The Complete Email Deliverability Guide

Email Concepts Encyclopedia

ELI5: Deliverability is not the same as delivery. Delivery means the receiving server accepted your email. Deliverability means it landed in the inbox, not the spam folder. Think of it like mailing a package: delivery is getting it to the building; deliverability is getting it to the right person’s desk instead of the dumpster out back.

Everything that determines whether your email reaches the inbox — authentication, reputation, content, list hygiene, warming, and monitoring — in one place.

The Deliverability Equation

Email deliverability is the result of four factors working together:

Authentication — Proving you are who you say you are
Reputation — Your historical track record as a sender
Content — What your message contains and how it is structured
List quality — Whether your recipients actually want your email

Each factor is necessary but not sufficient on its own. Perfect authentication cannot save a sender with terrible reputation. Excellent content will not help if you are sending to a list full of spam traps. This guide covers all four pillars and how they interact.

Pillar 1: Authentication

Authentication is the foundation. Without it, nothing else matters. You need three protocols configured correctly, and they must work together.

SPF

SPF publishes which servers are authorized to send mail for your domain. Set it up as a DNS TXT record:

example.com. IN TXT "v=spf1 include:_spf.mailertogo.com -all"

Key rules: stay under 10 DNS lookups, use -all (hard fail) once you are confident in your record, and audit regularly to remove services you no longer use.

DKIM

DKIM adds a cryptographic signature to every message. The receiving server verifies it against a public key published in your DNS. DKIM proves the message was sent by your domain and was not modified in transit.

mtg._domainkey.example.com. IN CNAME mtg._domainkey.mailertogo.com.

Ensure your DKIM signing domain (d=) matches your From: header domain for DMARC alignment. Use at least 2048-bit RSA keys.

DMARC

DMARC ties SPF and DKIM together with a policy. Start with monitoring, then enforce:

; Phase 1: Monitor (collect data, do not enforce)
_dmarc.example.com. IN TXT "v=DMARC1; p=none; rua=mailto:dmarc@example.com"

; Phase 2: Quarantine (filter failures to spam)
_dmarc.example.com. IN TXT "v=DMARC1; p=quarantine; rua=mailto:dmarc@example.com"

; Phase 3: Reject (block failures completely)
_dmarc.example.com. IN TXT "v=DMARC1; p=reject; rua=mailto:dmarc@example.com"

Read your DMARC aggregate reports before moving from p=none to p=reject. The reports will show you which legitimate services are sending mail as your domain and whether they are properly authenticated. Do not skip this step.

The authentication checklist

SPF record published with -all
DKIM signing enabled with 2048-bit keys
DMARC record published, progressing toward p=reject
DKIM d= domain aligns with From: header domain
SPF domain aligns with From: header domain (or DKIM alignment covers you)
MTA-STS published to enforce TLS on inbound mail to your domain
List-Unsubscribe and List-Unsubscribe-Post headers on all bulk/marketing email

Pillar 2: Reputation

Sender reputation is the accumulated trust score that mailbox providers assign to your IP addresses and domains. It is built over time and can be destroyed quickly.

Building reputation

Warm new IPs and domains gradually. Start with 50–100 messages per day to your most engaged recipients. Double every 2–3 days. Full ramp-up takes 2–4 weeks.
Maintain consistent volume. Sudden spikes or long gaps both damage reputation. If you send 10,000 messages daily, do not suddenly send 200,000.
Send wanted mail. Reputation ultimately reflects recipient behavior. If people open, read, and reply to your email, your reputation improves. If they ignore it, delete it, or report it as spam, your reputation declines.

Protecting reputation

Monitor complaint rates. Keep spam complaints below 0.1%. Above 0.3% is an emergency. Register for every available feedback loop.
Monitor bounce rates. Hard bounces above 2% signal list quality problems. Remove bounced addresses immediately and permanently.
Check blocklists regularly. A Spamhaus listing you do not know about is silently killing your delivery.
Separate mail streams. Use different subdomains (and ideally different IPs) for transactional mail (mail.example.com) and marketing mail (promo.example.com). If marketing reputation suffers, your transactional delivery is protected.

Pillar 3: Content

Content matters, but less than you might think. Reputation and authentication are more important. That said, poor content can still land a trusted sender in spam.

Content best practices

Write a clear, honest subject line. Misleading subject lines trigger spam reports and violate CAN-SPAM and similar laws.
Balance text and images. Do not send image-only emails. Include meaningful text content alongside images.
Use your own domain for links. Avoid shared link shorteners (bit.ly, tinyurl). Use a tracking domain on your own domain.
Include a plain-text part. Send multipart/alternative with both HTML and text versions. Some filters penalize HTML-only messages.
Make unsubscribing easy. A visible, functional unsubscribe link reduces spam complaints because recipients who want to leave can do so without hitting "Report Spam."
Avoid deceptive techniques. No hidden text, no misleading headers, no invisible tracking pixels that compromise privacy.

The unsubscribe imperative

Since 2024, Gmail and Yahoo require bulk senders to implement RFC 8058 one-click unsubscribe. This means including both headers:

List-Unsubscribe: <https://example.com/unsub?id=abc123>
List-Unsubscribe-Post: List-Unsubscribe=One-Click

The List-Unsubscribe-Post header enables the mailbox provider to show an unsubscribe button in the UI that works with a single click, without requiring the recipient to visit a web page. This is now mandatory for bulk senders.

Pillar 4: List Quality

Your list is your most important deliverability asset. Every other optimization is undermined by a bad list.

Building a clean list

Use double opt-in (confirmed opt-in). After signup, send a confirmation email. Only add the address to your list after they click the confirmation link. This ensures valid addresses and genuine consent.
Validate at the point of collection. Check syntax, verify the domain has MX records, and catch common typos (gmial.com, yaho.com) before the address enters your system.
Never purchase email lists. Purchased lists contain spam traps, outdated addresses, and people who never consented. One campaign to a purchased list can destroy months of reputation building.

Maintaining list hygiene

Process bounces immediately. Hard bounces (5xx) — remove permanently. Soft bounces (4xx) — retry, but suppress after 3–5 consecutive failures.
Honor complaints immediately. When you receive a complaint via a feedback loop, suppress that address. Never send to them again.
Sunset inactive subscribers. If a recipient has not opened or clicked any email in 6–12 months, move them to a re-engagement segment. If they do not re-engage after a dedicated campaign, suppress them. Continuing to send to unengaged recipients drags down your engagement metrics and reputation.
Re-validate periodically. Run your list through a validation service every 3–6 months to catch addresses that have become invalid since they were collected.

Subdomain Strategy

Separating your mail streams across subdomains is one of the most effective deliverability strategies. Here is a common setup:

Subdomain	Purpose	Why
`mail.example.com`	Transactional email	Password resets, receipts, notifications. Must reach the inbox. Isolated from marketing reputation.
`promo.example.com`	Marketing / bulk email	Newsletters, promotions. Higher complaint risk. Damage stays contained.
`example.com`	Corporate / person-to-person	Employee email. Should not carry any automated sending reputation.

Each subdomain gets its own SPF, DKIM, and DMARC records. Each builds its own reputation independently. If your marketing subdomain takes a reputation hit, your transactional mail continues to flow.

Monitoring and Metrics

You cannot improve what you do not measure. Track these metrics:

Metric	Healthy Range	Action Threshold
Delivery rate	>97%	<95% — investigate bounces
Bounce rate (hard)	<0.5%	>2% — list quality problem
Spam complaint rate	<0.05%	>0.1% — warning; >0.3% — critical
Open rate (marketing)	15–25%	<10% — engagement or deliverability problem
Unsubscribe rate	<0.5%	>1% — content or frequency problem

Use these monitoring tools:

Google Postmaster Tools — Domain/IP reputation, spam rates, authentication rates for Gmail
Microsoft SNDS — IP-level data for Outlook.com
DMARC aggregate reports — Authentication pass/fail across all providers
Blocklist monitoring services — Automated alerts for new listings
Your ESP's dashboard — Bounce rates, complaint rates, delivery rates

Troubleshooting Delivery Problems

Messages going to spam at Gmail

Check Google Postmaster Tools for domain reputation. If it is Low or Bad, you have a reputation problem.
Verify authentication: SPF, DKIM, and DMARC should all pass. Check the Authentication-Results header in a test message.
Check your spam complaint rate in Postmaster Tools. Above 0.3% is the likely cause.
Review your list: are you sending to unengaged recipients? Prune inactive addresses.
Check for blocklist listings on your sending IPs and domains.

Messages deferred (4xx responses)

Check the specific error message. Common causes: rate limiting (you are sending too fast), greylisting (retry will work), or reputation-based throttling.
If rate-limited, slow down. Spread your sending over a longer period.
If you are warming a new IP, you may be ramping up too quickly. Reduce volume.
Check Postmaster Tools and SNDS for reputation indicators.

Messages rejected (5xx responses)

Read the rejection message carefully. It usually tells you why.
550 5.1.1 — Recipient does not exist. Remove from your list.
550 5.7.1 — Policy rejection. Often blocklist or authentication failure. Check the extended message for details.
552 5.3.4 — Message too large. Reduce attachment size.
554 5.7.1 — Content or reputation rejection. Check blocklists, authentication, and content.

Sudden drop in delivery rates

Check blocklists immediately. A new listing is the most common cause of sudden drops.
Check for authentication changes. Did a DNS record change? Did DKIM keys rotate incorrectly?
Check for infrastructure changes. New IP address? DNS provider change? TLS certificate expiry?
Review recent sends. Did you send to a new, unvalidated list segment? Import a list from a partner?

The Deliverability Checklist

A complete checklist for deliverability readiness:

Authentication: SPF (-all), DKIM (2048-bit, aligned), DMARC (progressing to p=reject)
Transport security: TLS on all connections, MTA-STS published, TLSRPT configured
DNS: Valid MX records, PTR records on sending IPs, no DNS propagation issues
Unsubscribe: RFC 8058 one-click unsubscribe on all marketing/bulk mail
Feedback loops: Registered with Outlook JMRP, Yahoo CFL, and any other available FBL
Bounce handling: Automated processing — hard bounces suppressed permanently, soft bounces retried and eventually suppressed
List hygiene: Double opt-in, typo detection at signup, regular re-validation, inactive subscriber sunsetting
Reputation monitoring: Google Postmaster Tools, Microsoft SNDS, blocklist monitoring, DMARC reports
Subdomain separation: Transactional and marketing mail on separate subdomains
IP warming: New IPs warmed gradually over 2–4 weeks

Key Takeaways

Deliverability is a system, not a setting. It requires ongoing attention to authentication, reputation, content, and list quality.
Authentication is table stakes. SPF + DKIM + DMARC is the minimum. Without them, you are fighting with one hand tied behind your back.
Reputation is earned and maintained. It takes weeks to build and can be destroyed in a single bad send.
Your list is your most important asset. No amount of technical optimization compensates for sending to people who do not want your email.
Separate your mail streams. Do not let marketing reputation drag down transactional delivery.
Monitor everything. Postmaster Tools, SNDS, blocklists, bounce rates, complaint rates — check them regularly.
When in trouble, start with blocklists and authentication. These are the most common causes of sudden deliverability drops.