sure your Identifiers have enough volume to each of them.
