IP and Domain Reputation

Email Concepts Encyclopedia

ELI5: Imagine a new restaurant opens in town. Nobody has eaten there yet, so nobody trusts it. If the first few customers love it, word spreads and more people come. If early customers get food poisoning, the restaurant is done. IP and domain reputation work the same way — mailbox providers track your sending history and use it to decide whether your email reaches the inbox, lands in spam, or gets rejected at the door.

How mailbox providers decide whether to trust your email — and the systems that score your sending infrastructure behind the scenes.

What Is Sender Reputation?

Every time you send an email, the receiving mailbox provider evaluates your trustworthiness. This evaluation is called sender reputation, and it is the single most important factor in whether your email reaches the inbox.

Reputation is not a single number. It is a composite score derived from multiple signals, maintained independently by every major mailbox provider. Gmail's view of your reputation is different from Outlook's, which is different from Yahoo's. There is no universal reputation database.

Two primary identifiers carry reputation:

IP reputation — The score associated with the IP address your mail server uses to connect to the receiving server.
Domain reputation — The score associated with the domain in your From: header, your DKIM signing domain (d=), and your envelope sender domain.

Historically, IP reputation dominated. Today, domain reputation has become equally or more important, particularly at Gmail, which explicitly weights domain reputation above IP reputation in its filtering decisions.

IP Reputation: The Network-Level Signal

When your mail server connects to a receiving server on port 25, the very first thing the receiver sees is your IP address. Before any EHLO, before any envelope, before any content — the IP is known. This makes it the earliest possible filtering signal.

IP reputation is shaped by:

Volume and consistency — Sudden spikes from an IP that normally sends little mail are suspicious.
Bounce rate — Sending to many invalid addresses suggests a purchased or scraped list.
Spam complaint rate — Recipients clicking "Report Spam" directly damages the sending IP's reputation.
Spam trap hits — Sending to addresses that are known to be inactive or purpose-built traps is a strong negative signal.
Blocklist presence — Listing on major blocklists (Spamhaus, Barracuda, etc.) is often checked at connection time.
Authentication results — Consistently passing SPF, DKIM, and DMARC builds trust.

The IP neighborhood problem

IP addresses are allocated in blocks. If your IP is in a range that has historically been used by spammers, you inherit some of that reputation even if you have never sent a single email. This is why the IP address you send from matters — and why reputable email service providers carefully manage their IP pools.

Domain Reputation: The Identity-Level Signal

Domain reputation is tied to your sending domain identity, not a specific IP address. This makes it portable — if you change IPs or email service providers, your domain reputation follows you.

Providers build domain reputation from:

DKIM signing domain (d=) — The most reliable identifier because it is cryptographically verified.
From: header domain — What the recipient sees.
Envelope sender domain (MAIL FROM) — Used for bounce routing and SPF checks.
Engagement signals — At Gmail especially, whether recipients open, reply to, or delete your messages without reading them factors into domain reputation.

Domain reputation is increasingly the primary signal. Google's Postmaster Tools, for example, reports domain reputation as a separate metric from IP reputation, and the domain score often matters more for inbox placement.

Shared vs. Dedicated IPs

When you use a transactional email service, your mail may be sent from a shared IP pool (used by many customers) or a dedicated IP (used only by you). Each approach has tradeoffs.

Shared IPs

Advantage: The IP already has established reputation from existing traffic. You benefit immediately from the pool's history.
Advantage: No warming required. The IP is already sending consistent volume.
Risk: Another sender on the same IP can damage the shared reputation. A well-managed provider mitigates this by monitoring all senders and removing bad actors quickly.
Best for: Low to moderate volume senders who do not send enough mail to sustain a dedicated IP's reputation on their own.

Dedicated IPs

Advantage: Your reputation is entirely in your own hands. No other sender can affect it.
Advantage: Full control over sending patterns and volume.
Risk: A brand-new dedicated IP has no reputation. You must warm it carefully.
Risk: If your volume drops significantly (holidays, seasonal business), the IP can lose its established reputation.
Best for: High-volume senders (typically 100,000+ messages per month) who can maintain consistent daily volume.

The threshold matters: a dedicated IP sending 500 emails per day does not generate enough positive signal to build strong reputation. The receiving providers simply do not have enough data points to form a judgment, and the IP remains in an uncertain state.

IP Warming: Building Reputation from Zero

A new IP address has no sending history. Mailbox providers treat unknown IPs with suspicion — not blocking them outright, but throttling them and watching closely. IP warming is the process of gradually increasing send volume to build a positive reputation.

A typical warming schedule

Day	Daily Volume	Notes
1–2	50–100	Send only to your most engaged recipients
3–4	200–500	Monitor bounces and complaints closely
5–7	1,000–2,000	Check Postmaster Tools for reputation indicators
8–14	5,000–10,000	Expand to broader recipient segments
15–21	20,000–50,000	Approaching full volume
22–30	Full volume	Reputation should be established

Key warming principles:

Start with your best recipients. Send first to people who have recently opened or clicked your emails. Their positive engagement teaches providers that your IP sends wanted mail.
Increase gradually. Doubling volume every 2–3 days is a common cadence. Jumping from 100 to 100,000 overnight will trigger throttling or blocking.
Maintain consistency. Do not warm for two weeks and then go silent for a week. Gaps reset progress.
Separate by provider. If possible, track warming progress per destination (Gmail, Outlook, Yahoo) since each evaluates independently.
Watch the signals. Rising bounce rates, deferrals (4xx responses), or spam folder placement during warming mean you are going too fast.

Domain warming

A new domain also needs warming, independent of IP warming. If you register a brand-new domain and immediately start sending 50,000 emails, providers will be suspicious regardless of your IP's reputation. The same gradual ramp-up applies to new domains.

Feedback Loops (FBLs)

A feedback loop is a service offered by mailbox providers that notifies you when a recipient marks your message as spam. When a user clicks "Report Spam" (or the equivalent), the provider sends an ARF report (Abuse Reporting Format, RFC 5965) back to the sender.

FBL reports typically contain:

The original message (or key headers)
The recipient who complained
The type of feedback (usually "abuse")

Major FBL programs:

Outlook/Hotmail (JMRP and SNDS): Microsoft's Junk Mail Reporting Program sends ARF reports. Their Smart Network Data Services dashboard shows IP-level data.
Yahoo: Provides a complaint feedback loop via their CFL program.
Gmail: Does not offer a traditional FBL. Instead, Gmail uses the Feedback-ID header and provides aggregate data through Postmaster Tools. You cannot get individual complaint notifications from Gmail.

When you receive a complaint through an FBL, the correct response is to immediately suppress that address. Do not send to them again. A complaint rate above 0.1% (1 complaint per 1,000 messages) is a warning sign. Above 0.3% is critical — you are likely already seeing deliverability degradation.

Blocklists (DNSBLs)

DNS-based blocklists (RFC 5782) are databases of IP addresses and domains known to send spam. Receiving servers query these lists in real time during SMTP transactions.

How a DNSBL lookup works:

; To check if 198.51.100.42 is listed on blocklist.example.org, ; reverse the IP octets and query: 42.100.51.198.blocklist.example.org. IN A ; If a record exists (typically 127.0.0.x), the IP is listed. ; No record (NXDOMAIN) means the IP is not listed.

Major blocklists and their impact:

Spamhaus SBL/XBL/PBL: The most widely used blocklist. A Spamhaus listing will cause widespread delivery failures. The SBL lists known spam sources, the XBL lists compromised machines, and the PBL lists IP ranges that should not be sending mail directly (residential IPs, etc.).
Spamhaus DBL: A domain-based blocklist, checking the domain in URLs and From: headers rather than the sending IP.
Barracuda (BRBL): Widely used by enterprise spam filters.
SpamCop: Driven by user reports. Listings expire automatically after activity stops.
URIBL/SURBL: These list domains found in message bodies (URIs), not sending IPs. A link to a listed domain in your email content can trigger filtering.

Getting delisted

If you land on a blocklist:

Identify the cause. Blocklists do not list IPs randomly. Something triggered it — a spam trap hit, a compromised account, a sudden volume spike from a bad list.
Fix the root cause. Requesting delisting without fixing the problem will result in immediate re-listing.
Request removal. Most blocklists have a self-service removal process. Spamhaus requires you to resolve the issue first. SpamCop listings expire automatically.
Monitor. After delisting, watch closely for recurrence.

Spam Traps

Spam traps are email addresses specifically used to identify senders with poor list hygiene. There are several types:

Pristine traps: Addresses that were never used by a real person. They were created solely to catch scrapers and list purchasers. Hitting a pristine trap is a severe negative signal — it means you obtained the address through illegitimate means.
Recycled traps: Addresses that once belonged to real users but were abandoned and later repurposed as traps. Hitting these indicates you are not cleaning your list of inactive addresses. Mailbox providers typically disable an address for 6–12 months before repurposing it.
Typo traps: Addresses at common misspellings of major domains (e.g., gmial.com, yaho.com). These catch senders who do not validate email addresses at the point of collection.

You will never know which specific addresses on your list are spam traps. The only defense is good list hygiene: confirm subscriptions with double opt-in, remove bouncing addresses, and sunset addresses that have not engaged in 6–12 months.

Reputation Across Multiple Providers

A critical point that many senders miss: reputation is per provider. Your reputation at Gmail is independent of your reputation at Outlook, which is independent of your reputation at Yahoo. Each provider maintains its own scoring system based on its own observations.

This means:

You can have excellent delivery at Gmail and terrible delivery at Outlook simultaneously.
A blocklist listing might devastate Outlook delivery (which checks blocklists aggressively) while barely affecting Gmail delivery (which relies more on its own internal data).
High complaint rates from Yahoo users can destroy your Yahoo reputation without affecting Gmail, because Gmail does not see Yahoo's complaint data.

Monitor delivery metrics per destination provider. Aggregate delivery rates hide provider-specific problems. A 95% overall delivery rate might mask a 70% rate at Outlook that is dragging down the average.

The Reputation Recovery Playbook

Recovering from damaged reputation is significantly harder than maintaining good reputation. Here is the general approach:

Stop the bleeding. Immediately pause sending to the affected provider(s). Continuing to send into a damaged reputation accelerates the decline.
Diagnose the root cause. Check blocklists, complaint rates, bounce rates, spam trap hits, and authentication failures. The cause determines the fix.
Fix the underlying problem. Clean your list. Suppress complainers. Fix authentication. Remove spam trap addresses (which you cannot identify directly — remove all unengaged addresses as a proxy).
Re-warm gradually. Resume sending at very low volume, starting with your most engaged recipients only. Follow the same warming schedule you would use for a new IP.
Monitor recovery. Use Postmaster Tools, SNDS, and delivery metrics to track improvement. Recovery typically takes 2–6 weeks of clean sending.

If the damage is severe (domain reputation at "Bad" in Google Postmaster Tools), consider whether a new subdomain for the affected mail stream might be faster than rehabilitating the existing one. This is a last resort — the new subdomain starts from zero and must be warmed.

Monitoring Your Reputation

Do not fly blind. Use these tools to track your reputation:

Google Postmaster Tools: Shows domain and IP reputation at Gmail (categorized as High, Medium, Low, Bad), spam rates, authentication rates, and encryption rates. This is the single most important monitoring tool if you send to Gmail recipients.
Microsoft SNDS: Smart Network Data Services provides IP-level data for Outlook.com delivery, including spam complaint rates and trap hits.
Blocklist monitors: Services that regularly check your IPs and domains against dozens of blocklists and alert you to new listings.
DMARC aggregate reports: Your DMARC rua= reports show authentication pass/fail rates across all providers, which is a proxy for reputation health.
Bounce and complaint tracking: Your email service provider should expose bounce rates, complaint rates, and delivery rates. Monitor these daily.

What Can Go Wrong

Sending from a cold IP without warming

You provision a new dedicated IP and immediately send your full volume of 200,000 emails. Gmail defers most of them with 421-4.7.28 ... rate limited. Outlook silently routes them to spam. Your launch campaign fails. The fix: follow a warming schedule, starting with your most engaged recipients.

Ignoring FBL complaints

You receive complaint notifications but continue sending to those addresses. Your complaint rate climbs above 0.3%. Gmail moves your domain reputation to "Bad." Even your transactional emails (password resets, receipts) start landing in spam. The fix: automatically suppress any address that generates a complaint.

Blocklist listing during a campaign

Mid-campaign, your IP gets listed on Spamhaus. Delivery rates drop overnight from 98% to 40%. You did not notice because you were not monitoring blocklists. The fix: set up automated blocklist monitoring and alerting. Check before and during every major send.

Domain reputation collapse after provider switch

You switch email service providers. Your IP reputation does not transfer (it belonged to the old provider), but your domain reputation does. If your domain reputation was already damaged, switching providers will not help — the problem follows you. The fix: clean up your practices and reputation before migrating.

Shared IP contamination

Another customer on your shared IP pool sends spam. Your delivery rates drop even though you did nothing wrong. The fix: choose a provider that actively monitors shared pools and removes bad actors quickly. For high-volume senders, consider a dedicated IP.

Key Takeaways

Domain reputation is overtaking IP reputation as the primary scoring signal at major providers, particularly Gmail.
New IPs and domains must be warmed. Start with low volume to engaged recipients and ramp up gradually over 2–4 weeks.
Shared IPs trade control for convenience. Dedicated IPs give full control but require sufficient volume to maintain reputation.
Feedback loops are not optional. Register for every available FBL and suppress complainers immediately.
Blocklist monitoring is critical. A listing you do not know about is silently destroying your delivery rates.
Spam traps are invisible. The only defense is rigorous list hygiene: double opt-in, bounce removal, and engagement-based sunsetting.
Monitor continuously. Google Postmaster Tools, Microsoft SNDS, DMARC reports, and bounce/complaint rates should be part of your operational dashboard.