[deliver]
Deliver article · 2026-07-16 · Charlotte Rodrigues

Email Deliverability: A Practical Guide to Reaching the Inbox

Short answer. Email deliverability is your ability to reach the inboxes of people who asked to hear from you. Start with SPF, DKIM, DMARC, valid DNS, TLS, and one-click unsubscribe. Then control who receives mail, how quickly volume changes, and how often recipients complain. Diagnose deliverability with mailbox-provider data and SMTP errors, not open rate alone.

A campaign can show as delivered in your email platform and still land in spam. That is not a contradiction. Delivery only confirms that the receiving server accepted the message. Deliverability describes what happens after acceptance, including whether the message reaches an inbox tab or the spam folder.

There is no single deliverability score and no subject-line trick that repairs a damaged sending program. Inbox providers evaluate authentication, recipient feedback, sending history, infrastructure, message patterns, and other signals together. The practical response is to make each layer observable, then fix the failing layer before changing copy or design.

1. Delivery, deliverability, and inbox placement

These terms answer different questions:

Term Question Typical evidence
Delivery Did the receiving server accept the message? Delivered count, bounce and SMTP response
Deliverability Is the sending program trusted enough to reach recipients reliably? Authentication, complaints, deferrals, reputation signals
Inbox placement Where did an accepted message appear? Inbox or spam testing, mailbox-provider data

Gmail's Promotions tab is part of the inbox. A marketing message appearing there is not a deliverability failure. Treat spam placement, rejections, persistent deferrals, and sharp provider-specific performance changes as stronger diagnostic signals.

Open rate is not a reliable inbox-placement metric. Image blocking can undercount opens, while Apple Mail Privacy Protection can generate machine opens. Use clicks, conversions, complaints, bounces, authentication results, and mailbox-provider reports alongside opens.

2. The current Gmail and Yahoo baseline

Google and Yahoo publish requirements for senders. The exact scope matters.

Google requires every sender to personal Gmail accounts to use SPF or DKIM, valid forward and reverse DNS, TLS, and correctly formatted messages. Senders that send about 5,000 or more messages to personal Gmail accounts in a day must use both SPF and DKIM, publish DMARC, align the visible From domain with SPF or DKIM, and support one-click unsubscribe for marketing and subscribed messages. Google also says to keep user-reported spam below 0.1% and prevent it from reaching 0.3% or higher. Review the live Gmail sender guidelines before changing infrastructure.

Yahoo's sender best practices require bulk senders to use SPF and DKIM, publish a DMARC policy of at least p=none, support easy unsubscribe, maintain forward and reverse DNS, and keep complaints below 0.3%. Yahoo says unsubscribes should be honored within two days.

These thresholds are compliance boundaries, not performance targets. A complaint rate below 0.3% can still be harmful. Keep complaints as low as possible and investigate changes by acquisition source, campaign, and mailbox provider.

3. Build the technical foundation first

Authentication does not guarantee inbox placement, but missing or misaligned authentication can prevent reliable delivery.

SPF

SPF authorizes systems to use a domain in the SMTP envelope. It does not authenticate the visible From address by itself. Maintain one valid SPF record for each sending domain, include every legitimate sender, and stay within SPF's DNS lookup limits.

DKIM

DKIM adds a cryptographic signature to a message. The receiving system retrieves the public key from DNS and verifies that the signed content has not changed. Use the records and selectors generated by each sending provider rather than copying another company's example.

DMARC

DMARC connects SPF and DKIM to the domain recipients see in the From header. A message passes DMARC when an aligned SPF or DKIM identity passes. DMARC also lets a domain owner publish a handling policy and request aggregate reports.

Do not move directly to p=reject before inventorying every legitimate sender. Start by collecting reports, correct authentication and alignment, then increase enforcement in controlled stages. The complete implementation sequence is in our SPF, DKIM, and DMARC setup guide.

DNS, TLS, and message format

Authentication is only part of the baseline. Validate:

The RFC 8058 one-click mechanism uses List-Unsubscribe and List-Unsubscribe-Post headers and requires a valid DKIM signature that covers those headers. A preference-center link in the footer is useful, but it is not a substitute for the required one-click mechanism.

4. Consent and list quality shape reputation

Good infrastructure cannot compensate for sending unwanted email.

Use a clear opt-in that explains what people will receive. Double opt-in can be valuable when address quality, consent evidence, or abuse at signup is a concern, but it is not a universal deliverability requirement. The right enrollment method depends on your market, risk, and legal advice.

Remove or suppress addresses that should not receive marketing:

Do not define engagement with opens alone. Include clicks, purchases, site activity, recent signup, and customer-service context where available. Klaviyo's current list-cleaning guidance combines recent sends with opens, clicks, product views, and orders when identifying profiles that never engaged.

Avoid purchased lists, scraped addresses, and partner data collected without specific permission for your brand. Even a technically valid address can generate complaints when the recipient does not recognize the sender.

5. Sending patterns can trigger delivery problems

Mailbox providers learn from your history. Large, sudden changes create uncertainty.

Control four variables:

  1. Volume. Increase gradually after launching a domain, moving providers, or reactivating a quiet list.
  2. Cadence. A predictable weekly pattern is easier to evaluate than long silence followed by a major blast.
  3. Audience quality. Start changes with recent clickers, purchasers, and subscribers who explicitly asked for the content.
  4. Message stream. Keep promotional, transactional, and support traffic clearly identified. Do not let a marketing incident interrupt critical service mail.

Google explicitly advises senders to increase volume slowly, avoid sudden spikes, and reduce volume when bounces or deferrals rise. There is no universal warm-up schedule. The safe rate depends on prior history, list quality, provider response, and volume.

6. Diagnose the symptom before changing the program

Symptom First checks Likely next action
Hard bounces rise across providers Address source, import, SMTP codes Stop the source and suppress invalid addresses
Gmail deferrals increase Gmail error codes, volume change, authentication Reduce volume and fix the stated requirement
One provider declines while others are stable Provider dashboard, complaints, DNS and errors Isolate that provider and audience cohort
Click rate falls but delivery is stable Offer, audience, rendering, link tracking Treat as content or targeting until evidence says otherwise
Complaints rise after a campaign Acquisition source, frequency, message expectation Stop the affected segment and correct consent or targeting
SPF or DKIM passes but DMARC fails Alignment of Return-Path, DKIM d=, and From domain Correct the aligned identity

Always save the SMTP response and enhanced status code. "Blocked" and "temporarily deferred" require different responses. Repeatedly retrying a failing campaign at full volume can make the incident worse.

7. Monitor data you can act on

For Gmail traffic, Postmaster Tools reports compliance, spam rate, authentication, encryption, and delivery errors when volume is sufficient. Its data is not real time and privacy thresholds can leave gaps on low-volume days.

Build a weekly review by provider:

Metric Why it matters
Accepted, deferred, and rejected mail Separates delivery failure from placement concerns
Hard and soft bounce reasons Reveals address and infrastructure problems
User-reported spam Measures negative recipient feedback
Unsubscribe rate Helps identify expectation or frequency mismatch
Click rate More useful than opens for human engagement
Conversion rate and revenue Connects deliverability work to business outcomes
SPF, DKIM, and DMARC pass rate Confirms authentication in real traffic

Compare the same message type and audience over time. A weekly newsletter, a password reset, and an abandoned-checkout flow should not share one blended benchmark.

8. A recovery plan for a damaged sending program

Recovery speed cannot be guaranteed. It depends on the cause and on how mailbox providers respond to subsequent traffic. Use a controlled plan:

First 24 hours

Next sending cycles

Controlled expansion

Do not try to repair reputation by sending more email to the same unresponsive audience. A smaller, wanted program is a better recovery base than a large list with unclear consent.

9. Email deliverability audit checklist

Authentication and infrastructure

Audience and consent

Operations

10. FAQ

Is the Gmail Promotions tab a deliverability problem?

No. Promotions is an inbox category for commercial mail. Focus on whether wanted mail is accepted, avoids spam, and produces healthy recipient feedback. Trying to disguise a promotion as personal mail is not a durable strategy.

What complaint rate should we target?

As close to zero as practical. Google recommends staying below 0.1% and never reaching 0.3% or higher. Yahoo requires senders to remain below 0.3%. Treat a rising rate as a warning before it reaches either boundary.

Can SPF, DKIM, and DMARC guarantee inbox placement?

No. They authenticate identities and support domain policy. Mailbox providers still evaluate recipient feedback, list quality, sending history, infrastructure, and message patterns.

How long does reputation recovery take?

There is no reliable universal timeline. Recovery depends on the severity and duration of the problem, the provider, subsequent volume, and recipient response. Track deferrals, rejections, complaints, and authentication over multiple sending cycles instead of promising a date.

Should we use a dedicated IP?

Not automatically. A dedicated IP gives you control over IP reputation, but it also requires enough consistent, wanted volume to establish that reputation. Many smaller programs are better served by a well-managed shared pool. Evaluate the decision with your provider using actual volume and cadence.

Does double opt-in always improve deliverability?

It can reduce invalid signups and strengthen evidence of intent, but it is not the only valid enrollment model. Clear disclosure, address validation, source tracking, suppression, and relevant sending remain necessary in either model.

Sources checked on July 16, 2026

Get a deliverability diagnosis

Deliver audits authentication, sending patterns, audience rules, and provider feedback before recommending a fix. Book a lifecycle and deliverability review.

Related guides:

Charlotte Rodrigues, Head of CRM at Deliver.

CR
Charlotte Rodrigues · CRM Lead at Deliver. Questions about this article? charlotte@agence-deliver.com

Want to apply this to your stack?

Spend 30 minutes with Charlotte to review your CRM setup, size the opportunity and leave with a practical action plan.

Book a 30-minute call →