Suped

When should domains be allowlisted for email sending?

9 Marketer opinions2 Expert opinions5 Technical articles1 Resource

Summary

Allowlisting domains for email sending should be approached with caution and primarily when other deliverability methods are insufficient. It's crucial to advise recipients to add senders to their address books or safe sender lists to signal trustworthiness to mailbox providers, typically after they have opted-in to receive emails. Enterprises might consider allowlisting for critical communications like invoices or order confirmations. Internal domains should also be considered for allowlisting to prevent internal communications from being flagged as spam. It’s crucial to set expectations with recipients and inform them of the sending email address. Authentication methods like SPF, DKIM, and DMARC are essential, and domains should only be allowlisted if fully authenticated and verified to prevent spoofing. Allowlists may also be required in situations of aggressive spam filtering, but these should be reviewed regularly and done with caution.

Key findings

  • Recipient Action: Encouraging recipients to add senders to their address books or safe sender lists significantly improves deliverability.
  • Enterprise Needs: Allowlisting is sometimes necessary for business-critical communications in enterprises when other methods fail.
  • Internal Communications: Whitelisting internal domains is crucial for organizations with strict security policies to prevent internal emails from being marked as spam.
  • Authentication: Domains should only be whitelisted if they are fully authenticated and verified to avoid spoofing and maintain security.
  • Aggressive Filtering: Allowlists may be needed where aggressive spam filtering is in place, however, should be reviewed regulary.
  • Setting Expectations: It's important to set expectations with the recipient in order for them to add you to the address book or safe senders list.

Key considerations

  • Authentication First: Ensure SPF, DKIM, and DMARC are properly configured before considering allowlisting.
  • Spoofing Risk: Allowlisting unauthenticated domains can lead to spoofing and security vulnerabilities.
  • Alternatives: Explore other deliverability improvement methods before resorting to allowlisting.
  • User Opt-in: Always get user consent and encourage them to add the sender to their contacts after they sign up.
  • Caution: Implement allowlisting cautiously to prevent potential abuse.
  • Regular Reviews: Regularly review existing allowlists to ensure that they're still valid.

What email marketers say
9Marketer opinions

Allowlisting domains for email sending should be approached with caution and primarily when other deliverability methods are insufficient. It's crucial for recipients to add senders to their address books or safe sender lists to signal trustworthiness to mailbox providers. Enterprises might consider allowlisting for critical communications like invoices or order confirmations. Internal domains should also be considered for allowlisting to prevent internal communications from being flagged as spam. Authentication methods like SPF, DKIM, and DMARC are essential, and domains should only be allowlisted if fully authenticated and verified to prevent spoofing.

Key opinions

  • Recipient Action: Encouraging recipients to add senders to their address books or safe sender lists significantly improves deliverability.
  • Enterprise Needs: Allowlisting is sometimes necessary for business-critical communications in enterprises when other methods fail.
  • Internal Communications: Whitelisting internal domains is crucial for organizations with strict security policies to prevent internal emails from being marked as spam.
  • Authentication: Domains should only be whitelisted if they are fully authenticated and verified to avoid spoofing and maintain security.

Key considerations

  • Authentication First: Ensure SPF, DKIM, and DMARC are properly configured before considering allowlisting.
  • Spoofing Risk: Allowlisting unauthenticated domains can lead to spoofing and security vulnerabilities.
  • Alternatives: Explore other deliverability improvement methods before resorting to allowlisting.
  • User Opt-in: Always get user consent and encourage them to add the sender to their contacts after they sign up.
Marketer view

Email marketer from ActiveCampaign recommends that recipients add the sender's email address to their contacts. This simple step can significantly improve deliverability, as email providers tend to trust emails from known contacts more than those from unknown senders.

February 2022 - ActiveCampaign
Marketer view

Email marketer from EmailOctopus suggests that recipients should add the sender's email address to their contacts. This can improve deliverability because many email providers prioritize emails from contacts.

December 2024 - EmailOctopus
Marketer view

Email marketer from Litmus suggests that one of the easiest ways to ensure emails reach the inbox is for recipients to add the sender's email address to their address book. Most email clients will then categorize these emails as "safe."

March 2021 - Litmus
Marketer view

Email marketer from Sendinblue suggests that recipients should add the sender's email address to their contact list or address book to help improve deliverability. This signals to email providers that the sender is trusted, reducing the likelihood of emails being marked as spam.

February 2024 - Sendinblue
Marketer view

Marketer from Email Geeks explains that domains should not be whitelisted unless they are fully authenticated and verified because spoofing would be seen as legitimate. They add that whitelisting should only occur when one of your domains is used in the From: field and DMARC is valid for this domain.

June 2022 - Email Geeks
Marketer view

Email marketer from Mailjet shares that senders should advise recipients to add their sending email address or domain to their address book or safe sender list, to improve email deliverability by signalling to mailbox providers that the sender is trusted. This should be after the user has signed up to their email list.

July 2023 - Mailjet
Marketer view

Email marketer from SparkPost states that if recipients are missing important emails, they should add the sender's address to their address book or safe sender list. This is especially important for transactional emails.

February 2024 - SparkPost
Marketer view

Email marketer from Reddit responds to a question in a post that enterprises might add specific domains to an allowlist to ensure business-critical communications, such as invoices or order confirmations, are received without delay. This is typically done when other deliverability methods aren't sufficient. Ensure that email authenication is setup first.

September 2024 - Reddit
Marketer view

Email marketer from StackExchange states it's crucial to whitelist specific internal domains to prevent internal email communications from being flagged as spam, particularly in organizations with strict security policies. Only allowlist trusted domains.

September 2024 - StackExchange

What the experts say
2Expert opinions

Allowlisting is sometimes necessary for legitimate emails, especially with aggressive spam filtering, but should be approached cautiously and with robust authentication. Setting expectations with recipients by informing them of the sending address and encouraging them to add it to their address book or watch their spam folder is also recommended.

Key opinions

  • Allowlisting Necessity: Allowlisting might be needed to bypass aggressive spam filters.
  • Cautious Approach: Allowlisting should be done cautiously due to potential abuse.
  • Authentication Importance: Robust authentication methods are essential when using allowlists.
  • Communication: Setting expectations with recipients is key to ensuring they receive your emails.

Key considerations

  • Authentication: Implement strong authentication methods before relying on allowlists.
  • Abuse Potential: Be aware of the potential for abuse when using allowlists.
  • Recipient Awareness: Ensure recipients know which address to expect emails from and how to handle spam filters.
Expert view

Expert from Spamresource explains that allowlists (whitelists) are sometimes required to receive legitimate emails, especially when aggressive spam filtering is in place. This approach should be used cautiously and with robust authentication methods in place to avoid abuse.

April 2023 - Spamresource
Expert view

Expert from Word to the Wise explains to set expectations with recipients. Tell them what address you will be sending from and encourage them to add it to their address book. If they don’t want to add the address, ask them to watch their spam folder for your mail.

July 2021 - Word to the Wise

What the documentation says
5Technical articles

Email platforms like Microsoft, Google, Cisco, Proofpoint, and Barracuda all recommend using allowlists to ensure emails from trusted senders, partners, or internal systems are delivered to the inbox without being marked as spam. This is particularly important for business-critical communications where reliable delivery is essential. Allowlisting can also involve bypassing certain security checks for known and trusted sources while maintaining a strong security posture.

Key findings

  • Trusted Senders: Users should add trusted senders to their safe senders list to ensure reliable delivery.
  • Business Requirements: Administrators should create allowlists for specific senders or domains when required by business needs.
  • Bypass Spam Filters: Organizations can implement allowlists to bypass spam filters for partners or internal systems.
  • Critical Communications: Allowlists guarantee delivery of critical emails from business partners, vendors, or internal systems.
  • Exchange Environments: In Exchange Server environments, allowlisting helps bypass security checks for known and trusted sources.

Key considerations

  • Trust: Only allowlist senders who are trusted to avoid potential security risks.
  • Security: Maintain a strong security posture even when using allowlists.
  • Business Justification: Ensure there is a valid business reason for creating and maintaining allowlists.
  • Regular Review: Periodically review allowlists to remove any entries that are no longer needed.
Technical article

Documentation from Proofpoint answers that organizations use allow lists when they need to ensure that emails from crucial business partners, vendors, or internal systems are delivered reliably and without delay, bypassing standard spam filters.

September 2022 - Proofpoint Support
Technical article

Documentation from Cisco Email Security explains that organizations should implement allowlists to bypass spam filters for specific senders or domains, usually partners or internal systems. This helps guarantee delivery of critical emails.

March 2022 - Cisco Email Security
Technical article

Documentation from Microsoft Support explains that users should add senders to their safe senders list when they trust the sender and want to ensure their messages are always delivered to their inbox.

July 2021 - Microsoft Support
Technical article

Documentation from Barracuda states that in Exchange Server environments, administrators might allowlist domains or sender IP addresses to bypass certain security checks for known and trusted sources. This ensures critical messages are delivered while still maintaining a strong security posture.

August 2023 - Barracuda Networks
Technical article

Documentation from Google Workspace Admin Help answers that Administrators should create allowlists to ensure that messages from specific senders or domains are never marked as spam and are always delivered to users' inboxes when required by the business.

July 2021 - Google Workspace Admin Help

Related resources
1Resource

Limit collaboration to allowlisted domains – Box Support
Limit collaboration to allowlisted domains – Box Support

In the Enterprise Settings > Content & Sharing > Collaborating on Content > External Collaboration setting, you can allow external collaboration with any external user or limit collabo...

Box Support

Related questions