How does Shootmail handle security?
Published : 2024-07-24
subhendu singh

Table of Contents
We tackle the challenge of email security at three levels:- Email Security: We follow the best practices to ensure that the sent emails land in the recipients’ inbox rather than landing in spam folder.
- Noisy Neighbours: If a bad actor sends spam emails and gets complaints or spam reports, we make sure, their reputation doesn’t impact the reputation of other senders sending emails using Shootmail.
- Self reputation: Even when the emails, mainly marketing communications, are sent with good intent, some users might not be interested in receiving them and may initiate a complaint or spam report. Shootmail allows you to separate your marketing and transactional email communication so that the reputation of one set of emails doesn’t impact the other.
Ensuring safe landing
Emails are a critical part of running a business. For every important event that occurs within your application in result to a customer action, you need to send a confirmation email to the customers. For example when a customer purchases a product or avails a service, on a new signup, password reset request and many more. These emails that are sent in response to a customer action, are called transactional emails.You also send emails to acquire new customers or to engage your existing customers by announcing new offers, product features or more personalised emails like suggesting products based on customer’s purchase history. These emails are called marketing emails.With transactional emails, most important part is speed. When a customer clicks on the signup button, they expect to receive the confirmation link immediately, or when a customer requests a password reset, they are expecting a quick response. Another important part is that the email should land in the inbox rather than landing in the spam folder.With marketing emails, where the user is not already expecting your email, chances of them taking time out to open and read your communication are less. But, to increase those chances, you have to make sure the email lands in the inbox and the email looks good. Shootmail has you covered on the both parts. Let’s see how.Domain Verification

- SPF: Sender Policy Framework is designed to help prevent spoofing. Identifies which mail servers are allowed to send mail on behalf of your custom domain through a DNS TXT record that is used by DNS.
- DKIM: DomainKeys Identified Mail adds a digital signature to your outbound messages in the email header. Receiving email systems can use this digital signature to help verify whether incoming email is signed by a key owned by the domain.
- DMARC: Domain-based Message Authentication, Reporting and Conformance ensures that there is domain alignment with at least one of SPF and DKIM. Using SPF and DKIM alone does nothing to insure that the From address is authenticated. It also allows domain owners to specify how their email should be handled if it fails SPF or DKIM checks.
Handling noisy neighbours

Preserving self reputation

FAQs
Why subdomains and not apex domains?
It is very important to maintain the reputation of your domain on the internet. Using subdomains separates the reputation of your apex domain from the ones used to send mails. Hence, if a subdomain receives complaints or spam reports, that doesn’t impact the reputation of other subdomains or the main domain.
How do I know if the mail I am sending is transactional or a marketing email?
As a rule of thumb, consider the emails sent in response to an user initiated action as transactional emails for e.g. signup, reset password, magic link, order confirmation etc. And emails initiated by the business to attract new or existing customers or send a reminder, are marketing emails.