The Complete Email Deliverability Guide: From Basic to Advanced

Jeff Hopp · · Updated

You can craft the perfect subject line, write compelling copy, and build a gorgeous template — but none of it matters if your email never reaches the inbox.

With over 300 billion emails sent daily and roughly 20% never reaching their intended inbox, deliverability isn’t just a technical detail. It’s the foundation your entire email marketing strategy sits on.

This guide walks through everything from authentication basics to advanced monitoring strategies, so you can stop guessing and start landing in inboxes consistently.

Email deliverability journey — from send through ISP authentication checks, reputation scoring, to inbox, spam, or bounce decision

What Tools Do You Need for Email Deliverability?

Before diving into configuration, get these tools bookmarked. You’ll use them throughout this guide and for ongoing monitoring.

EasyDMARC

Your go-to for DMARC monitoring and reporting. The free tier covers most small businesses.

  • EasyDMARC — DMARC record generator, monitoring dashboard, and aggregate report analysis
  • Great for visualizing who’s sending email on your behalf

MX Toolbox

The Swiss Army knife of email diagnostics.

  • MX Toolbox — DNS lookups, blacklist checks, SMTP diagnostics
  • Use their SuperTool for quick health checks on any domain

Google Postmaster Tools

If any of your recipients use Gmail (and they do), this is essential.

  • Google Postmaster Tools — domain reputation, spam rate, authentication results
  • Free, and gives you data you literally can’t get anywhere else

Mail-Tester

Quick sanity check before any campaign goes out.

  • Mail-Tester — send a test email, get a score out of 10
  • Checks SPF, DKIM, content quality, and blacklist status in one shot

How Do Email Authentication Protocols Work?

Email authentication tells receiving servers that your emails are legitimate. Without it, you’re basically showing up to a party without an invitation — you might get in, but you probably won’t.

SPF (Sender Policy Framework)

SPF tells the world which servers are allowed to send email on behalf of your domain. It’s a DNS TXT record that lists authorized IP addresses and services.

How it works: When a server receives an email from your domain, it checks your SPF record to verify the sending server is authorized.

Example SPF record:

v=spf1 include:_spf.google.com include:sendgrid.net ~all

Breaking that down:

  • v=spf1 — version identifier (always this)
  • include:_spf.google.com — authorizes Google Workspace to send for you
  • include:sendgrid.net — authorizes SendGrid to send for you
  • ~all — soft fail for unauthorized senders (recommended starting point)

Important limitations:

  • You can only have one SPF record per domain. Multiple records will cause failures.
  • SPF has a 10 DNS lookup limit. Each include counts as a lookup, and nested includes count too.
  • If you’re using multiple email services, you may need to flatten your SPF record.

DKIM (DomainKeys Identified Mail)

DKIM adds a cryptographic signature to your outgoing emails. The receiving server can verify that signature against a public key in your DNS, confirming the email wasn’t tampered with in transit.

How it works: Your email server signs each outgoing message with a private key. The corresponding public key lives in your DNS as a TXT record.

Example DKIM DNS record:

selector._domainkey.yourdomain.com  TXT  v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEB...

Key points:

  • The selector is provided by your email service (e.g., google, s1, k1)
  • The p= value is your public key — your email provider generates this
  • Each sending service needs its own DKIM selector

DMARC (Domain-based Message Authentication, Reporting & Conformance)

DMARC ties SPF and DKIM together and tells receiving servers what to do when authentication fails. It also gives you reporting on who’s sending email as your domain.

Start with monitoring mode:

v=DMARC1; p=none; rua=mailto:dmarc@yourdomain.com; pct=100
  • p=none — don’t take action on failures, just report (start here)
  • rua=mailto:... — where to send aggregate reports
  • pct=100 — apply the policy to 100% of messages

Progress to enforcement over time:

# After 2-4 weeks of clean reports:
v=DMARC1; p=quarantine; rua=mailto:dmarc@yourdomain.com; pct=100

# After another 2-4 weeks with no issues:
v=DMARC1; p=reject; rua=mailto:dmarc@yourdomain.com; pct=100

The progression matters. Going straight to p=reject without monitoring first is how you accidentally block your own legitimate email.

Platform-Specific Setup

GoDaddy DNS

  1. Log in to your GoDaddy account and navigate to My Products > DNS
  2. For SPF: Add a TXT record with @ as the host and your SPF string as the value
  3. For DKIM: Add a TXT record with selector._domainkey as the host (replace selector with your provider’s value)
  4. For DMARC: Add a TXT record with _dmarc as the host
  5. TTL: Start with 600 seconds during setup, increase to 3600 once verified

Microsoft 365

Microsoft 365 handles DKIM through the admin center:

  1. Go to Admin Center > Settings > Domains
  2. Select your domain and click DNS Records
  3. Microsoft provides two CNAME records for DKIM — add both to your DNS
  4. Back in the admin center, enable DKIM signing for your domain
  5. SPF for Microsoft 365: include:spf.protection.outlook.com

Google Workspace

  1. Admin Console > Apps > Google Workspace > Gmail > Authenticate Email
  2. Click Generate New Record — Google gives you the DKIM TXT record
  3. Add it to your DNS, then click Start Authentication in the admin console
  4. SPF for Google Workspace: include:_spf.google.com
  5. Allow 24-48 hours for DNS propagation before testing

What Are the Best Practices for Landing in the Inbox?

List Hygiene

Your list is a living thing. Treat it that way.

  • Remove hard bounces immediately. No second chances. A hard bounce means the address doesn’t exist.
  • Suppress soft bounces after 3-5 attempts. The mailbox might be full or temporarily unavailable, but persistent soft bounces become a problem.
  • Run re-engagement campaigns for subscribers who haven’t opened or clicked in 90 days. If they still don’t engage, remove them.
  • Never purchase email lists. Ever. The short-term gain isn’t worth the long-term damage to your sender reputation.
  • Use confirmed opt-in (double opt-in) for new subscribers. It adds friction, but the list quality improvement is worth it.

Content Optimization

  • Write subject lines that accurately reflect the email content. Clickbait hurts your reputation.
  • Maintain a healthy text-to-image ratio. All-image emails are a spam signal.
  • Avoid spam trigger words in subject lines — “FREE!!!”, “Act Now”, “Limited Time” used excessively
  • Include a plain-text version of every HTML email
  • Keep your HTML clean. Broken tags and inline styles copied from Word are red flags.

Sending Practices

  • Warm up new domains and IPs gradually. Start with your most engaged subscribers, send small volumes, and increase over 2-4 weeks.
  • Send consistently. Erratic volume is suspicious. If you normally send 5,000 emails per week, don’t suddenly send 50,000.
  • Respect time zones. Sending at 3 AM local time isn’t just rude — it increases the chance of being marked as spam.
  • Honor unsubscribes immediately. Not “within 10 business days.” Immediately.
  • Include a visible, easy-to-find unsubscribe link. Making it hard to unsubscribe means people hit the spam button instead, which is far worse for you.

Monitoring and Maintenance Schedule

Daily (5 minutes)

  • Check bounce rates on any campaigns sent in the last 24 hours
  • Review spam complaint rates in Google Postmaster Tools
  • Glance at delivery rates — any sudden drops need immediate attention

Weekly (15 minutes)

  • Review DMARC aggregate reports for unauthorized senders
  • Check blacklist status via MX Toolbox
  • Review engagement metrics (opens, clicks, unsubscribes) for trends
  • Process any new hard bounces or spam complaints

Monthly (30 minutes)

  • Run a full Mail-Tester check on a test email
  • Audit your subscriber list — remove disengaged contacts
  • Review sending volume trends
  • Check that all DNS records (SPF, DKIM, DMARC) are still correctly configured
  • Review Google Postmaster Tools domain reputation trend

How Do You Troubleshoot Deliverability Issues?

Emails Going to Spam

Check first:

  1. Run Mail-Tester — it will flag the most common issues
  2. Verify SPF, DKIM, and DMARC are all passing (use MX Toolbox)
  3. Check Google Postmaster Tools for reputation issues

Common causes:

  • Missing or misconfigured authentication records
  • High spam complaint rate (above 0.1% is a problem)
  • Sending to old, unengaged lists
  • Content that triggers spam filters
  • Shared IP address with a bad reputation (common on budget email platforms)

Sudden Drop in Delivery Rates

  1. Check if you’ve been added to a blacklist (MX Toolbox blacklist check)
  2. Review recent changes to DNS records — did someone accidentally modify your SPF?
  3. Look for a spike in bounce rates or spam complaints
  4. Check if your email service provider made infrastructure changes

Authentication Failures

  • SPF failing: Verify you haven’t exceeded the 10 DNS lookup limit. Check that all sending services are included.
  • DKIM failing: Confirm the selector matches what your email service expects. Check for DNS propagation delays.
  • DMARC failing: If SPF and DKIM both pass but DMARC fails, you likely have an alignment issue — the “From” domain must match the SPF/DKIM domain.

Advanced Strategies

BIMI (Brand Indicators for Message Identification)

BIMI lets you display your brand logo next to your emails in supporting inboxes (Gmail, Apple Mail, Yahoo). It requires a DMARC policy of quarantine or reject, plus a Verified Mark Certificate (VMC) from a certificate authority.

Setup steps:

  1. Achieve DMARC enforcement (p=quarantine or p=reject)
  2. Create an SVG version of your logo that meets BIMI specifications
  3. Obtain a VMC from DigiCert or Entrust
  4. Add a BIMI DNS record: default._bimi.yourdomain.com

BIMI is a longer-term play, but it significantly increases brand recognition and trust in the inbox.

AI-Powered Optimization

Modern email platforms are incorporating AI for:

  • Send time optimization — analyzing individual recipient behavior to send at the moment they’re most likely to engage
  • Subject line testing — generating and testing variations at scale, beyond what manual A/B testing can cover
  • Content personalization — dynamically adjusting email content based on recipient behavior and preferences
  • Predictive list management — identifying subscribers likely to disengage before they do, so you can re-engage proactively

Resources

Success Metrics: What Good Looks Like

Track these KPIs to know your deliverability program is working:

MetricTargetWarning Threshold
Delivery Rate> 95%< 90%
Bounce Rate< 2%> 5%
Spam Complaint Rate< 0.1%> 0.3%
Open Rate20-30% (varies by industry)< 15%
Unsubscribe Rate< 0.5%> 1%
DMARC Pass Rate> 98%< 95%

These are industry benchmarks — your specific numbers will vary by audience and sector. The important thing is trending in the right direction.

Implementation Checklist

Use this to track your progress:

  • Audit current DNS records (SPF, DKIM, DMARC)
  • Set up Google Postmaster Tools
  • Run initial Mail-Tester check (baseline score)
  • Configure or fix SPF record
  • Set up DKIM for all sending services
  • Deploy DMARC in monitoring mode (p=none)
  • Set up EasyDMARC for report monitoring
  • Review and clean subscriber list
  • Implement double opt-in for new subscribers
  • Set up weekly MX Toolbox blacklist monitoring
  • Establish monitoring schedule (daily/weekly/monthly)
  • After 2-4 weeks: move DMARC to p=quarantine
  • After 2-4 more weeks: move DMARC to p=reject
  • Evaluate BIMI readiness

Email deliverability isn’t a set-it-and-forget-it situation. It’s an ongoing practice. But with the right foundation and a consistent monitoring routine, you can keep your emails landing where they belong — in the inbox. Deliverability is the foundation of any effective email marketing strategy — and it connects directly to your broader AI-powered marketing system when every touchpoint is tracked. Your analytics and reporting should include deliverability metrics alongside campaign performance so you can spot problems before they cost you revenue.

Want to see how your digital presence performs overall? Run a free AI Visibility scan — 22 checks, 5 pillars, results in 30 seconds.

Related Services
Email Marketing AI-Powered Marketing
Tags
email deliverabilitySPFDKIMDMARCemail authenticationinbox placement

Want to see where you stand?

Run a free AI Visibility scan and get actionable insights in 30 seconds.

Scan Your Site Free →