1. Library
  2. Computer Networks
  3. Email Protocols
  4. Deliverability

Email Deliverability Best Practices

Updated 8 hours ago

Email deliverability isn't about avoiding spam filters. It's about building trust with machines that judge you.

Every major email provider—Gmail, Microsoft, Yahoo—maintains a reputation score for your domain. Every email you send is evidence. High engagement? Your score rises. Complaints? It falls. One bad campaign can undo months of good behavior.

The spam folder isn't where bad emails go. It's where emails from untrusted senders go.

The Authentication Foundation

Before providers evaluate your content, they verify your identity. Three protocols work together:

SPF declares which servers can send email for your domain:

v=spf1 mx include:_spf.google.com -all

The -all at the end matters—it tells receivers to reject mail from unauthorized sources. Use it in production. Keep your SPF record under 10 DNS lookups or it fails silently.

DKIM cryptographically signs your messages, proving they haven't been tampered with. Use 2048-bit keys and rotate them annually.

DMARC ties SPF and DKIM together and tells providers what to do when authentication fails:

v=DMARC1; p=quarantine; rua=mailto:dmarc@example.com

Start with p=none to monitor without affecting delivery. Review the aggregate reports. When you're confident everything's configured correctly, progress to p=quarantine then p=reject.

Target 100% authentication pass rates. Not 95%—100%. Anything less signals configuration problems that erode trust.

Infrastructure That Doesn't Lie

Providers check whether your infrastructure is consistent and honest.

Reverse DNS must match forward DNS. If your server sends from 203.0.113.10, the PTR record for that IP should resolve to something like mail.example.com, and mail.example.com should resolve back to 203.0.113.10.

HELO/EHLO is how your mail server introduces itself. It should use a valid hostname that matches your reverse DNS—not an IP address, not localhost, not server1.

TLS encryption should be enabled for all connections. Use valid certificates from trusted CAs.

Reply addresses should work. noreply@example.com isn't just user-hostile—it signals that you don't care about engagement. Providers notice.

The List Is Everything

Your email list is your reputation. A clean list of engaged subscribers will reach inboxes. A dirty list will land you in spam—or get you blacklisted entirely.

Double opt-in eliminates problems before they start:

  1. User enters email address
  2. You send a confirmation email with a unique link
  3. User clicks the link
  4. Only then do you add them to your list

This catches typos, confirms ownership, and ensures the person actually wants your emails.

Never buy lists. Purchased lists contain spam traps (addresses that exist only to catch spammers), invalid addresses, and people who never asked to hear from you. Using a bought list can destroy your sender reputation in a single campaign.

Clean your list aggressively:

  • Remove hard bounces immediately and permanently
  • Remove anyone who complains or unsubscribes
  • Periodically remove subscribers who haven't engaged in 6-12 months
  • Before removing inactive users, try a re-engagement campaign—but remove those who don't respond

Content That Doesn't Trigger Suspicion

Spam filters analyze content, but not the way most people think. They're not looking for magic words—they're looking for patterns that correlate with spam.

Text-to-image ratio matters. Image-only emails are suspicious. Aim for substantial text content with images as supplements, not replacements.

Link hygiene matters more than you'd expect:

  • Don't use URL shorteners (bit.ly, tinyurl)—they hide destinations and correlate heavily with spam
  • Link to your own domain, not a scattered collection of external sites
  • Keep total link count reasonable
  • Use HTTPS for everything you link to

Subject lines should be honest. Deceptive subject lines generate complaints. Complaints destroy reputation. Keep them under 60 characters, avoid ALL CAPS, and limit exclamation points.

Personalization helps—using the recipient's name, referencing past interactions, sending segment-specific content. It signals that this email was meant for this person, not blasted to millions.

Warming Up: Teaching Gmail to Trust You

New IP addresses and domains have no reputation. Providers treat them with suspicion. You have to earn trust gradually.

This is called "warming up," and it's exactly as slow as it sounds:

Days 1-2:    50-200 emails
Days 3-5:    200-1,000 emails
Week 2:      1,000-10,000 emails
Weeks 3-4:   10,000-100,000+ emails

Send to your most engaged users first. They're most likely to open, click, and not complain—exactly the signals that build reputation.

Maintain consistent sending patterns after warm-up. Providers get nervous when a domain that sends 10,000 emails a week suddenly sends 500,000. Predictability builds trust.

Monitoring Your Reputation

You can't manage what you don't measure.

Google Postmaster Tools shows how Gmail views your domain—spam rates, authentication results, delivery errors. If you send to Gmail users, this is essential.

Microsoft SNDS provides similar visibility for Outlook and Office 365.

Blacklist checkers (MXToolbox, MultiRBL) tell you if you've landed on spam blacklists. Check regularly—daily during warm-up, weekly for established senders, immediately when you notice delivery problems.

Target metrics:

  • Open rate: >20%
  • Click rate: >2%
  • Complaint rate: <0.1%
  • Bounce rate: <2%

Complaint rate is the most dangerous metric. Above 0.1% and you're in trouble. Above 0.3% and Gmail will start sending you to spam.

Rate Limiting: Don't Flood the Gates

Providers limit how fast you can send to them:

Gmail:           ~20,000/hour
Microsoft:       ~10,000/hour
Yahoo:           ~10,000/hour
Smaller domains: 100-1,000/hour

Exceed these and you'll get throttled or blocked. Spread large campaigns over hours or days.

Handling Bounces and Complaints

Hard bounces (invalid addresses) must be removed immediately and permanently. Never retry them.

Soft bounces (temporary failures) can be retried with exponential backoff. After 5-7 failed attempts, treat them as hard bounces.

Complaints are people marking your email as spam. Remove them immediately—not because they're valuable subscribers (they're not), but because every complaint damages your reputation.

Register for ISP feedback loops (Gmail, Microsoft, Yahoo) to receive complaint notifications. Process them automatically and instantly.

Legal Compliance

CAN-SPAM (US): Accurate headers, physical address in every email, working unsubscribe, honor unsubscribes within 10 days.

GDPR (EU): Explicit consent before sending, right to access and delete data, lawful basis for processing.

CASL (Canada): Express or implied consent, identification information, unsubscribe mechanism.

Unsubscribes should be one-click, no login required, processed within 1-2 business days. No "Are you sure?" guilt trips. Respect global unsubscribes across all your lists.

When Things Go Wrong

Sudden deliverability drop:

Check authentication first—review DMARC reports for failures. Then check blacklists. Then look at recent changes: new content, volume spikes, list additions. Often the cause is obvious once you look.

Provider-specific filtering (Gmail sends to spam, others deliver fine):

Use that provider's reputation tools. Check authentication specifically for that provider. Analyze engagement from their users—low engagement at one provider suggests your content isn't resonating with that audience.

High bounce rates:

Usually means list quality problems. Implement double opt-in. Clean aggressively. If you're mailing infrequently, addresses go stale—people abandon email accounts, companies change domains. Regular list hygiene prevents this.

Advanced: Dedicated IPs and Subdomains

Dedicated IPs make sense when you're sending >100K emails/month and want full control over your reputation. The tradeoff: you're solely responsible for that IP's reputation. No hiding behind a shared sender's good behavior.

Subdomain separation isolates reputation by email type:

  • alerts.example.com for transactional
  • newsletter.example.com for marketing
  • mail.example.com for corporate

If your marketing emails damage reputation, your transactional emails still get through.

The Core Truth

Email deliverability is reputation management. Every email you send is being watched. Every open, click, complaint, and bounce adjusts your score.

The technical requirements—authentication, infrastructure, rate limiting—are table stakes. They get you in the door. What keeps you in the inbox is sending emails people actually want to receive.

Build a clean list of people who opted in. Send them relevant content at reasonable frequency. Make unsubscribing easy. Process complaints instantly.

Do this consistently, and the inbox is yours.

Frequently Asked Questions About Email Deliverability

Was this page helpful?

😔
🤨
😃