MarketingProfs B2B Forum 2023

Navigating the B2B Inbox—What’s Working and What Isn’t with Michael Barber

You can have the best email marketing in the world, with a great offer that appeals to your perfect prospects.

But if your emails don’t reach the inbox, your campaign will never get off the ground.

As email has evolved, so has email security. And in this clip, Michael Barber describes the different types of email security that can make or break your marketing.

Watch this clip from Michael’s presentation, or read the transcript below, to learn the tools and protocols you can use to improve your inbox deliverability.

And for more information on email marketing and other B2B marketing methods, join us at B2B Forum in Boston this coming November. With sessions on email marketing, content marketing, SEO, ABM, and more, it’s THE conference for B2B marketers like you. Tickets are limited and available now!


Getting in the inbox is really a two part journey. And it starts with authentication.

I have shown this graphic many-a-year, but it continues to serve a purpose of making sure you understand… the journey that [email] makes and how it gets into the inbox.

You send your email campaign.

It hits what’s called an inbound mail server, and it does a couple of things.

But ultimately, the first thing that it’s looking for is authentication protocols.

And there are four key protocols that we have to—well, in some cases have to have—but at least two that we need and absolutely must have for certain ISPs (or the internet service providers) to allow our email to flow through and into the inbox.

The first of which is SPF, or Sender Policy Framework.

Each one of these authentication protocols is essentially a text string that goes on our domain name server, our DNS.

So we start with SPF, which is the gold standard of email authentication.

What this does is tell all the ISPs, the internet service providers, “hey, we are the brand who we say we are, and it’s coming from a domain that we own.”

So it ties your ESP together with your actual DNS settings and says, “yes, we are who we are.”

The second and very similar to SPF is DKIM, domain keys identified mail.

You need at least one of these, either SPF or DKIM, at a minimum when it comes to authentication protocols to get past those inbound mail servers.

Now, if you’re a high volume sender—and what I mean by high volume is probably over about the 50,000 or more subscribers that you’re emailing on at least a once-a-week cadence—there are two more additional authentication protocols that I would recommend.

The first of which is DMARC, domain based message authentication reporting and conformance.

A massive mouthful of words that essentially says, “okay, if we send something, or if the ISP receives something, and it doesn’t look like you, what do you want me to do with these campaigns? Do you want me to quarantine them? Do you want me to send them back to you?”

And it allows you to have a feedback loop that comes from the ISPs that gives you a daily report of what that ISP is experiencing around your domain. Just to see if you’re having any brands that are sort of like phishing or attempt to piggyback on your domains to deliver mail into the inbox. So it builds that connection with the ISP.

The fourth—and the newest—is BIMI or brand indicators for message identification.

Now, BIMI in this case builds off of each one. 

In order to have BIMI, you need to have DMARC. In order to have a DMARC, you need to have at least an SPF and a DKIM record.

So in order to have BIMI, you’ve had to have built all your authentication protocols, the three that ladder up into BIMI.

Now, why BIMI matters is really because… you’re getting some features inside of the inboxes from being BIMI certified, such as a little profile image and explicit text and notifications that show that you’re a verified sender.

Now, this started on Yahoo, but it has quickly made the journey across all the major ISPs.

From Gmail, you get access, if you have a BIMI record, to things like customizing that profile image.

You can see here from Rev, the little bouncy GIF in that bottom left corner of that inbox, right, gives you a little bit of a visual queue inside of the inbox.

Ever so important these days in a sea of unopened email, where do our subscribers eyes go?

They’re going to go to visual cues. BIMI is one way that we can get a visual cue that other senders may not have.

Now, this is where the behemoth comes into the conversation. Because beyond Gmail and of course all the major other ISPs…

You have Apple, which arguably serves more mobile mail than any other platform that’s out there. Amongst the OS system within Apple, we’re talking Mac Mail, iPad mail, and of course your iPhone mail.

Apple introduced BIMI support in iOS 16 and continues to support it and will continue to support it through their next iOS iteration 17 that just dropped.

And they’re doing some interesting things like also showing you this big notification that this is a digitally certified email.

Again, building trust.

Of course, Apple’s building their brand around privacy, and they want to make sure that you respect the inbox as much as they expect you to.

And so BIMI is one way that they can do that, and they’re serving up this information so people can see, “hey, is this really the sender who says they are?”

They’re also building it into contact cards. So if you’ve got contact information for companies, and you tie that to a specific email address, and it exists on the contact app inside of that person’s phone, it will show you inside of the mail app that this is coming from the actual brand who they say they are.

So they’re continuing to support BIMI in a really nuanced way to make sure that people feel safe inside of the inbox. 

Again, getting access to that profile image and other features from BIMI makes it really important to think about. Especially if you’re doing a significant amount of email volume.

There are some hard costs related to having BIMI.

You need a verified DMARC certificate, or a VMC certificate, that costs about a thousand dollars per year.

Again, probably only required if you’re doing high volume sending within your brand. But there are some hard costs associated with getting these authentication protocols in place.

So keep that in mind as you’re budgeting in the future.

Right after those authentication protocols, where you can be monitoring to ensure that you’re getting into the inbox are these top eight blacklists or block lists.

You’ll see the list here. But CBL, the Composite Block List. Spamhaus. SpamCop. Invaluement. Barracuda. Lashback. PSBL, or the Passive Spam Block List. And ReturnPath, which is also known as Validity at this point.

All of these are the major block and blacklists that are out there.

If your domain exists or the IP address that you’re sending from exists on one of these top eight, you are not getting into the inbox.

The chances are very, very, very slim.

So be mindful of tracking these. And I’m going to show you some platforms that can help you track this in just a second.

Some other places that you may want to continue to monitor, just to see how you’re doing from a deliverability perspective beyond those authentication protocols, is places like Google Postmaster Tools.

For the SEO individuals in the room, or experts, you’ll be familiar with Webmaster Tools or now called Search Console.

This is essentially the same type of platform and dashboard experience that you get for Gmail. 

Google gives this to you for free.

You just have to verify that you own the domain and you get access to a bunch of data, about 120-day running information for things like spam rate.

So that’s someone that’s in Gmail, or the Google Workspace-enabled systems platforms that’s reporting your domain or your campaigns as spam.

IP reputation, right? What is the internet protocol address? What’s the reputation of that address?

Domain reputation. So on your dot-com, dot-org, dot-co-dot-uk, what is the reputation of that domain?

Your feedback loop scores, authentications, showing you, Hey, are your authentication protocols, your BIMI, your SPF, your DKIM, and your DMARC, are they making sure that those are delivering for your campaigns?

Is your data encrypted when it’s delivered?

And then also showing you any delivery errors. Delivery errors—in this case—are what we would call honeypots back in the day.

These are email addresses for Gmails that don’t actually exist, so somebody’s giving you a fake email address to try and get access to a deal or an offer.

They will show you exactly where you’re having delivery errors, so you can hopefully pull those email addresses as quickly as possible out of your databases.

So it’s a really good tool to utilize that’s a hundred percent free. You just have to verify your domain.


Published June 26, 2024

B2B Forum is packed with marketing insights, strategies, and tactics taken from the real world experience of over forty industry experts, packaged into context you can actually put to use.

Join us in Boston for B2B Forum 2024 this coming November 12-14, 2024. Early buyers get B2B Forum tickets at their lowest rate, and discounted hotel rooms are available while they last.


Back to Blog

Sponsors That Change the Game








American Marketing Association
Rep Cap

Follow #MPB2B on Social

MarketingProfs B2B Forum

Keep Building Momentum

Join the MarketingProfs Newsletter for news, updates & more...

Sign Up
CONTACT: | (866) 557-9625