Ajay Goel, Author at GMass Blog

The new Email Analyzer is for the email marketer that wants to check the SPF and DKIM of their email messages and check the IP address of their email against the most relevant DNS-based blacklists. With this tool, you can easily understand how a particular ESP (Email Service Provider) is sending emails, or compare how a single ESP sends emails when you apply different settings.

Use Case Examples of the Email Analyzer

Here are some examples of when to use our free Email Analyzer:

You’ve just signed up for a SendGrid account, and want to see if the shared IP assigned to your account is on any blacklists.
You want to understand the technical difference in email sending between SendGrid’s default setup and using their whitelabel program (now called “sender authentication”).
You want to check to see if any of your domains in your email, including your organization’s domain or your tracking domain, are on any domain blacklists.
I want to see what domain is being used to DKIM-sign my emails.
I want to see if the IP Gmail sends email from is different when using the Gmail Send button versus the GMass button.
I want to measure the latency of my SMTP provider.

What does the Email Analyzer reveal

The Email Analyzer quickly shows you:

The sending IP address.
Whether the sending IP is on any blacklists.
The domain used to DKIM-sign the email.
Whether the DKIM signature is valid or not.
The MAIL-FROM used in the SMTP transaction.
The full SMTP conversation between your email sending provider and a recipient’s remote server.
All other email headers
The parsed MIME parts for the email.
(Coming soon) All domains present in the email.
(Coming soon) Whether any domains are in any domain-based blacklists.

The above screenshot shows that the email passed DKIM and was sent from a clean IP address.

The email analyzer also shows whether your email passed or failed SPF.

(Note: GMass also checks your SPF record before you send each campaign and will let you know if your record is missing or incorrect.)

Why is the Email Analyzer necessary?

You may be comparing two different email service providers to see who gets the best deliverability for your emails. You may be trying to understand the difference between setting up DKIM vs not setting up DKIM. Before we created our Email Analyzer, you could still perform all these tasks, but the manual grunt work made it a painstaking grueling task. You could send an email through one provider to your Gmail account, wait for the email to arrive, open the email, and then use the “Show Original” to see the raw source of the email. You could then dig through the headers to see the connecting IP, find the headers that indicated whether SPF and DKIM checks were passed or failed, and find any other details you wanted. With our tool, the SMTP connection is shown in real time and the analysis appears as soon as the email arrives.

How is the Email Analyzer relevant to GMass?

If you’re using GMass in its simplest form and sending natively through your Gmail account, you won’t find much use from this tool. But if you’ve configured an SMTP server for your GMass account so that you can send unlimited emails from Gmail, then this tool is especially relevant because it easily shows you exactly how your SMTP server is sending emails. You can see the IP its using to send, and you can check whether the SMTP service’s domains are appearing anywhere in the SMTP conversation or headers, or whether the emails are branded purely around your domain. There are advantages and disadvantages to both.

I understand the purpose. How do I use this?

It’s super easy. If you’re using GMass, all you have to do is click the Email Analyzer button in the Settings box after putting in a Subject and Message.

If you’re using any other system, including MailChimp. Constant Contact, SendGrid’s newsletter system, or any of the hundreds of email sending services that exist, just load up the Email Analyzer in a separate window, and then have your email system send an email to the address on screen. After the email arrives, the Email Analyzer will display the results.

The SMTP Tester vs the Email Analyzer

You may notice that we also offer an SMTP Test tool, which is now the world’s most popular tool for testing SMTP services. The SMTP Tester tests the connection between or your client application and your SMTP server, while the Email Analyzer tests the connection between your SMTP server and your recipient.

For example, let’s say you’ve just signed up for a SendGrid account. You’ve just obtained credentials for SMTP authentication, and want to try it out.

Use the SMTP Test tool to test your credentials and your connection to SendGrid’s SMTP server.
Now that you know your SendGrid account works, it’s time to analyze how it’s sending emails. You can use the SMTP Tester to trigger the email TO the recipient provided by the Email Analyzer.

This way, you’re testing the full flow of email sending and receiving, using two free tools provided by us.

TL;DR (Summary)

The Email Analyzer provides a wealth of information about your Email Service Provider (ESP) is sending your email. In combination with the SMTP Test Tool, you can test your application’s connection to your SMTP service provider, and test the SMTP provider’s sending to your recipient.

See why GMass has 300k+ users and 7,500+ 5-star reviews

Email marketing. Cold email. Mail merge. Avoid the spam folder. Easy to learn and use. All inside Gmail.

TRY GMASS FOR FREE

Download Chrome extension - 30 second install!
No credit card required

Ajay Goel

Ajay is the founder of GMass and has been developing email sending software for 20 years.

twitter.com/PartTimeSnob

Love what you're reading? Get the latest email strategy and tips & stay in touch.

Earlier I wrote about my feelings on Google’s new verification process for sensitive and restricted Gmail API scopes, and here I’ll be posting live updates of GMass’s journey through the process. We’re doing this for the benefit of the thousands of developers that have yet to begin the process, are thinking about the process, or are frustrated with the process.

1/25/2020

In my previous update on 1/5/2020, I mentioned that Wordzen, by some miracle, had managed to still have full access to the omnipotent https://mail.google.com scope despite skipping the security assessment. I spoke too soon. On January 13, I received word that the project had been reviewed, and my access to that scope was no longer.

1/5/2020

Due to time constraints and wanting to keep my sanity, I haven’t posted live updates in a while, though much has happened. since August of 2019. I’ll attempt to summarize what’s happened lately, in this final update.

GMass was approved and issued the Letter of Assessment from Leviathan in October. Google then approved the restricted scopes that GMass needed to operate.

Also in October, Google announced that developers using the Google Sheets v3 API would need to migrate to v4, necessitating a new OAuth verification procedure, one that I’m still navigating.

In addition to GMass, I have two other apps that use restricted Gmail API scopes, Wordzen and SearchMyEmail.com. After Leviathan completed the assessment of GMass in October, I asked if they would now review Wordzen. Wordzen is a much simpler app than GMass and because I now had the knowledge of what a security assessment is, I figured Wordzen would be much easier. Unfortunately, Leviathan told me they were too busy to review Wordzen.

I considered engaging Bishop Fox or the new assessor, NCC, for Wordzen and SearchMyEmail, but because both of those apps are non-revenue-generating, I decided against it and to let those apps remain “unverified”, which comes with some interesting quirks.

In mid-November, Leviathan contacted me. Even though I had passed the security assessment, they needed to ensure that I had a Vulnerability Disclosure Program set up. As a result I created the URL gmass.co/incident and added this to the footer of the GMass website.

For SearchMyEmail.com, in June/July I had a lengthy back and forth with the OAuth team. I was at the stage where a security assessment was required, and I informed them that I would not be undergoing the assessment, would happily remain “unverified” and that I would just remain under the 100-user unverified app limit. I had planned to do this by revoking inactive tokens and forcing users to re-auth periodically. However, I found that Google’s counting of active tokens was flawed, and after complaining enough, they increased my limit from 100 tokens to 200 tokens.

For Wordzen, the outcome was different. After being sent multiple emails informing me I must undergo the security audit, I wrote back, noting that there are only 25 active users for Wordzen, and since I’m under 100, if Wordzen could continue operating that way. They responded with this detailed explanation which put my concerns at rest. Additionally, in a Google OAuth miracle, as of 2020, the Cloud Console for the Wordzen project is showing the full https://mail.google.com scope as an officially approved scope for the Wordzen app. I don’t know how that happened — Wordzen never went through the security audit.

10/21/19

Looks like Google has added a third security company, NCC, that can perform a security assessment. Also, Leviathan is no longer accepting new projects for 2019.

8/26/19

The security assessment officially kicks off. On the first day of testing, Leviathan finds a SQL injection issue which they determine is critical. I fix the issue later that evening and report this to Leviathan who then marks the issue as “resolved”.

8/19/19

I create the Slack channel and invite all the relevant members from Leviathan. My first big to-do is to send them a list of all URL endpoints for the GMass Chrome extension. Since a Chrome extension is by nature, public, the endpoints can easily be grepped from the extension’s JavaScript.

8/14/19

I have my external alignment phone call with Leviathan. Because I’m essentially the sole developer of GMass, it’s just me from GMass, and one rep from Leviathan. He walks me through the process, collects some contact information from me, advises me what to do if their testing causes any technical issues on my end, like downtime, and gives me a timeframe of a few weeks to get everything done. On this call, I’m told that they’ve performed “tens” of assessments so far, and that no vendor has been unable to pass yet, which sets my mind at ease. Surely though, some software companies probably opted to not even begin the process due to cost. It’s also decided on this call that I’ll set up a private Slack channel for myself and a few members from the Leviathan team to coordinate activities related to the security assessment.

8/1/19

I finally receive information on the “external alignment” meeting with Leviathan, which will be the first step in the security assessment.

Within minutes I respond and request the first available time slot, which is August 14th at 1 PM PST.

7/29/19

It’s now been 5 days since I sent back the signed contract for Leviathan and haven’t heard anything further, so I follow up.

…and I hear back a few minutes later.

7/24/19

After not hearing back from Leviathan, I followed up on July 23rd, and did receive this response today.

A few minutes later, I received the official proposal. For privacy purposes, I won’t post the proposal here, but suffice it to say, it’s a standard contract with a quote, and there’s nothing specific to the security assessment of GMass in this proposal. The effort is scoped at a 3-day effort at a particular USD rate per day.

I sign and send the contract back on this same day.

7/22/19

After making some substantial security enhancements to our entire infrastructure, I reach out to Leviathan telling them that I’m ready to begin the security assessment.

6/25/19

Bishop Fox updates me again with some more information, including a What to Expect document for the security assessment. This document doesn’t contain any sensitive information, so I’m making it available for download.

I let Bishop Fox know that I’ll be reviewing the information and then letting them know if I want to proceed.

6/21/19

I’m told that the Self Assessment Questionnaire from Bishop Fox has been approved!

6/4/19

My contact at Bishop Fox updates me again on the status of the SAQ approval with Google.

What I find most interesting about this email is the mention of a deadline to have the security assessment scheduled. There’s never been any mention of this in the documentation from Google or my correspondence with the Google OAuth team.

5/28/19

I email Bishop Fox to ask about the approval status of the SAQ (Self Assessment Questionnaire), because it’s been a couple weeks and I haven’t heard anything. If Google approves their use of the SAQ, it lessens my cost of the security assessment.

My contact responds a few hours later.

5/16/19 (update from Google)

Google sent the below email, informing me that if I don’t go through with the security assessment, I’ll lose access to the restricted scopes. It also clarifies one of the prior points of confusion — that if my app is to be used within G Suite domains only, then I don’t have to go through the security assessment. Meaning, if I don’t care about taking on @gmail.com users, then I don’t need to go through with the assessment. The email also asks for confirmation of whether I will be proceeding or not. I have replied confirming my intention to go through with the assessment.

5/9/19 (two quotes arrive from Bishop Fox)

Bishop Fox explains that they are attempting to get approval from Google to satisfy one portion of the requirements via a “Self Assessment Questionnaire” rather than a full deployment review, and policy and procedure review. Of course, I welcome the simpler approach, and I’m waiting to see if this approach is approved.

5/3/19 (later that day)

Bishop Fox acknowledges receipt of the scoping survey.

5/3/19 (I respond to Bishop Fox’s scoping survey)

It took a while to fill out, because of the detailed questions in it.

5/2/19 (Proposal arrives from Leviathan)

I’m impressed with the speed at which Leviathan handles communication. It was just 15 minutes before I got a response to my initial inquiry, and I have a proposal the very next day after our phone call. I’ve been asked not to disclose pricing information, so out of respect for Leviathan, I won’t mention that here.

5/1/19 (Call with Leviathan and follow-up)

I have a short phone call with a rep from Leviathan, where I describe the nature of GMass, its public facing interfaces, and a little about its underlying architecture. Given that GMass does not have an API and is only usable as a Chrome extension, the rep indicates that this will be one of their simpler security assessments and would require 2-3 days of work. After the call, he sends me some information to verify and an NDA, which I send back the next morning.

4/29/19 (several hours later)

Bishop Fox responds within several hours of my email.

4/29/19 (15 minutes later)

Leviathan responds within 15 minutes of my email. We eventually schedule a phone call for mid-next week.

4/29/19 (later in the day)

I reach out to both of the security firms, Leviathan Security and Bishop Fox, that have been approved to conduct the security assessment.

4/29/19 (earlier in the day)

Google denies my request to skip the security assessment.

4/22/19

I respond to the notice asking if I can skip the security assessment if I reduce the Gmail API scopes I’m using for GMass.

4/20/19

I receive a notice from Google that the fun is only now beginning (proceed with security assessment).

4/1/19

(April Fool’s Day — maybe they’ll let me know this has all been a joke?)
I’m told I’m in the final stages of verification.

3/31/19

I respond with my agreement.

3/26/19

Google emails asking me to confirm my agreement with a statement.

3/23/19

I responded with another video.

3/21/19 (a few hours later)

I received an additional request deeming the first video as insufficient.

3/21/19

I receive this request from Google for an additional video.

3/18/19

I respond, letting Google know I’ve made the branding changes they suggested.

3/15/19

After Google presumably watches my video, they respond, asking them to conform to their branding guidelines.

3/9/19
I respond with the requested YouTube video.

3/6/19

Google responds with their request for a YouTube video.

2/15/19
I responded to the ambiguous request from Google.

2/15/19

Received this email with no project ID listed, and given that I manage multiple apps built for Gmail, I didn’t know if this pertained to GMass or not.

2/9/19

I respond to Google’s request for the scope explanation.

2/7/19

Email received from Google asking for an explanation of the need for the full mail.google.com scope

Email marketing, cold email, and mail merge inside Gmail

Send incredible emails & automations and avoid the spam folder — all in one powerful but easy-to-learn tool

TRY GMASS FOR FREE

Download Chrome extension - 30 second install!
No credit card required

Ajay Goel

Ajay is the founder of GMass and has been developing email sending software for 20 years.

twitter.com/PartTimeSnob

Love what you're reading? Get the latest email strategy and tips & stay in touch.

Last October, Google announced that it would start being more stringent with software vendors building apps on top of the Gmail API. Specifically, developers using a “restricted” or “sensitive” Gmail API scope would be subject to additional scrutiny and have to pay a fee of $15,000 – $75,000 or more to have a third party security assessment done. GMass leverages the power of the Gmail API to perform its magic, and so GMass has been subject to these measures.

Since Google’s announcement, the web has become rife with stories of frustration amongst smaller companies and independent developers who simply cannot afford the fee. This new policy stands to kill innovation, be the obstacle to side projects, and overall, make Gmail less useful. One of the primary reasons Gmail has been the email platform of choice for startups and tech companies is that it’s been extensible. There are hundreds, if not thousands, of extensions for Gmail, one of which is GMass, that add functionality and make Gmail more useful than the base product. Most of these applications will disappear. Unless a product has reached the point of business sustainability, it won’t be worth it for most developers to pay the fee and go through the security process (which by the way, will likely cost more than the fee paid, because of development time necessary for remediation).

Well known extensions and Gmail apps like Boomerang, Yesware, Mixmax, and Mailtrack will likely pay the fee and succumb to the new governance, but smaller players like Context.io and EmailMonkey have already announced their plans to shut down. I’ve also decided to shut down my other Gmail extension, Wordzen, because the fee is too high to be worth it for Wordzen.

This article from The Register profiles two makers of Gmail apps, Leave Me Alone and Clean Email, and their frustrations with the new requirements.

Even a popular service like IFTTT is caving and reducing its Gmail functionality.

My stance

I’m not happy about it, but given the substantial GMass user base, we’re beginning the process of the security audit. You can follow my live updates of the OAuth verification process.
I’m a proponent for greater security and protection of user data, but asking software developers to pay the security fee is ludicrous. Google should pay the fee on behalf of its developers (explanation below).
The opportunity is rife for a new email platform to make a dent in Gmail’s marketshare.
Prices for all Gmail apps, including GMass, will rise to cover the cost of the annual security assessment.
Google is grasping for straws when justifying making the developers pay. In response to the question “Why is Google asking apps to pay for the security assessment?” they state, “As we’ve pre-selected industry leading assessors, the letter of assessment your app will receive can be used for other certifications or customer engagements where a security assessment is needed.” Gee thanks, Google, for making it easier for us to get more customer engagements.
Google’s support for developers who build Gmail apps has been poor, and the manner in which this issue is being handled is being done callously. Questions to the OAuth verification team go unanswered for long periods of time. Stack Overflow is littered with questions about the Gmail API, mostly which go unanswered, despite Google pointing developers to this area. Google has been playing favorites with Gmail Add-ons, allowing only some to work on iOS while claiming that iOS isn’t supported, and not providing any context for its decisions. Additionally, Chrome extensions for Gmail have never been officially sanctioned, although when Gmail launched its new UI last year, it did inform all extension makers of the upcoming changes and provided test accounts. It’s clear that it’s up to developers to solve their own issues and work around Google’s platform shortcomings.

Conflict and Confusion

There is also conflict and confusion amongst the information released by Google.

Does this process only affect you if your users include gmail.com accounts, or do you have to go through the process even if you just take on G Suite users?

The language in the announcements seem to indicate that this only affects gmail.com consumer accounts wanting access to an app.

The use of the word “my”, however, in the question is confusing. It makes the question seem to apply to internal accounts only, those that are owned by the developer of the app. But then the answer references how G Suite administrators can control access, which implies that all external G Suite accounts are included in the group that are not impacted.

In the detailed FAQ about who can skip the review process, one would hope that for consistency with the above that it would say “Those apps that only service G Suite accounts and not consumer gmail.com accounts” but it doesn’t. Hmm.

Further in the FAQ, we find:

The first paragraph references “Google Accounts outside of your organization” which I interpret to include G Suite accounts outside of your organization. But then the second paragraph says that if you don’t verify, “access for new users will be disabled” and “existing grants for consumer accounts will be revoked”. I interpret that to mean that no new G Suite nor gmail.com users will be able to OAuth connect to your app, but existing G Suite users will still be able to.

Lastly, there’s this bit:

I’m thoroughly confused at this point.

What happens if you choose to not go through the process? Will your app just show “Unverified” on the OAuth consent screen, or will it not have access to certain Gmail API scopes altogether?

The documentation is also unclear on this issue. In the User Data Policy, we find:

but this seems to conflict with what’s shown above:

Finally this text under the “Sensitive Scope Verification” section seems to indicate that the only consequence of not having your app verified is that users will see that it’s Unverified.

However, there’s no equivalent question under the “Restricted Scope Verification” section:

They really should include the question: “What happens if I don’t verify my app?”

It would be preferable for the entire developer community if the only consequence of not verifying a sensitive scope app is that users see the “Unverified” designation when connecting their accounts because it allows users to still use their apps. Personally I wouldn’t mind if GMass users go to connect their accounts and see that the app is “unverified”, if it weren’t for the 100 user cap that is imposed on Unverified Apps. But again, this is only clear for sensitive scope apps and not restricted scope apps.

The scope of the security audit

In the FAQ, Google states “we are requiring apps that store data on non-Google servers to demonstrate a minimum level of capability in handling data securely and deleting user data upon user request.” But deeper in the FAQ, the audit also includes developer’s code deployment practices, which seems to go beyond a minimal level in capability in handling data securely.

Google is in a position of power over its third party developers. After all, where are the developers going to go? We’ve all invested substantially into building our products, many of us make a living off of what we’ve built, so we if we don’t play by the new rules, it would mark an end to our careers. We could go and build on Outlook.com’s API instead, but with just two players — Google and Microsoft — dominating the email ecosystem, there’s no guarantee that Microsoft won’t implement the same policies. Such is the risk of building a product on top of someone else’s.

Why Google should pay the fee instead

They can afford to, and it offers a checks and balances between the security firms and Google that doesn’t exist right now. While developers benefit from building software on top of Gmail, Google too derives benefit from attracting customers to a product that has been made better by all of its third party developers. There are users of Gmail and G Suite that would NOT be users if it weren’t for their loyalty to a particular third party app. I know for certain that in GMass’s case, we’ve brought users to G Suite because they wanted to use GMass.

Resources on the new Google OAuth scope policy

Google’s original announcement (cloud.google.com).

The user data policy (developers.google.com).

Detailed FAQ on the verification process and the security assessment (support.google.com).

Indie Hackers discussion of the issue (indiehackers.com).

Inbox SDK discussion on the issue (groups.google.com).

See why 99% of users say they’ve had their best deliverability ever with GMass

Email marketing, cold email, and mail merge all in one tool — that works inside Gmail

TRY GMASS FOR FREE

Download Chrome extension - 30 second install!
No credit card required

Ajay Goel

Ajay is the founder of GMass and has been developing email sending software for 20 years.

twitter.com/PartTimeSnob

Love what you're reading? Get the latest email strategy and tips & stay in touch.

GMass is a lean operation, and not only am I the product manager, but I’m also the sysadmin, which means maintaining and keeping watch over a dozen servers. I’ve been managing servers in some capacity for over 20 years now, but here are a few skills I taught myself in the last month that have increased my productivity and made me feel more like a sys-ninja than a sys-admin.

1. Tailing a log file

GMass generates tons of logs.

There’s IIS log files from our web server, but also internal logs created by a plethora of worker EXEs that do everything from sending mail merge campaigns to syncing stats with the campaign reports that you see. I used to open up a log file in Notepad, and then a few minutes later, close it and re-open it, so I could see what progress has been made in those few minutes. No longer. Now I’ve switched to Notepad++ which has a handy “tail” feature. Every few seconds, it checks for changes to the open file and refreshes it. Now I can just stare at my screen and watch the log file scroll by. I feel like Chloe from 24.

2. View just certain lines of a log file

I often want to see just log file lines that match some particular string. For example, if I have an abuser on my hands, I’ll isolate the IP address of the abuser, and want to see the web server log file lines matching just that IP address. I used to use Notepad’s “Find” function and search for the IP and scroll through all the matching hits. What’s proven to be much easier is using Notepad++’s “Find all in current document” feature, which isolates just the lines that match a particular string. No more endless scrolling through gigs of logs.

3. Query your text log file like it’s a database table

This has been a huge boon for my sanity. Microsoft has a little-known tool called Microsoft Log Parser Studio which lets you write SQL SELECT queries against any log files, even ones that haven’t been generated by IIS.

4. Search for text inside images

I take lots of screenshots.

There’s an error on the server? Screenshot it, so I can research it later.

Buying something from a shady website? Screenshot it as evidence of my order and the refund policy.

Booking travel on Expedia? Screenshot it, because their email confirmations never seem to arrive.

However, after collecting a plethora of screenshots over the years, they’re pretty useless unless I can search them. At the end of 2018, Dropbox released a search function that finds text inside images. Since I already use Dropbox to store all my screenshots, this made searching my screenshots a breeze. I did have to upgrade my account from Plus to Professional, and went from $10/month to $20/month, but totally worth it.

5. Emergency notifications that wake me up when I’m asleep

I’ve used an iPhone as my primary mobile phone for the last five years, mostly because my wife insisted I make the switch because she has one and this way my texts appear the more desired blue instead of the less desirable green. Turns out this wasn’t the best decision as a sysadmin, because Apple’s ecosystem is so “closed”. I need my phone to wake me up when there’s a big problem, like if GMass is entirely down, or if Gmail has made a code change that has broken the GMass extension. I searched and searched and even posed this question on reddit, and the home-grown cheap solution I settled on was an Android-based solution. Only Android was capable of doing what I wanted because Android apps are able to read text messages and take actions based on them. iOS is “closed”, meaning a third party non-Apple app has no visibility into text messages. So, I use Android’s FireAlert 2 app. I tell it what string to look for in a text, and if found, it sounds an alarm that could wake a sleeping bear during hibernation. I no longer wake up every morning in a rush to check my phone to make sure the servers are up. I can rest confidently knowing that I (and my wife and baby) will be woken up with the screeching sound of a 1,000 decibel alarm if anything goes wrong.

Ajay Goel

Ajay is the founder of GMass and has been developing email sending software for 20 years.

twitter.com/PartTimeSnob

Love what you're reading? Get the latest email strategy and tips & stay in touch.

Scheduling a recurring email in Gmail is simple with GMass. Now you can easily send recurring “reminder” email campaigns to the same set of people hourly, daily, weekly, or monthly. You can customize it further to send, for example, every 2 weeks, or every 3 months.

Examples of recurring emails

Here are a few examples of how sending recurring emails are beneficial in real life:

An apartment building sending an email to all of its tenants on the 1st day of the month, reminding tenants to pay rent. The email can be personalized with each tenant’s individual rent due.
Reminder emails: A sales VP sending an email to all employees on the last day of the month, reminding employees to submit their expenses for the month.
A restaurant sending an email to its VIP clients every Monday announcing that week’s “special” menu item. The special menu item needs only to be changed in the spreadsheet, not in the email template, in order for the campaign to send with the new information every week.
Cold email campaigns: If you update your spreadsheet with new leads throughout the day, you can set up a recurring mass email campaign that will send to newly-added email addresses daily.
After-purchase coupon offer: Schedule a promotional email with a discount coupon to incentivize customers to purchase from you in the future.
Asking for reviews: Setting up a recurring email to send a request for review can greatly increase the chances of getting a positive review.

How to send recurring emails in Gmail

You can do this regardless of whether you’re connecting to a Google Sheet with your email addresses or just pasting your addresses into the To field of the Gmail Compose window.

To schedule a recurring email in Gmail, follow these steps:

Step 1: Install GMass

Step 2: Click the Compose button in Gmail.

Step 3: To schedule a recurring email campaign, compose your email as normal, and in the GMass Settings Schedule section, just check the “Repeat” checkbox:

How to send recurring emails with Gmail and Google Spreadsheets

You can now automate your email campaigns with the power of Google Sheets. With automated recurring email campaigns linked to a Google Sheet, you can send out emails automatically for an entire campaign at a time.

On top of that, you have the ability to set up auto-follow-up emails for your campaign as well.

Just add your new prospects to the spreadsheet and they’ll automatically start receiving emails from you, including any automated follow-ups.

You can also configure a recurring campaign to send to all addresses in the Google spreadsheet, instead of just new addresses.

To schedule a recurring email with Gmail and Google Spreadsheet, follow these steps:

Step 1: Create a spreadsheet and list your new email address(es). You can input email addresses manually in the Google spreadsheet, or you can automate the process with services like Zapier, which will tie your Google Sheet to any outside databases or CRM systems. The campaign will connect to the spreadsheet every day and check for new rows, and send a mail merge email to these fresh rows.

Step 2: If you’ve connect your campaign to a Google Sheet, then the Repeat setting will look a little different:

This is because the default “repeat” behavior of a campaign connected to a Google Sheet is to check the Sheet for new addresses at the chosen time interval (hourly, daily, weekly, or monthly), and then send the campaign, with associated auto follow-ups, to just the new rows in the spreadsheet. This allows the campaign to run automatically as you add more leads to your spreadsheet, without you needing to modify the campaign. This capability is explained more in our article on recurring automatic campaigns with Google Sheets.

Also, you can select instantly checking/sending (though that requires an additional step).

If, however, you change the “just new” Setting to “all”, then the campaign becomes a reminder style campaign that sends to everyone in the Sheet, not just new addresses, each time the campaign runs. For example, if you set it to repeat weekly, then the email will go to everyone in the Sheet weekly. Additionally, if you add new rows to the Sheet, those new addresses will be included in the campaign the next time the campaign runs.

Personalize recurring emails in Gmail

When sending recurring emails, you can personalize the Subject and Body with spreadsheet data. In the first example above, if the apartment manager is sending a “rent due” reminder email to all tenants every month, the Google Sheet might look like this:

Then the email might look like this:

For even more advanced personalization techniques, like automatic first-name detection, see our complete guide to personalization.

Add new people to the group

If your recurring email is connected to a Google Sheet, adding new people to the recurring email is as easy as adding a new row to the spreadsheet. GMass will automatically see the new row the next time it sends the recurring email. You don’t need to modify anything about the Subject, Message, or other campaign settings.

Remove people from the group

Unfortunately, there’s no easy way to remove someone from a recurring email after it has begun. You might think that you can simply delete the row from the spreadsheet, but unfortunately, due to how GMass caches information, that does not guarantee that the next recurring email won’t include that email address. If you need to remove an address from a recurring email, you should cancel this recurring email and create a new one from scratch.

Stop the recurring email

To stop and cancel the recurring email from sending in the future, just find the recurring email DRAFT under the GMass Scheduled Label and click the red Cancel button in the Settings box. This is the standard procedure to cancel a GMass campaign.

How big can your recurring list be?

With GMass, you can send recurring emails to as big a list as you have. Whether your group is 100 email addresses or 10,000, GMass can handle it. If your list is under the amount of daily emails allowed by your Gmail account limits, then you can send natively with GMass and Gmail.

If your list is more than a couple thousand, you’ll have to set your account up for unlimited sending by connecting to a third party SMTP service.

Setting a filter on your Google spreadsheet

If you specify a filter criteria when originally connecting to your spreadsheet, then that same filter criteria will be used each time the email sends, daily or hourly. For example, if you have a column called Company in your spreadsheet. And you set:

Company=Amazon

in the Filter Rows box when connecting to it, and then you set the campaign to repeat daily, then each time the campaign sends, it will go to just the rows where the Company is set to “Amazon”.

If you choose the “all” setting, then it will send to all the rows where Company is set to “Amazon”, regardless of whether that row has received prior emails. If you choose the “just new” setting, then every day, the campaign sends to only new additions to the spreadsheet where Company is set to “Amazon”.

Other technical details of recurring emails

Each time the email is sent, it’s treated as a new campaign. For example, if your recurring email sends weekly, then a new campaign report will be generated each week, so you can track opens and clicks across your group for each weekly email that is sent.
Schedule the first email to send at the time you wish, and then the recurring setting (hourly, daily, weekly, monthly) will send based on that start time. For example, if you schedule your campaign to first send at Monday at 2:00 PM, and then you set the email to recur weekly, the next email will send the following Monday at 2:00 PM, the one after that the next Monday, and so on and so forth. Now let’s say the first Monday is the 3rd of the month. If you choose “monthly”, then the first email will send on Monday at 2:00 PM, but the next email will send a month later, which will be the 3rd of the month, at 2:00 PM, and not necessarily a Monday.
It’s assumed that when you create a campaign that is not connected to a Sheet, that you want to send recurring reminder-style emails, and the “repeat” setting of “all” is assumed and not shown. When you create a campaign that is connected to a Sheet, it’s assumed that you want to send a drip-style recurring campaign where the campaign checks for only new addresses in the spreadsheet and sends the email to just those new rows. Therefore the “just new” option is selected by default when you connect to a spreadsheet. You can, however, change this to “all” for reminder-style campaigns.
When you set a campaign to recur to “all,” the initial group of emails in the sheet when you initiate the campaign will always get the email — even if you delete them from the Google Sheet. For a workaround, check out our post on sending a recurring campaign to all for an always-changing Google Sheet.

What makes GMass better than other email scheduling tools?

Other Gmail plugins offer the ability to send repeating emails too, but GMass’s is the most powerful and comprehensive. Here’s a look at how two other vendors allow you to schedule repeating emails in Gmail and how they fall short compared to GMass.

One of the major differences between GMass and other email scheduling services is that GMass gives you a lot more control. Right Inbox and Boomerang both let you schedule recurring emails, but they go out as a group email rather than campaign-style. With GMass sending recurring emails campaign-style, each recipient gets an individual email that is tracked, so you know who is opening and clicking. Additionally, GMass’s recurring emails let you personalize, send large campaigns, and dynamically add people to the recurring email simply by adding rows to your spreadsheet.

Mail Merge with Attachments, a Google Docs plugin, lets you send recurring emails as individual emails, but the setup is archaic, forcing you to do all the scheduling yourself by inputting all the future dates and times into a spreadsheet. Ugh — that’s way too much work.

Conclusion

GMass is the first of its kind to allow you to send campaign-style recurring emails inside Gmail. Connect your campaign to a Google Sheet, and easily add people to the recurring campaign just by adding rows to the spreadsheet, without ever modifying the actual campaign settings.

Ready to transform Gmail into an email marketing/cold email/mail merge tool?

Only GMass packs every email app into one tool — and brings it all into Gmail for you. Better emails. Tons of power. Easy to use.

TRY GMASS FOR FREE

Download Chrome extension - 30 second install!
No credit card required

Ajay Goel

Ajay is the founder of GMass and has been developing email sending software for 20 years.

twitter.com/PartTimeSnob

Love what you're reading? Get the latest email strategy and tips & stay in touch.

We just launched a new tool for email marketers — a link checker! Just paste the HTML for your next email campaign into our free link checker, and watch the magic happen.

All links are checked, and the title and screenshot of each webpage is shown. Just hover over the links on the left, or the links on the right, and you’ll see the corresponding links and screenshots.

How does this help you?

If you generally have lots of links in your email campaigns, then this tool ensures that:

Your links are valid and not broken.
Your links point to where you intended. Often when setting lost of links in an HTML email campaign, it’s easy to make a copy/paste mistake and set the anchor text to point to the wrong URL. With the automatically generated screenshots, you can quickly see if you made a mistake.

It’s free, and you don’t have to use my product

This tool is free to use, and can be used with any email marketing service like MailChimp or Constant Contact. Of course, there’s no point in using those tools when you’ll get the highest deliverability ever using GMass. Plus, if you’re using GMass for your email campaigns, there’s a button in the GMass Settings box that sends the HTML to the link checker for you, so you don’t have to copy/paste your HTML.

But if you are using GMass…

Then, you don’t have to copy/paste your HTML. It’s one-click magic for you. Just click the Link Checker button from the Settings box, and the link checker will automatically launch.

Ajay Goel

Ajay is the founder of GMass and has been developing email sending software for 20 years.

twitter.com/PartTimeSnob

Love what you're reading? Get the latest email strategy and tips & stay in touch.

Google’s Safe Browsing program protects a lot of people from phishing, malware, and other harmful sites. In fact, it’s so pervasive that it’s not just used by Chrome. Google has managed to get competing browsers, Safari and Firefox, to use it as well. The list of websites blacklisted though is all maintained by Google, giving Google a disproportionate amount of power over what sites are seen versus blocked.

I’ll explain what happened during our harrowing week in a moment; but first, let me share an update about Google’s Safe Browsing API:

Effective September 11, 2019, the Safe Browsing API is limited to non-commercial use only. It is a free service.
If you’re a non-commercial user, you can continue to use the Safe Browsing API, and you don’t need to take any action. Also, academic researchers and NGOs will continue to be eligible to use the Safe Browsing API at no cost.
Commercial users, like GMass, are required to switch to the Web Risk API by November 11, 2019. This version is a paid service, and if you’re a commercial user, as we are, then you’ll need to switch. Also, you’ll need to apply and be approved to use the API, so don’t wait.
Both APIs are directed at protecting users from malware and phishing, but the new Web Risk API is designed specifically for larger users.

And now, back to our story …

What happened?

At the beginning of last week, my team suddenly had a deluge of complaints from users reporting that their links had stopped working, their sending limits had been reduced, and they’d received phishing notifications from Google. Ouch! Upon investigating, we found that the tracking domains they use in their email campaigns had ended up on the Google’s Safe Browsing blacklist, and when people clicked links in their campaigns, they ended up on this scary bright red Google warning page.

There’s the rub. Not only does Google list actual phishing sites, but any sites that re-direct to them as well. That makes it so that any providing click-tracking services, including URL shorteners and email marketing service providers, have to be extra cautious.

In slogging through our logs we found that a Netflix phisher had managed to send 200 emails through GMass on Sunday, February 17. Here’s the email he sent. Notice that the URL behind the link is highlighted at the bottom. In this case, the URL https://www.gregsimages.com/cgi-bin led to the red screen of death, as did our click-tracked links that redirected to this URL.

The effect of being listed goes beyond just the web

What happens to your email campaigns when you send a URL that’s on this list? Gmail makes you feel like the devil reincarnate.

Your Gmail account becomes severely limited and unable able to send any substantial volume of emails.
If you do manage to send an email with a blacklisted link, and that link is clicked, you’ll scare the bejesus out of them with the red screen of death.
Your past campaigns are affected too, if someone pulls up one of those old emails and clicks a link.
If people reply to you, the reply will still have the original email at the bottom, with the link that you sent, and Google will flag the reply to you as a potential scam too.

Obviously not a good look for an email marketer.

What was actually affected?

In our case, when we got the notice that link.wordzen.com was listed, I wanted to isolate which link.wordzen.com URLs were affected.

Using the public Safe Browsing lookup tool, which is different from the private tool everyone has in their Search Console, I found that plugging in just link.wordzen.com gave this result, indicating that some URLs were affected and others weren’t:

Just “link.wordzen.com” indicates that SOME pages are unsafe.

But if I plugged in our original click tracking structure, link.wordzen.com/x/c, then the issue was clear that all /x/c links were blacklisted

Using our old click-tracking link structure shows that all URL redirects using link.wordzen.com are unsafe.

Curious, though, I wondered what would happen if I changed the URL slightly, so I tried link.wordzen.com/x/d and found that those URLs came back clean

Slightly altering the link structure makes the link safe again.

You’ll see below that this discovery led me to change the structure of a click-tracked link.

Some nonsense associated with the Safe Browsing Program

1. Despite claims of transparency, it’s anything but.

As soon as your domain has been listed, you will probably want to know the URL that caused the issue. Unfortunately for you, Google won’t tell you. In the Search Console you might see this:

If you received an email notification about the blacklisting, that will have a portion of the URL.

The email notification you receive provides some clue as to the offending URL, while the notice in the Search Console gives you NO worthwhile info.

For my purposes, this did not help at all, because every click-tracked link in the history of GMass starts with /x/c. The important stuff is all after that part, and that’s the part that Google eliminates from its reports. How this qualifies as transparency is beyond me.

So what do you do now? You crawl through your logs and figure out what happened. In my case, I ran all sorts of analyses, starting with a time distribution analysis of all clicks in the last 72 hours, looking for anomalies. I also discovered my new best friend, a tool from Microsoft called Log Parser Studio, that lets me run SQL queries against my IIS log files, without importing the log files into a database. Slick! That’s how I concluded that the aforementioned Netflix phisher was the culprit.

2. The Safe Browsing API has been broken since day one.

I’m not the only one who’s frustrated over the seemingly useless Safe Browsing API.

Here’s a screenshot showing the listing of link.wordzen.com.

Here’s a screenshot showing the API result:

So with a useless API, how does one monitor whether new URLs have been listed or old URLs have been marked safe? I used Upwork to quickly a hire a team of Virtual Assistants in the Philippines to manually enter all 1,400 of our customers’ tracking domains into the web lookup tool and to do so every 12 hours until further notice.

In case you’re a C# programmer and want to try this yourself, here’s the code:

            string apikey = "AIzaSyBnIDLCc*************z4twxdx28";
            string payload = @"{
                ""client"": {
                  ""clientId"":      ""gmass"",
                  ""clientVersion"": ""1.0.0""
                },

                ""threatInfo"": {
                  ""threatTypes"":      [""MALWARE"", ""SOCIAL_ENGINEERING"", ""UNWANTED_SOFTWARE"", ""POTENTIALLY_HARMFUL_APPLICATION""],
                  ""platformTypes"":    [""WINDOWS""],
                  ""threatEntryTypes"": [""URL""],
                  ""threatEntries"": [
                    {""url"": ""http://link.wordzen.com""}
                  ]
                }
              }";

            using (var client = new HttpClient())
            {
                var content = new StringContent(payload, Encoding.Default, "application/json");
                var response = client.PostAsync($"https://safebrowsing.googleapis.com/v4/threatMatches:find?key={apikey}", content).Result;
                string resultContent = response.Content.ReadAsStringAsync().Result;
            }

There is also a .NET client library for the Safe Browsing API, but I chose not to use it because I wanted to be in control of the exact JSON payload request so that I knew that I wasn’t making a mistake.

3. Reviews take a long time to process.

Despite Google’s claims that a phishing URL will be reviewed within 24 hours and a malware URL within 72 hours, I found it took more like 120 hours (5 days). After a week of hell though, there’s no sweeter email one can receive than this, clearing your domain off the dreaded blacklist:

You can submit each URL for review, and in our case, we did it for hundreds of our customers too.

How I worked around the blacklisting of 300 domains

During the time our customers’ domains were listed, we couldn’t just sit idle waiting for Google, because customers needed to send their email campaigns out. We took a number of counter-measures and you can take these too, should you find yourself in this situation.

1. Removed all affected customer tracking domains from their accounts

The first step we took was to remove all the affected tracking domains from users’ accounts, causing them to fall back to our shared tracking domain, which for paying users, is a clean domain based on Amazon’s AWS domain. That eliminated the issue in future campaigns.

2. Altered structure of click tracking link

I felt a little shady making this change system-wide, but it turned out it worked, and saved me from an ever-growing mob of angry users. The old structure of a click-tracked link looked like:

http://link.wordzen.com/x/c?c=2724793&l=dedb940f-55dd-4c33-a3cc-f5d8028183ca&r=ed06197e-cf9e-4fea-a371-d5f455968519

By plugging various combinations of URL structures into the lookup tool, we noticed that the link above was flagged as dangerous, but if we made a simple change, changing the /c to /d, then the URL came back as safe, so we changed the structure of links to use /d instead of /c, like this:

http://link.wordzen.com/x/d?c=2724793&l=dedb940f-55dd-4c33-a3cc-f5d8028183ca&r=ed06197e-cf9e-4fea-a371-d5f455968519

Of course for backward compatibility, we made sure that the /c URLs still worked also.

Making this change allowed users to keep using their custom tracking domain, even if their tracking domain was still listed in the Safe Browsing system as a potential phishing domain.

3. Locked down how click-tracking works to prevent future issues

I should have implemented this from day one, but I could have never expected an evildoer to exploit this loophole. You may know that to set up a custom tracking domain, you create a sub-domain off your existing domain and set its CNAME to x.gmtrack.net. So in my case, link.wordzen.com has a CNAME to x.gmtrack.net and that’s what allows it to function as the tracking domain for my email campaigns. But let’s say that you set up link.yourdomain.com as your tracking domain. Before, you could substitute the domain portion of a URL with a different tracking domain, and the redirect would still work.

For example, you could substitute the “link.wordzen.com” portion of:

http://link.wordzen.com/x/d?c=2724793&l=dedb940f-55dd-4c33-a3cc-f5d8028183ca&r=ed06197e-cf9e-4fea-a371-d5f455968519

with any other user’s tracking domain, and the redirect to the GMass website would still work. This is what a recipient of the Netflix phishing email did. He substituted as many of our customers’ tracking domains as he could find into the URL that led to the phishing page, accessed those URLs, and then submitted them to Google’s Safe Browsing database.

Now, however, after locking it down, using a tracking domain that wasn’t originally associated with the link won’t automatically redirect the recipient to the website. Instead, an interstitial page will load. Try it with this link where I’ve substituted the tracking domain with a different user’s:

http://track.texthub.com/x/d?c=2724793&l=dedb940f-55dd-4c33-a3cc-f5d8028183ca&r=ed06197e-cf9e-4fea-a371-d5f455968519

TL; DR

Been blacklisted by Google’s Safe Browsing program? Here are the things to know.

Don’t use the API to monitor listings. It doesn’t work.
The information in the Search Console is mostly useless. The better information is in the email notification about the listing.
After fixing the issue, submit your site for review, but don’t expect an immediate resolution. It can take a week for delisting to occur.
While you’re waiting on #3, try to work around the issue, like we did by altering the structure of click-tracking links. Listings in the Safe Browsing database seem to be based on a regex match, not every single URL at your domain.
If all else fails, use this Wired article to track down the team of Google engineers that built the Safe Browsing product. There’s a list of names at the bottom. Use LinkedIn, Hunter.io, or any means necessary to track someone down.

More exciting tales…

This isn’t my only encounter with the Google Safe Browsing program. In September 2020, I faced another harrowing issue when the program blacklisted the domain we use with Zendesk. I also have an interesting story involving a Spamhaus blacklisting.

Ready to send better emails and save a ton of time?

GMass is the only tool for marketing emails, cold emails, and mail merge — all inside Gmail. Tons of power but easy to learn and use.

TRY GMASS FOR FREE

Download Chrome extension - 30 second install!
No credit card required

Ajay Goel

Ajay is the founder of GMass and has been developing email sending software for 20 years.

twitter.com/PartTimeSnob

Love what you're reading? Get the latest email strategy and tips & stay in touch.

Campaign timing is a complex topic because of the different settings and types of campaigns that be sent through GMass, but generally speaking, GMass tries to send your emails out as quickly as possible while sticking to your desired schedule. When glitches occur, the timing of sending may be temporarily altered, but eventually GMass attempts to get your campaign timing back to the schedule that you intended.

GMass times the sending of your campaigns based on both your Gmail account’s limits and the max emails per day that you designate for your campaign. You can also send beyond your Gmail account’s limits by connecting your GMass account to a third-party SMTP service like SendGrid. Even when sending natively through Gmail, and not using the SMTP option, you can send large campaigns, and GMass will distribute your campaigns over consecutive days. For example, if you’re a G Suite user with an account limit of 2,000 emails/day, you can schedule a campaign to 5,000 people, and GMass will send 2,000 emails the first day, 2,000 emails the second day, and 1,000 emails on the third day.

The timing of the various options introduces certain complexities which we’ll explain here.

Two important definitions

For clarity, let’s specify the meaning of a couple terms I’ll use throughout this article.

Distributed campaigns are large campaigns that take multiple days to send because of your limits. For example, sending a campaign to 10,000 people, where the campaign is distributed at 2,000 emails/day is a distributed campaign.

In contrast, a daily recurring campaign is a campaign that is connected to a spreadsheet, and the campaign checks the spreadsheet for new rows of email addresses daily, and if found, sends the campaign to those new addresses. Depending on how many addresses are being added per day, a daily recurring campaign can also be a distributed campaign.

Sending a distributed campaign through Gmail

If you set your campaign’s daily limit to more than 50% of your account’s allowance

Let’s say you schedule 5,000 emails to be sent through your G Suite account for Monday at 9:00 AM.

Assuming you let GMass send the max allowed per day, GMass would send:

2,000 emails at 9:00 AM on Monday. Assume they finish at 9:30 AM.
another 2,000 emails on Tuesday at 10:30 AM. Assume they finish at 11:00 AM.
and the last 1,000 on Wednesday at 12:00 PM

If, however, GMass runs into limits imposed by Gmail unexpectedly, which often does happen if you’re trying to send the max allowed per day, GMass will wait 4 hours before trying again.

For example, on Monday at 9AM, when the first batch of 2,000 sends, if Gmail starts bouncing your email with “you have reached a limit” after just 1,500 emails, and those bounces start happening at 10:30 AM on Monday, then GMass will wait for 4 hours before attempting to resume your campaign, knowing that your account still has quota left in its daily sending ability. It will try every 4 hours to get that day’s emails out. After getting that day’s emails out, the campaign will schedule itself for the next day at either 24 hours from the time the last email was sent or 24 hours from when the day’s batch started sending if you have the “Force multi-day campaign to start at same time” setting enabled.

Now let’s say your account does NOT start bouncing your emails unexpectedly, which is what we, of course, hope for. Now, if you let GMass send your account’s full limits (the full 2,000), then the next batch will send 25 hours from the campaign end time. Sticking to the above example, if 2,000 emails send Monday at 9:00 AM and ends Monday at 10:30 AM, then the next batch of 2,000 won’t send until 25 hours later, which is Tuesday at 11:30 AM.

Why do we push it 25 hours instead of 24?

Because we’ve found that when using up Gmail’s daily limits, it’s better to use a buffer of 25 hours than 24 to get your full limits again.

Why do we advance 25 hours from the campaign end time rather than the campaign start time?

We do this in order to respect Gmail’s sending limits. If your batch of 2,000 started sending at Monday at 9:00 AM and finished at 10:30 AM, and then we started the next batch of 2,000 on Tuesday at 9:00 AM, then Gmail would calculate that you’ve sent 2,000 emails in the last 24 hours and would likely stop you from sending any more. That’s why it’s important to use the campaign end time as the basis for when to send the next batch, when you’re sending your max limits.

Want to keep the start time consistent from day to day regardless of your sending volume?

Turn on that setting

If you set your campaign’s daily limit to less than 50% of your account’s allowance

If, however, you’ve set a campaign daily limit that is under your max allowed Gmail account limits, then different rules apply based on how much your campaign daily limit is under your account’s daily limits. If your campaign daily limit is less than 50% of your account’s max daily limits, then GMass would advance the next batch 24 hours after the campaign START time. Otherwise, GMass will advance the next batch 24 hours after the campaign END time.

For example, if you’ve set your campaign of 5,000 to send 200 emails/day, starting at Monday at 9:00 AM.

The first 200 would send Monday at 9:00 AM, and let’s say it finished at 9:30 AM.
The next batch of 200 would send Tuesday at 9:00 AM. (The end time of the first batch is irrelevant.)

In contrast, let’s say you’ve set your campaign of 5,000 to send 1,200 emails/day, starting at Monday at 9:00 AM.

The first 1,200 would send Monday at 9:00 AM, and let’s say it finished at 10:00 AM.
The next batch of 1,200 would send Tuesday at 10:00 AM. (24 hours from the prior batch’s end time)

In the latter scenario, it’s based on 24 hours after the campaign end time, not the campaign start time, because if we attempted to send the next batch Tuesday at 9:00 AM, GMass would examine your campaign and find that 1,200 emails have already been sent in the last 24 hours and would therefore NOT send any emails (actually it would send just one).

In the first scenario where your campaign’s daily limit is already less than half of your account’s daily limits, we assume the user values consistency of daily timing above all else, and we also assume that the second and subsequent batches won’t violate Gmail’s limits, even though they will technically violate the campaign’s daily limits from a strictly 24-hour standpoint. Meaning, in the first example, the second batch of 200 would send even though in the last 24 hours prior to Tuesday at 9:00 AM, 200 emails have “already” been sent. The algorithm checks the prior batch’s start time, and if it’s approximately 24 hours before the current batch’s start time, and the <= 50% rules applies, then GMass assumes that 0 emails have been sent for the campaign in the last 24 hours, which is what allows the full 200 emails to be sent “now”.

This mechanism also protects you from sending out more emails than desired if the campaign errors out due to a temporary Gmail API issue and is retried an hour later, or if you, the user, manually adjusts the campaign send time. For example, let’s say you have a big campaign set to send 200 emails/day at 9:00 AM daily. For the first 3 days, a batch of 200 emails will be sent daily starting at 9:00 AM. On day 3, after that day’s batch has sent, you adjust the time of the campaign to send next at 6:00 PM on that day. At 6:00 PM, no emails will be sent, because GMass will calculate that 200 emails have already been sent in the prior 24 hours for the campaign and that the prior batch’s start time wasn’t 24 hours ago. At 6:00 PM on the following day, however, a full batch of 200 emails will be sent.

Daily recurring campaigns

If you have a daily recurring campaign set that’s connected to a spreadsheet, then the timing is different. If your campaign sends to all the new rows in the spreadsheet and you don’t specify a daily limit, and the campaign doesn’t run into Gmail bounces, then the next batch will send 24 hours from the campaign start time, so that every day the campaign sends to new emails at a consistent time.

For example, let’s say your daily recurring campaign is connected to a spreadsheet called “My Contacts”. Your G Suite account allows 2,000 emails/day, and every day, no more than 100 rows are added to the spreadsheet.

The first batch sends Monday at 9:00 AM to 50 people.
Later that day, 150 rows are added to the sheet.
The next batch sends Tuesday at 9:00 AM.
Later that day, 100 rows are added.
The next batch sends Wednesday at 9:00 AM.
Later that day 2,500 rows are added. On Wednesday at 9:00 AM, the 2,000 emails start sending, since GMass will respect your account’s limits. That batch of 2,000 finishes on Wednesday at 10:30 AM.
The next batch will send 25 hours from Wednesday at 10:30 AM, so Thursday at 11:30 AM.

Now let’s say that when those 2,500 rows were added, you modified your campaign to send only 1,000 emails/day max. On Wednesday at 9:00 AM, those 1,000 emails send and finish at 9:45 AM, and now the next batch of 1,000 won’t send until Thursday at 9:45 AM. If we sent it on Thursday at 9:00 AM, then GMass would analyze the last 24 hours and see that you’ve already sent 1,000 emails for that campaign in the last 24 hours and wouldn’t send any new emails.

The “Force multi-day campaigns to start at same time” setting

Here’s a direct link to this setting.

This setting only alters campaign behavior for distributed campaigns that are sending more than 50% of the account’s allowance daily. Without this setting on, the campaign will schedule itself for the next day at the point in time that is 24 hours from when the prior batch finishes. With this setting on, the campaign will schedule itself for the next day at a consistent start time. The 50% rule is in place to prevent your account from suffering “over limit” bounces, so only enable this setting if you’re sure your account can handle your campaign sending a large volume at a consistent time every day.

When an unexpected event occurs during sending

Occasionally when sending a batch of emails for your campaign, an unexpected event might temporarily alter the timing of your campaign. These unexpected events include:

Running into over-limit bounces before you’ve exhausted your Gmail limits
A temporary error with the Gmail API
A temporary error with the GMass internal database. Timeout errors are rare but do happen every so often.
A code update to our servers which temporarily halt your campaign sending

When such an event happens, your campaign will eventually continue sending and pick right back up where it left off. This, however, may break the day’s sending up into two batches instead of one. For example, if you have a distributed campaign that sends 50 emails/day every day at 9:00 AM, and on the second day, after sending 20 emails, there’s a glitch at 9:10 AM, the campaign might automatically continue sending starting 30 minutes later at 9:40 AM. Let’s say that the remaining 30 emails for the day are then sent and the campaign finishes at 10:05 AM. Even though this batch started at 9:40 AM, the campaign will intelligently schedule itself for the next day based on your intended schedule, so it will then schedule itself to send at 9:00 AM the next day. This will only happen if your campaign meets the “under 50% rule” or has the “Force next batch to send at start time” setting ON, as described above. If your campaign’s daily limit is set to more than 50% of your account’s allowance and doesn’t have the “Force batch…” setting ON, then the campaign’s next send time would be the next day at 10:05 AM.

TL; DR

Here are the rules:

If GMass runs into your daily account limits, where Gmail isn’t bouncing the emails, GMass will send the next batch 25 hours from the batch end time. If, however, you have enabled the “Force multi-day campaigns to start at same time” setting, then it will send the next batch 24 hours from the batch start time, providing a consistent daily start.
If GMass runs into a daily limit that you’ve set for your campaign, where Gmail isn’t bouncing the emails, GMass will send the next batch either 24 hours from the batch start time or batch end time, based on whether your campaign limits is less than or greater than 50% of your account’s daily limits and based on whether you have enabled the “Force multi-day campaign to start at same time” setting.
If GMass detects that your account is bouncing emails, it will pause and re-attempt sending 4 hours later. After getting that cycle’s emails out, if it meets the 50% rule or the “Force multi-day…” setting is enabled, then the campaign will resume sending the next day on your set schedule. If it doesn’t meet the 50% rule and that setting isn’t enabled, it will resume sending the next day 24 hours from when it finished sending the last set of emails.
If you’re sending a daily recurring campaign, and GMass doesn’t run into any limits, including your max account limits or a daily limit you’ve set, then each batch will send at the same time every day. If GMass runs into either your account’s daily limit or a limit you’ve set for sending, then rules 1 and 2 apply.
Additionally, if you’re using the Skip Weekends setting, then the same logic applies, except the next batch would advance to the next day that isn’t a weekend.
Additionally, if you’re using the Long Delay Between Emails setting, then that can make the batch ending time much greater than the start time. Your 200 email batch starting Monday at 9:00 AM may not end until Monday at 12:00 PM, and so if you’ve set your daily sending limit to be 200, the next batch wouldn’t then send until Tuesday at 12:00 PM.

Best Practices

All these rules can be confusing. But we’ve implemented the logic in a way that we think makes the most sense, doesn’t break Gmail’s rules while still getting your emails out as quickly as possible.

If it’s important that each daily batch of emails is sent at the same time daily, then make sure your that either a) campaign’s max limit is set to less than 50% of your account’s daily limits or b) you’ve enabled the “Force multi-day” setting. To meet the 50% rule, if you’re using an @gmail.com account, set your campaign limits to 225/day or less. If you’re using a G Suite account, set your campaign limits to 950/day or less.
If setting up a daily recurring campaign connected to a spreadsheet, don’t add more rows to your spreadsheet daily than you want sent daily. Also, make sure if you set a daily limit, that this number is higher than the number of new rows you add daily.
Pay attention to the explanation of how many emails were sent and why, at the bottom of campaign email notifications you receive whenever a batch finishes sending.

Ajay Goel

Ajay is the founder of GMass and has been developing email sending software for 20 years.

twitter.com/PartTimeSnob

Love what you're reading? Get the latest email strategy and tips & stay in touch.

On June 12, 2018, Google disabled inline installation of Chrome extensions. This means that now you can’t directly install an extension from a company’s website–you can only do it directly from the Chrome Web Store.

In response, companies are creating workarounds to allow for a seamless user experience, and in this post, I will showcase examples from different companies.

In all cases, the company’s web page needs to send the user to the Chrome Web Store for the install, but there are different ways to do that. Below are examples from well-known Gmail extensions.

Note that if a developer does nothing, and leaves the inline install code in place, then the default behavior is to already send the user to that extension’s Chrome Web Store listing. As you’ll see in Method 1 though, some companies are launching it in a popup instead.

Method 1: Launch the Chrome Store in a smaller popup window:

Streak CRM for Gmail. When you click either the “GET STREAK” button in the upper right or the “Add to Gmail” button, it launches the Chrome Web Store install page for Streak, but in a small popup window, so that the focus is on the blue “Add to Chrome” button found there.
Streak pops up a window zoomed to show the “Add to Chrome” button.

Interestingly, if you then close that popup and return to the Streak webpage, there is now another popup window with a button that says “Available in the Chrome Web Store”. There is also a sentence that reads, “Install by clicking the blue [Add to Chrome] button in the Chrome Web Store”, with the final words linked to their listing.

Streak’s webpage creates a 2nd popup to remind you to install via the Chrome Web Store.

Clicking either the button or the link then opens a new tab pointing to the Streak page in the Chrome Web Store (see Method 2).
Grammarly: When you click their button, they also launch the Chrome Web Store install page in a popup.
Grammarly’s install popup.

But they also change their website’s page to one with a button with a message that says “Restart installation” and an arrow that says “Click to get started”:

Grammarly page changed to direct user back to the Chrome Web Store to install.

Clicking that button raises the Chrome Web Store popup back into view. This reinforces to the user that the extension must be installed from the Chrome Web Store. If the user clicks “Not now” in the page shown above, the page will change to a sign-up form for the Grammarly service.

Method 2: Launch a browser tab with the Chrome Web Store install page for that extension.

Sortd: Clicking on the red “Try it for FREE” button in the upper right (which only appears after you scroll down the page a bit), shown here:
The Sortd “Try it for FREE” button.

…opens a new tab in your browser with the Chrome Web Store. Like Method 1 of using a popup, this is a good solution, because it keeps the Sortd web page open in the other tab. Users can still easily refer back to it.

Sortd opens a 2nd tab for the Chrome Web Store.
Gmelius: When you click either “GET GMELIUS” in the upper right hand corner, or “INSTALL GMELIUS FOR FREE”, the same thing occurs: They launch the Chrome Store in a new browser tab.
Gmelius also opens a browser tab.

However, the page behind now instructs the user to click “Add extension”, which doesn’t make sense because there is no button with that label.

Gmelius website now has an instruction to click “Add extension”–but there is no such button.
ActiveInbox: They achieve what I think Gmelius is trying to do, which is prevent potential users from missing the fact that they need to install the extension from the Chrome Web Store. Take a look:
The ActiveInbox page changes to ask why the user hasn’t installed via the Chrome Web Store.

As you can see, they do this by changing their website in response to users clicking back from the Chrome Web Store tab. It has a message area that says, “We see you had a hiccup with the Install Popup…” then asks, “Is there a reason you didn’t install ActiveInbox via the popup?” and provides fields for the potential user to provide this feedback. Kudos to them for going the extra mile in helping to comfortably funnel new customers to getting underway with their service.
Ginger Page for Chrome: They have an interesting phrasing on their page. They instruct the user to “Download” the Chrome extension, and, in smaller text below that button, instructions for adding the extension from within the Chrome Web Store.
Ginger Page for Chrome asking user to “Download” the extension.

“Download” is a term we typically don’t associate with Chrome extensions nowadays, though technically the code has to be downloaded before it is integrated into Chrome. But these instructions are also inaccurate in that clicking that “Download” button simply launches a new tab to the Chrome Web Store–it doesn’t actually download anything.
Todoist for Gmail: Like Ginger Page for Chrome, they also have a “Download” button–but it just launches a tab to the Chrome Web Store where you have to Add the extension. Unlike Ginger Page, though, they don’t mention that you have to click the “Add” button once there.
BitBounce: This site uses a somewhat less clear button to direct you to the Chrome Web Store, one that is labeled, “Gmail for Chrome”.
The somewhat unclear label of Bitbounce integrated with Gmail using Chrome.

Method 3: Switch the current web page to the Chrome Store install page

Boomerang. When you click on the big red “Add this to your Gmail!” button, the web page is redirected to the Chrome Web Store. This has the disadvantage that you are now no longer on the Boomerang page, where you could have learned more about the product. You can always hit the back button to return there, but it tends to break the flow of the installation and product exploration process. The two pages are shown below.
Before pressing the button:

Boomerang web page before clicking the button.

After:

Boomerang page now changed to the Chrome Web Store.

Hybrid of Methods 2 and 3

Clearbit Connect: Apparently they really doesn’t want you to miss the point that you should install their extension through the Chrome Web Store. They actually open a new tab to the Chrome Web Store and change the original tab with their webpage also to the Chrome Web Store. The disadvantage here is that this can be confusing to users, who may wonder what happened to the webpage they were viewing and why there are now two of the same tab.

Ajay Goel

Ajay is the founder of GMass and has been developing email sending software for 20 years.

twitter.com/PartTimeSnob

Love what you're reading? Get the latest email strategy and tips & stay in touch.

If you’re a developer using any part of Google’s API, you’ve likely received notices informing you that come March 7, 2019, the Google+ API will be shut down. There’s been some confusion in Google’s notices that makes it unclear exactly what will still be available after the shutdown, so in light of this confusion, I’ll show you what we at GMass have done to address the issue, and how we’ll use Google’s OAuth2 mechanism to still create accounts and retrieve a user’s email address after a successful OAuth flow.

What’s the confusing part?

In Google’s earlier notices, anyone that had made a call to people.plus.get received a notice that looked like:

A few days later though, Google clarified that only projects that directly use the scope plus.me would be affected, in this notice:

This notice is still confusing because although it says that only projects that call the plus.me scope directly are affected, it goes onto say that a project making “any Google+ API calls” should be updated.

Take GMass for example. GMass doesn’t request the plus.me scope directly, but DOES make a call to a Google+ API method.

How GMass is addressing the issue

This is the C# code where we make a call to the Google+ API method people.get:

UserCredential credential = new UserCredential(flow, "me", token);
var plusService = new PlusService(new BaseClientService.Initializer
{
                        HttpClientInitializer = credential,
                        ApplicationName = "Gmass"
});
var person = await plusService.People.Get("me").ExecuteAsync();
string emailAddress = person.Emails.First().Value;

So is GMass affected? I’m not sure. In this Stack Overflow article, the respondent mentions that calls to people.get method are likely to work for years to come, but even he’s not certain. To be safe, we’ve decided to request the user’s email address from the Gmail API rather than the Google+ API. In C#, that looks like:

UserCredential credential = new UserCredential(flow, "me", token);
GmailService service = new GmailService(new BaseClientService.Initializer
{
                        HttpClientInitializer = credential,
                        ApplicationName = "Gmass"
});
string emailAddress = service.Users.GetProfile("me").Execute().EmailAddress;

So there you have it. We are now retrieving the user’s email address using the getProfile method which is part of the Gmail API. We are able to do this because one of the scopes that GMass requests is the https://mail.google.com API scope. If your project is not a Gmail extension, you likely are not requesting this scope, and may need to find another method to retrieve the user’s email address.

Ajay Goel

Ajay is the founder of GMass and has been developing email sending software for 20 years.

twitter.com/PartTimeSnob

Love what you're reading? Get the latest email strategy and tips & stay in touch.

I’ve finally found a way to get around Zendesk’s attachment size limit, and it’s been staring me in the face for years. As an email sysadmin, I’m embarrassed I didn’t think of this sooner.

We use Zendesk as the primary support system for GMass, and it’s always frustrating when a user sends us a screenshot or a video demonstrating an issue, only to find that Zendesk blocks it with the orange warning icon. In fact, lots of people are frustrated by this. We then have to ask the user to email it to us directly, which isn’t hard, but breaks the communication flow by taking the experience outside of Zendesk, which is annoying. We’ve always been on the Essentials Plan, which is only $9/month/agent, and limits attachments to 1 MB, and I’ve been hesitant to upgrade to the Team level at $29/month which allows 7 MB attachments, or the Professional Level for $49/month which allows 20 MB attachments, because the one feature I need is larger attachment handling. For that price difference, I don’t mind asking users to email us attachments directly.

Keep in mind, this solution works to get around the attachment limit when YOUR USER needs to send you, the agent, a large attachment. This doesn’t work so well when you, the agent, need to send the end user a large attachment, because you don’t want to burden your user with these extra steps. As the agent, however, or the entrepreneur who’s paying Zendesk, I’m assuming you don’t mind a few simple steps to save money. Besides, if the agent needs to send a large attachment, just do it via a Dropbox link.

Here’s the solution

To view attachments when Zendesk blocks them, do this:

Click the orange warning triangle.
Click the “warning” symbol.
Choose to view the email source.
Choose the “View Email Source” option.
Click over to the last tab, Email Source.
Click the “download” link.
Download the source and open the file.
Open the EML file.
You now have an EML file sitting on your computer. An EML file is a basic email message file, that can be opened by any modern desktop email client, on Windows or Mac. I’m a Mac user, so I have Apple Mail on my machine, even though I don’t use Apple Mail at all. Still, for this purpose, Apple Mail will do the trick. It opens the EML file and reveals the attachments that Zendesk had blocked.
Enjoy your huge file that Zendesk blocked. Except that Zendesk didn’t REALLY block it.

This does require a few steps, but I see it as a far better solution than asking my user to re-send the attachment by email, which hits me with a tinge of embarrassment each time.

So just how big can you go?

It all depends on the email system; it’s no longer a Zendesk limitation.

Limitations of this trick

You can only use this trick if the message was sent to Zendesk via email. If you, the agent, or your end user are using the Zendesk interface directly to communicate, you’ll be stopped from attaching files larger than what your plan allows. That’s actually a reason to NOT use the Zendesk interface and use email instead. We’re power-Gmail users over here at GMass, so we’re glued to the Gmail web interface all day long. However, if you the agent use email to respond to a ticket and you attach a large file, then the end user receives that message via email, the attachment will be removed, and no warning will be given to the user that there was an attachment stripped to begin with. The warning is only present in the Zendesk interface.

The Bottom Line

If you want to save money on your Zendesk plan, you don’t need to upgrade your plan just to be able to receive large attachments from your users. Use my trick. If you need to send large attachments to your users, do it via a Dropbox link.

Oh, one more thing

If you have non-English speaking support agents providing support to English-speaking customers, then let me tell you about my other service, Wordzen, that could benefit you. If you use Gmail as your Zendesk interface, meaning your agents respond to tickets via Gmail rather than through Zendesk directly, Wordzen can make sure your responses are in perfect English. Wordzen is a plugin for Gmail that allows my team of English experts to proofread an email. It also will take an agent’s voice instructions and write the perfect email for you.

Ajay Goel

Ajay is the founder of GMass and has been developing email sending software for 20 years.

twitter.com/PartTimeSnob

Love what you're reading? Get the latest email strategy and tips & stay in touch.

My first message to the GMass VIP Slack group.

If one of the following describes you:

You’ve been a consistent GMass user for longer than a year
You’re doing something particularly unique with GMass
You use GMass on a daily basis
You’re stretching GMass’s capabilities to its limits, perhaps by sending hundreds of thousands or millions of emails with it

Then I invite you to apply to join the GMass VIP Slack Group. This is an invite-only group of power users that I recently started, where I share tips and tricks, screenshots of upcoming features, solicit feedback from you, and have you test new features before they’re released to everyone else. You also have a direct communication channel with me to ask me any complex questions that have been eating away at you. You’ll have influence over the direction of the product. You’ll learn the ins-and-outs of GMass as a SaaS product and a business.

If you think you’d be a good fit, send me an email at gmassvip AT wordzen DOT com, and tell me why you’d be a good member of the group. There is no charge to be in the group.

Ajay Goel

Ajay is the founder of GMass and has been developing email sending software for 20 years.

twitter.com/PartTimeSnob

Love what you're reading? Get the latest email strategy and tips & stay in touch.