How to improve email deliverability

You can write the perfect email. Subject line, copy, CTA, all dialed in. None of it matters if the message lands in spam or gets rejected before the recipient ever sees it.

Deliverability is the boring part of email that determines whether the interesting parts work. It is a mix of DNS records, sending habits, list quality, and reputation management. Mess it up and your open rates crater. Nail it and you mostly forget it exists.

This guide covers what actually matters, based on what we see across thousands of sending domains on Sendkit.

Authentication: SPF, DKIM, and DMARC

If you take away one thing from this article, make it this. Email authentication is no longer optional. Google and Yahoo made it mandatory for bulk senders in February 2024. Microsoft followed in 2025 with enforcement across Outlook.com and Hotmail. Domains that skip authentication get their mail rejected, not just filtered to spam.

We have a full setup guide for DMARC, DKIM, and SPF if you need the step-by-step. Here is the short version of what each does and why it matters.

SPF is a DNS record that lists which servers can send email for your domain. When a receiving server gets a message from you, it checks your SPF record. If the sending IP is not on the list, the message fails authentication.

DKIM attaches a cryptographic signature to every outgoing message. The receiving server looks up your public key in DNS and verifies the signature. If it passes, the server knows the email was not tampered with after it left your infrastructure.

DMARC ties SPF and DKIM together. It tells receivers what to do when authentication fails (quarantine, reject, or nothing) and where to send failure reports. You need DMARC set to at least p=quarantine for Google and Yahoo compliance. Microsoft now requires it too.

A common mistake: setting up SPF and DKIM but leaving DMARC at p=none forever. That tells receivers you do not actually care about enforcement, and they treat your policy accordingly. Move to p=quarantine after you have confirmed your legitimate mail is passing, then to p=reject once you are confident.

If you are using Sendkit, authentication records are generated automatically when you add a domain. You verify them by adding the DNS records to your provider and we handle the rest. Details are in the docs.

List hygiene

Sending to bad addresses is the fastest way to wreck your reputation. Every hard bounce tells mailbox providers you are not maintaining your list. Every spam trap hit tells them you are scraping addresses or buying lists. And inactive subscribers who never open your email drag your engagement metrics down, which providers like Gmail weigh heavily in their filtering decisions.

Here is what good list hygiene looks like in practice.

Validate addresses before they enter your list. Catch typos, disposable domains, and non-existent mailboxes at the point of collection. Syntax checks alone are not enough. You need MX record verification, disposable email detection, and ideally SMTP-level mailbox verification. We cover all the layers in our guide on validating email addresses before sending.

Sendkit's email validation does this in milliseconds. It checks syntax, MX records, disposable providers, role-based addresses (info@, support@), and verifies the mailbox exists. You can run it via API at signup or in bulk against your existing list.

Remove hard bounces immediately. Any address that returns a permanent failure (5xx SMTP code) should be suppressed and never sent to again. Sendkit handles this automatically with dynamic suppression lists, but if you manage your own, do not skip this.

Prune inactive subscribers. If someone has not opened or clicked in 90 days, they are either not interested or the address is abandoned. Abandoned addresses sometimes get recycled as spam traps. Send a re-engagement campaign first, then remove anyone who does not respond.

Never buy email lists. I shouldn't need to say this in 2026, but people still do it. Purchased lists are full of spam traps, dead addresses, and people who never asked to hear from you. One import of a bad list can tank a domain reputation you spent months building.

Bounce handling

Bounces fall into two categories, and you need to handle them differently.

Hard bounces are permanent. The address does not exist, the domain is invalid, or the server has explicitly rejected your mail. These addresses should go straight to your suppression list. There is no reason to retry them.

Soft bounces are temporary. The recipient's mailbox is full, the server is down, or there is a transient error. Retry soft bounces a few times over 24-72 hours. If the address keeps soft-bouncing across multiple campaigns, treat it as a hard bounce and suppress it.

The 2024 Google/Yahoo requirements include a hard bounce rate threshold. If your bounce rate exceeds 2%, you are going to have problems. Microsoft's 2025 enforcement has similar limits. Monitor your bounce rate after every send.

If you are sending through Sendkit's email API or SMTP relay, bounce processing is automatic. Hard bounces are suppressed. Soft bounces are retried with exponential backoff. You get webhook notifications for both, and you can see everything in your dashboard.

If you run your own SMTP infrastructure, you need to parse bounce notifications (DSN messages), categorize them, and maintain your own suppression list. Most teams underestimate how much engineering time this takes. It is one of the reasons managed email platforms exist.

IP warming

If you are sending from a new IP address or a new domain, mailbox providers have no history to judge you on. Their default assumption is that you are a spammer until proven otherwise.

IP warming is the process of gradually increasing your sending volume so providers can build a reputation profile for your IP. Skip this step and your first large send will get throttled or rejected.

A reasonable warming schedule for a new dedicated IP:

• Day 1-3: 200-500 emails per day
• Day 4-7: 1,000-2,000 per day
• Week 2: 5,000-10,000 per day
• Week 3: 20,000-50,000 per day
• Week 4+: Full volume

The exact numbers depend on your target volume and the providers you are sending to. Gmail is typically the strictest during warming. Yahoo and Microsoft are somewhat more lenient but still throttle new senders.

During warming, send to your most engaged recipients first. People who regularly open and click. High engagement during the warming window tells providers your mail is wanted, which speeds up the whole process.

On Sendkit's shared IP pool, warming is handled for you. The shared pool already has established reputation across major providers. If you need a dedicated IP (available at 100K+ monthly volume), we walk you through a warming plan specific to your sending patterns.

Content and sending practices

Authentication and list hygiene handle most deliverability problems. But your content and sending behavior still matter, especially with Gmail's machine learning filters that look at engagement patterns.

Send from a consistent domain and address. Switching your From address frequently looks suspicious. Pick a sending address and stick with it. Use your brand domain, not a free email provider.

Include a plain-text version. HTML-only emails are a mild spam signal. Most email frameworks generate a plain-text version automatically, but verify yours does. If you are using Sendkit's template engine, plain-text versions are generated from your HTML automatically.

Watch your text-to-image ratio. An email that is one giant image with no text is a classic spam pattern. Make sure your emails have real text content, not just images with alt tags.

Make unsubscribing easy and instant. Google and Yahoo require one-click unsubscribe via the List-Unsubscribe header. If your unsubscribe process requires a login or multiple clicks, you are not compliant. Making it hard to unsubscribe does not retain subscribers. It makes them hit the spam button instead, which is far worse for your reputation.

Be consistent with volume. Going from 1,000 emails a week to 50,000 in one send is a red flag. If you need to increase volume, ramp up gradually, similar to IP warming.

Respect engagement signals. If a segment of your list stops engaging, stop sending to them. ISPs notice when you keep sending to people who never open. That pattern drags down your domain reputation and affects deliverability to the people who do want your email.

Monitor everything

You need numbers to know if things are working. Track these after every send:

Bounce rate. Stay under 2%. If you are above that, you have a list quality problem. Review your validation process and suppress bad addresses.

Spam complaint rate. Google wants this under 0.1%. Going above 0.3% will cause real problems. If complaints spike after a campaign, look at who you sent to and what you sent. The usual culprits: sending to people who did not opt in, or sending too frequently.

Inbox placement rate. This is harder to measure than bounces and complaints. Tools like Google Postmaster Tools give you domain-level reputation data for Gmail. Microsoft SNDS does the same for Outlook. Use both.

Authentication pass rate. Check DMARC reports to see what percentage of your email passes SPF and DKIM. Anything under 95% means something is misconfigured or an unauthorized sender is using your domain.

If terms like SPF, DKIM, hard bounce, or suppression list are unfamiliar, check our email glossary for plain-language definitions.

Putting it together

Deliverability is not one thing you fix. It is a system you maintain. Authentication gets you in the door. List hygiene keeps you from sending to people who are not there. Bounce handling stops you from knocking on doors that are permanently closed. Warming and consistent sending behavior build trust over time. Monitoring catches problems before they snowball.

When your open rates drop or your bounce rate spikes, work through the sections above. In our experience, the cause is almost always in one of them.

Sendkit handles the mechanical side of this: authentication setup, bounce processing, suppression lists, warm IP pools. The SMTP relay is a drop-in replacement for whatever you are using now, and the API works with every major language. Full details in the docs.