Email Deliverability Checklist: Fix What’s Killing Your Inbox Rate
Email deliverability is the sum of technical authentication, list hygiene, sending behaviour, and content practices that determine whether your emails land in the inbox or disappear into spam. Get any one of these wrong and your campaign metrics become fiction, because you’re measuring opens and clicks on emails most of your list never saw.
This checklist covers every layer: DNS records, sender reputation, list management, content signals, and ongoing monitoring. Work through it in order and you’ll have a clear picture of where your deliverability is leaking, and what to fix first.
Key Takeaways
- SPF, DKIM, and DMARC authentication are non-negotiable foundations. Without all three correctly configured, major inbox providers will route your emails to spam or reject them outright.
- Sender reputation is built slowly and destroyed quickly. A single large send to a cold or unclean list can damage a domain that took months to warm up.
- List hygiene is not a one-time task. Suppressing hard bounces, inactive subscribers, and spam trap addresses needs to happen on a rolling basis, not just before a big campaign.
- Content signals still matter. Spam filters assess subject lines, link density, image-to-text ratio, and sending patterns alongside technical authentication.
- Monitoring your sender reputation proactively, rather than waiting for deliverability to drop, is the difference between catching a problem early and explaining to a client why open rates have halved.
In This Article
- Authentication: The Foundation You Cannot Skip
- Sender Reputation: How Inbox Providers Score You
- List Hygiene: The Work Most Teams Avoid
- Content and Sending Behaviour: What Filters Actually Look At
- Infrastructure and Technical Setup
- Monitoring and Ongoing Maintenance
- The Deliverability Checklist: Summarised
I’ve seen deliverability problems surface in ways that take weeks to diagnose because the symptoms look like a content problem or a creative problem when the root cause is technical. Early in my agency career, I was taught to code my way around problems rather than wait for someone else to solve them. That instinct has served me well in email, where the gap between what marketers think is happening and what inbox providers are actually doing is often wider than anyone wants to admit. If you want a broader grounding in email strategy before working through the technical side, the Email & Lifecycle Marketing hub covers the full picture.
Authentication: The Foundation You Cannot Skip
Authentication tells inbox providers that you are who you say you are. Without it, your emails look like forgeries, and inbox providers treat them accordingly. There are three records every sending domain needs.
SPF (Sender Policy Framework): A DNS TXT record that lists the IP addresses authorised to send email on behalf of your domain. Check yours with any SPF lookup tool. Common failure points include multiple conflicting SPF records (you can only have one), missing sending services (your ESP, CRM, and transactional email provider all need to be included), and records that exceed the DNS lookup limit of ten mechanisms.
DKIM (DomainKeys Identified Mail): A cryptographic signature attached to every email that allows the receiving server to verify the message hasn’t been tampered with in transit. Your ESP will generate the DKIM keys. You publish the public key as a DNS TXT record and keep the private key with your ESP. The most common failure here is forgetting to publish the record, or publishing it incorrectly. Use a DKIM checker to confirm the record resolves and the signature validates.
DMARC (Domain-based Message Authentication, Reporting & Conformance): DMARC builds on SPF and DKIM by telling inbox providers what to do when authentication fails: nothing (p=none), quarantine to spam (p=quarantine), or reject outright (p=reject). Start at p=none with reporting enabled so you can see what’s failing before you enforce a stricter policy. Google and Yahoo’s 2024 sender requirements made DMARC mandatory for bulk senders, so if you haven’t set this up, you’re already behind. Mailchimp’s deliverability documentation covers the setup process clearly if you need a reference.
BIMI (Brand Indicators for Message Identification): Not strictly required, but worth noting. BIMI allows your brand logo to appear next to emails in supported inbox providers. It requires a valid DMARC policy at enforcement level (quarantine or reject) and a verified mark certificate. It’s a trust signal, not a technical necessity, but it does have a measurable effect on open rates in supported clients.
Custom sending domain: If you’re sending from your ESP’s shared domain rather than your own, fix this first. Shared domains carry shared reputation. One bad actor on that domain can affect your deliverability. Set up a custom sending domain, warm it up properly, and own your reputation.
Sender Reputation: How Inbox Providers Score You
Authentication proves identity. Reputation determines trust. Inbox providers maintain scores for sending domains and IP addresses based on engagement patterns, complaint rates, bounce rates, and sending volume consistency. You don’t see these scores directly, but you can infer them from deliverability data and monitor them through tools like Google Postmaster Tools and Microsoft SNDS.
Domain age and warm-up: New sending domains have no reputation history. Sending large volumes immediately from a new domain is one of the fastest ways to trigger spam filters. Warm up new domains gradually: start with small volumes to your most engaged subscribers, increase volume over four to six weeks, and monitor bounce and complaint rates throughout. The same logic applies when you move to a new ESP or new IP.
Complaint rate: When a recipient marks your email as spam, that’s a complaint. Gmail’s threshold for acceptable complaint rates is 0.1%, with a hard limit at 0.3%. Above 0.3% and Gmail will start blocking your emails. Monitor your complaint rate through Google Postmaster Tools. If it’s climbing, the cause is almost always list quality or sending to people who didn’t explicitly opt in.
Bounce rate: Hard bounces (invalid addresses) should be suppressed immediately and permanently. Soft bounces (temporary failures) need monitoring. A high hard bounce rate signals poor list quality to inbox providers and will damage your sender score. Most ESPs handle suppression automatically, but check your settings to confirm.
Engagement signals: Opens, clicks, replies, and forwards are positive signals. Deletions without opening and spam reports are negative ones. Inbox providers use engagement data to determine where future emails from your domain should land. This is why sending to a large unengaged list is actively counterproductive. You’re not just wasting budget, you’re degrading your reputation for every future send.
When I was managing performance marketing at scale across multiple sectors, the teams that maintained strong email deliverability were the ones treating reputation as an asset to be managed, not a background condition. The ones who treated it as background noise were the ones calling me to explain why their Q4 campaign had collapsed.
List Hygiene: The Work Most Teams Avoid
List hygiene is unglamorous and it doesn’t show up in campaign reports in a way that makes anyone look good. But it’s the single most controllable lever on deliverability, and neglecting it compounds over time.
Remove hard bounces immediately: Every ESP should be doing this automatically, but verify it’s configured correctly. A hard bounce means the address doesn’t exist. Continuing to send to it signals to inbox providers that your list is unclean.
Suppress unengaged subscribers: Define engagement clearly. Someone who hasn’t opened or clicked in twelve months is not a subscriber, they’re a liability. Before suppressing them, run a re-engagement campaign with a clear subject line and a single call to action. If they don’t engage, remove them. This is uncomfortable when you’re looking at a list that shrinks from 50,000 to 35,000, but the 35,000 will perform better than the 50,000 in every metric that matters.
Use double opt-in for new subscribers: Single opt-in is faster to grow but produces lower-quality lists with more typos, fake addresses, and low-intent subscribers. Double opt-in confirms the address is real and that the person who entered it actually wants your emails. For sectors where compliance and trust are central, such as credit union email marketing, double opt-in isn’t just good practice, it’s aligned with the expectations of the audience.
Validate email addresses at point of capture: Use real-time email validation on your signup forms to catch obvious errors (missing @ symbol, invalid domain) before they enter your list. Tools like NeverBounce or ZeroBounce can also run bulk validation on existing lists.
Check for spam traps: Spam traps are addresses used by inbox providers and anti-spam organisations to identify senders with poor list hygiene. They come in two types: pristine traps (addresses that have never opted in anywhere) and recycled traps (old valid addresses that have been deactivated and repurposed). If you’re hitting spam traps, it usually means you’re sending to purchased lists, scraping addresses, or failing to suppress long-term inactives. There’s no reliable way to identify spam traps yourself, but list validation services can flag addresses associated with known trap networks.
The same discipline applies across verticals. Whether you’re running dispensary email marketing where regulatory constraints already limit your channels, or managing a property database for real estate lead nurturing, a clean list is the foundation everything else is built on.
Content and Sending Behaviour: What Filters Actually Look At
Spam filters have become significantly more sophisticated. They’re not just looking for trigger words. They’re assessing the full context of your email: structure, link behaviour, sending patterns, and the relationship between your domain and the recipient’s inbox history.
Subject lines: Excessive capitalisation, multiple exclamation marks, and certain phrase patterns still flag filters. But the bigger issue is relevance. A subject line that generates a 40% open rate on an unengaged list is doing you more harm than good if those opens are followed by immediate deletions. Write subject lines for the right audience, not for the highest possible open rate. Moz’s newsletter guidance covers the relationship between subject line quality and long-term list health.
Image-to-text ratio: Emails that are predominantly images with minimal text are a common spam trigger. Filters can’t read images, so an email that’s 90% image looks like an attempt to hide content from scanning. Aim for a balance that works visually while keeping enough readable text for filters to assess. This is particularly relevant for visually driven sectors. If you’re working through email marketing strategies for wall art businesses, where the product is inherently visual, the discipline of maintaining that text balance is worth the extra effort in template design.
Link quality: Too many links in a single email is a negative signal. Links to domains with poor reputation can contaminate your own. Check that every URL in your email resolves correctly, that redirect chains are short, and that you’re not linking to any domains flagged by spam databases. Use your own tracking domain rather than a shared ESP tracking domain where possible.
Sending consistency: Inbox providers notice irregular sending patterns. A domain that sends 500 emails a week for three months and then suddenly sends 50,000 in a single day will trigger scrutiny. Keep your sending volume relatively consistent and increase it gradually. If you need to send a large one-off campaign, consider warming up the volume over several days rather than hitting it all at once.
Unsubscribe handling: Make it easy to unsubscribe. This sounds counterintuitive, but a visible unsubscribe link reduces spam complaints because people who want out will use it rather than hitting the spam button. List-unsubscribe headers (the one-click unsubscribe option in Gmail and Apple Mail) are now required for bulk senders under Google and Yahoo’s 2024 guidelines. Make sure your ESP is adding these headers correctly. Buffer’s email personalisation research is a useful read alongside this, because personalisation and easy unsubscribes work together: relevant emails get fewer unsubscribes, and fewer unsubscribes protect your reputation.
Plain text version: Always include a plain text version of your email alongside the HTML version. Emails sent as HTML-only look suspicious to filters. Most ESPs generate plain text automatically, but check that it’s actually readable and not just a wall of HTML stripped of formatting.
Infrastructure and Technical Setup
Beyond authentication records, there are infrastructure decisions that affect deliverability at scale.
Dedicated vs shared IP: Shared IP addresses pool reputation across all senders using that IP. For low-volume senders (under 100,000 emails per month), a reputable shared IP from a major ESP is usually fine. For higher volumes, a dedicated IP gives you full control over your reputation, but you need to warm it up properly and maintain consistent sending volume. A dedicated IP that goes cold because you only send quarterly can actually hurt deliverability.
Reverse DNS (rDNS): The PTR record for your sending IP should resolve to a hostname that matches your sending domain. Mismatched or missing rDNS is a common flag for spam filters. If you’re on a dedicated IP, check with your ESP that rDNS is configured correctly.
Feedback loops: Major inbox providers offer feedback loop programmes that send you complaint data when recipients mark your emails as spam. Register for these through your ESP or directly with providers like Microsoft (SNDS/JMRP). This data is essential for identifying list segments with high complaint rates before they damage your overall reputation.
Blacklist monitoring: Check your sending domain and IP against major blacklists (Spamhaus, Barracuda, Sorbs) regularly. A blacklist listing doesn’t always cause immediate, visible deliverability problems, but it can affect specific inbox providers and is a signal that something in your sending practice needs attention. Most blacklists have a delisting process once the underlying issue is resolved.
For sectors where email is a primary acquisition and retention channel, the infrastructure investment is worth it. Architecture firm email marketing is a good example: long sales cycles, high-value relationships, and a small but precise audience where one deliverability failure on a key send can cost a significant opportunity. The same logic applies to any sector where the list is small and the stakes per contact are high.
Monitoring and Ongoing Maintenance
Deliverability isn’t a one-time fix. It degrades without maintenance, and problems compound if you’re not watching the right signals.
Google Postmaster Tools: Free, essential, and underused. It shows your domain reputation, IP reputation, spam rate, and authentication pass rates for emails delivered to Gmail. If you’re not checking this monthly, you’re flying blind on your largest inbox provider.
Microsoft SNDS: The equivalent for Outlook and Hotmail. Shows complaint rates and sending reputation for your IP addresses. Less granular than Postmaster Tools but worth monitoring.
Inbox placement testing: Tools like GlockApps, Mail-Tester, or Litmus allow you to send a test email and see where it lands across major inbox providers: primary inbox, promotions tab, spam, or not delivered. Run these tests before major campaigns and whenever you’re making changes to your templates or sending infrastructure.
Engagement monitoring by segment: Track open rates, click rates, and unsubscribe rates by list segment, not just overall. A declining open rate in one segment might indicate a deliverability problem specific to that audience or acquisition source. Catching it at the segment level is faster than waiting for overall metrics to move. If you want to understand how your performance compares to competitors’ email programmes, competitive email marketing analysis is a useful framework for benchmarking beyond your own data.
Regular authentication audits: DNS records can break when domains are migrated, ESPs are changed, or IT teams make changes without telling the marketing team. I’ve seen this more times than I can count. Set a calendar reminder to check SPF, DKIM, and DMARC records every quarter. It takes ten minutes and it’s caught problems that would have been invisible until a major send failed.
At iProspect, when we were growing the team and managing significant volumes of client campaigns across multiple channels, the discipline of building monitoring into the workflow rather than treating it as reactive troubleshooting was one of the things that separated the teams that scaled well from the ones that were constantly firefighting. Email deliverability is no different. The case for email as a durable channel is strong precisely because it’s direct and owned, but that ownership comes with maintenance responsibilities that paid social doesn’t require.
The relationship between email list quality and broader digital marketing performance is also worth understanding. A healthy, engaged email list has compounding value across channels, not just in email metrics.
The Deliverability Checklist: Summarised
Work through these in order. The authentication layer first, then reputation, then list hygiene, then content and sending behaviour, then infrastructure, then monitoring.
Authentication: SPF record published and valid. DKIM configured and publishing correctly. DMARC record in place with reporting enabled. Custom sending domain set up. BIMI configured if DMARC is at enforcement level.
Sender reputation: New domains and IPs warmed up gradually. Complaint rate below 0.1% (monitored via Google Postmaster Tools). Hard bounces suppressed immediately. Engagement rates monitored by segment.
List hygiene: Hard bounces suppressed automatically. Unengaged subscribers identified and either re-engaged or removed. Double opt-in enabled for new subscribers. Real-time email validation on signup forms. Bulk list validation run on existing database.
Content and sending: Subject lines written for relevance, not filter-gaming. Image-to-text ratio balanced. All links checked and resolving. Sending volume consistent. One-click unsubscribe headers enabled. Plain text version included.
Infrastructure: Dedicated vs shared IP decision made deliberately. Reverse DNS configured correctly. Feedback loops registered. Blacklist monitoring in place.
Monitoring: Google Postmaster Tools checked monthly. Microsoft SNDS checked monthly. Inbox placement tests run before major campaigns. Authentication records audited quarterly. Engagement monitored by segment.
If you’re building or rebuilding an email programme and want to think through the strategic layer alongside the technical one, the Email & Lifecycle Marketing hub covers segmentation, sequencing, content strategy, and channel integration in depth.
About the Author
Keith Lacy is a marketing strategist and former agency CEO with 20+ years of experience across agency leadership, performance marketing, and commercial strategy. He writes The Marketing Juice to cut through the noise and share what works.
