Most email campaigns fail before reaching a single inbox.
Broken technical setup, damaged domain reputation, or lists full of invalid addresses. These problems are fixable — but only if you know what to look for.
This email deliverability checklist covers every factor that determines inbox placement vs. email spam filtering — each section includes specific thresholds and verification methods.
Work through each category, verify each item, fix what’s broken.
TLDR: Quick skim of email deliverability checklist
Email deliverability depends on 94+ factors across seven categories. If you miss one, the campaigns might still work. But if you miss several, and open rates collapse.
The categories mirror how inbox providers evaluate emails:
- Authentication checks first
- Then you go for the sender’s reputation
- Then the content and sending patterns
Your audit should follow the same sequence — fixing authentication won’t help if your domain is already blacklisted. This checklist works for email marketers, cold emailers, SaaS teams, agencies, and e-commerce brands. If you send email at any meaningful volume, you need this audit.
Email authentication checklist
Authentication is the foundation. Gmail’s February 2024 sender requirements made SPF, DKIM, and DMARC mandatory for bulk senders. Without proper authentication, inbox providers treat your emails as potentially fraudulent, put them in the spam folder, or outright reject them.
SPF record verification
SPF specifies which IP addresses are authorized to send email on behalf of your domain. When an email arrives, the receiving server checks your SPF record to verify that the sending server is authorized.
☐ SPF record exists and is published in DNS
☐ All legitimate sending sources are included
☐ Record contains 10 or fewer DNS lookups (the hard limit)
☐ No syntax errors or duplicate entries ☐ Record ends with -all or ~all, not +all
Verify your SPF record using Google Admin Toolbox or MxToolbox.
DKIM configuration check
DKIM adds a cryptographic signature to your email headers, proving the message hasn’t been altered and confirming your domain takes responsibility for the email.
☐ DKIM signing is enabled for all sending sources
☐ Key size is at least 1024 bits (2048 bits recommended)
☐ DKIM record is published correctly in DNS
☐ Signature alignment matches your From domain
If you’re seeing DKIM failures, the problem is usually a mismatch between your DNS record and your email provider’s signing configuration.
DMARC policy setup
DMARC tells inbox providers what to do when emails fail SPF and DKIM checks. It also generates reports showing who’s sending email using your domain — including unauthorized senders.
☐ DMARC record is published in DNS
☐ Policy is set appropriately (p=none for monitoring, p=quarantine or p=reject for enforcement)
☐ Reporting addresses are configured
☐ SPF and DKIM alignment is passing
☐ You’re actually reading your DMARC reports
Most senders start with p=none to monitor, then move to p=quarantine after confirming legitimate sources pass authentication.
ARC for forwarded emails
ARC (Authenticated Received Chain) preserves authentication results when emails are forwarded through mailing lists or third-party services.
Without ARC, forwarded emails often fail SPF and DKIM checks even when the original message was properly authenticated.
☐ ARC headers are being added by forwarding services you control
☐ You understand which of your emails get forwarded (mailing lists, group aliases, forwarding rules)
☐ Authentication failures from forwarded mail are identified separately in your DMARC reports
This is optional for most senders, but it’s worth understanding if you’re seeing authentication failures you can’t explain.
Reverse DNS (PTR) record
Reverse DNS maps your sending IP address back to a hostname. Inbox providers check this to verify your sending infrastructure is legitimate (spammers rarely bother setting up proper reverse DNS).
☐ PTR record exists for your sending IP
☐ PTR hostname resolves back to the same IP (forward-confirmed reverse DNS)
☐ Hostname matches or relates to your sending domain
If you’re using a shared sending service, they handle this. If you’re on dedicated IPs, verify it’s configured correctly.
Domain and IP reputation checklist
Email reputation is what inbox providers remember about your sending history.
New domains have no reputation (almost as bad as negative). Domains that sent spam have a negative reputation, requiring weeks to repair. Build a positive reputation through consistent, engagement-generating emails.
Domain age and history
Inbox providers don’t trust new domains. If your sending domain is less than 30 days old, expect deliverability problems regardless of how good your authentication and content are.
☐ Sending domain is at least 30 days old (90+ days is better)
☐ Domain has some sending history before high-volume campaigns
☐ No previous owners used the domain for spam (check the domain history if you bought it recently)
☐ Separate domains exist for marketing/cold email vs. transactional sends (protecting your main domain)
If you’re starting cold email campaigns, set up a separate domain specifically for outbound. This protects your primary domain’s reputation if something goes wrong.
IP reputation assessment
Your sending IP’s reputation matters more on dedicated infrastructure, less on shared IPs where the provider manages reputation across all senders.
☐ Sending IP is not on any major email blacklists
☐ IP reputation is “Good” or “Medium” in Cisco Talos
☐ No recent spam complaints associated with the IP
☐ Sending volume is consistent
Check IP reputation by taking an email deliverability test or using MxToolbox.
Blacklist monitoring
Email blacklists are databases of IPs and domains known to send spam. Landing on a major list (Spamhaus, Barracuda, URIBL) can tank deliverability overnight.
☐ Domain is not listed on any major blacklists
☐ Sending IPs are not blacklisted
☐ Monitoring alerts are configured
☐ You have a process for blacklist removal if needed
EmailWarmup.com and MxToolbox offer free blacklist monitoring across multiple lists.
Email warmup status
New email accounts and domains need gradual volume increases before high-volume sending. Jumping straight to thousands of emails per day triggers spam filters.
☐ New accounts have completed at least 14 days of warmup
☐ Warmup started at 10-20 emails per day and increased gradually
☐ Warmup emails generated real engagement (opens, replies)
☐ Warmup continues running during campaigns
☐ Different mailboxes are used for different campaign types
Understanding what email warmup is and following a proper warmup schedule prevents months of deliverability problems.
Email list quality and hygiene checklist
List quality directly impacts sender reputation — high bounce rates signal purchased or scraped lists. High spam complaints signal unwanted emails. Both destroy deliverability faster than almost any other factor.
Email verification
Invalid email addresses cause hard bounces, which damage the sender’s reputation immediately.
☐ All email addresses have been verified using an email validation API
☐ Hard bounces are removed immediately after each send
☐ Catch-all domains are flagged and treated carefully
☐ Role addresses (info@, sales@) are minimized
☐ Disposable email addresses are removed
Verification should happen before the first send and periodically afterward.
Bounce rate monitoring
Email bounce rate is one of the primary signals inbox providers use to judge list quality. High bounce rates suggest you’re not maintaining your list — or worse, that you’re sending to addresses you shouldn’t have.
☐ Hard bounce rate stays below 2% per send
☐ Soft bounces are monitored, and addresses are removed after repeated failures
☐ Bounce reasons are analyzed (invalid address vs. full mailbox vs. server rejection)
☐ New list segments are tested at low volume before full sends
If your bounce rate exceeds 2%, pause campaigns and clean your list before continuing. The damage from continued sending outweighs any benefit from the additional volume.
Inactive subscriber management
Sending to people who never open your emails hurts your email reputation. Inbox providers track engagement, and consistently low engagement signals that your emails aren’t wanted.
☐ Inactive subscribers are identified (no opens in the last 90-180 days)
☐ Re-engagement campaigns attempt to recover inactive subscribers
☐ Persistently inactive subscribers are suppressed or removed
☐ Engagement-based segmentation prioritizes active subscribers
Spam trap avoidance
Spam traps are addresses designed to catch senders with poor list practices. Hitting one tells inbox providers you’re buying lists, scraping addresses, or not removing bounces.
☐ No purchased or rented lists are in use
☐ All addresses came from legitimate opt-in sources
☐ Old, inactive addresses are regularly removed
☐ List building doesn’t involve scraping or harvesting
Consent and opt-in verification
Sending to people who didn’t opt in generates spam complaints that destroy the sender’s reputation.
☐ All recipients have explicitly opted in to receive email
☐ Opt-in source and date are recorded for each subscriber
☐ Double opt-in is used for public signup forms
☐ Consent records can be produced if challenged
For cold email, the rules differ — you’re not using opt-in lists, so list quality and verification become even more critical.
Email content and formatting checklist
Content affects deliverability two ways — spam filters analyze it algorithmically, and recipients react with engagement or complaints. Engagement matters more — a well-authenticated email from a reputable sender can still land in spam if content triggers filters.
Spam trigger words
Spam filters flag certain words and phrases that appear frequently in spam emails. While modern filters are more sophisticated than simple keyword matching, certain patterns still increase your spam score.
☐ Subject lines avoid aggressive sales language (“FREE!!!”, “Act Now”, “Limited Time”)
☐ Body content doesn’t use excessive capitalization or punctuation
☐ Financial claims and health promises are avoided or carefully worded
☐ Urgency tactics aren’t overused
☐ Content has been tested through a spam checker before sending
This free email spam checker catches obvious issues. More subtle problems require testing with seed lists across different inbox providers.
HTML structure and text-to-image ratio
Poorly structured HTML or image-heavy emails often trigger spam filters.
☐ HTML is clean and well-formed
☐ Text-to-image ratio favors text (at least 60% text)
☐ Images include alt text
☐ Total email size stays under 102KB (Gmail clips larger messages)
☐ Email renders correctly across major clients
Plain text emails often perform better for cold outreach. For marketing emails, clean HTML with good text balance works well.
Personalization elements
Email personalization improves engagement and creates variation between emails (which avoids triggering duplicate content filters).
☐ Recipient name or company is included where appropriate
☐ Content varies between recipients
☐ Personalization tokens are properly configured
☐ Custom fields allow for meaningful personalization
Link and tracking management
Links can trigger spam filters, especially certain URL patterns and tracking redirects.
☐ Links point to reputable domains (no URL shorteners like bit.ly)
☐ Link domains match or relate to your sending domain
☐ Number of links is reasonable
☐ Tracking is disabled for deliverability-critical sends
☐ No broken links exist
If deliverability is your priority, consider disabling open and click tracking entirely.
Signature and footer requirements
☐ Professional signature is included (name, title, company)
☐ Physical mailing address is present (CAN-SPAM requirement)
☐ Unsubscribe link is visible and functional
☐ Signature HTML is clean (not bloated code)
Sending practices checklist
How you send matters as much as what you send. Volume spikes, inconsistent patterns, and aggressive sending behavior all trigger spam filters and damage reputation.
Sending volume limits
Every email provider has sending limits. Exceeding them results in throttling, bounces, or account suspension.
| Provider | Daily limit | Notes |
| Gmail / Google Workspace | 2,000/day (Workspace), 500/day (free) | Limits reset at midnight Pacific |
| Outlook / Microsoft 365 | 10,000/day | 30 messages per minute limit also applies |
| Custom SMTP | Varies by provider | Check your provider’s specific limits |
☐ Daily sending volume stays within provider limits
☐ Sending is spread throughout the day (not all at once)
☐ Multiple mailboxes are used for high-volume sends
☐ Rate limits are respected (messages per minute, not just per day)
Sending frequency and consistency
Consistent sending patterns build sender reputation. Erratic patterns — nothing for weeks, then thousands of emails suddenly — trigger spam filters.
☐ Sending schedule is consistent (similar volumes on similar days)
☐ No sudden volume spikes (increases happen gradually)
☐ Campaigns are spread across time rather than batched simultaneously
☐ Sending times vary somewhat (not exactly the same time every day, which looks automated)
Warmup protocol for new accounts
New accounts need gradual volume increases before full-capacity sending.
☐ New accounts start at 10-20 emails per day
☐ Volume increases by 15-20% daily
☐ Warmup runs for at least 14 days before campaigns
☐ Engagement during warmup is positive (opens, replies)
☐ Warmup continues during campaigns
Run an email deliverability test before and after warmup to measure improvement.
From address and reply-to configuration
Your From address and Reply-To address affect both deliverability and recipient trust.
☐ From address uses your domain (not a free email provider)
☐ From name is recognizable (person name or brand name recipients will recognize)
☐ Reply-To address is monitored (replies don’t go to into a void)
☐ From address matches the type of email (different addresses for transactional vs. marketing)
Compliance checklist
Legal compliance isn’t optional, and violations can result in fines as well as deliverability problems. Major inbox providers also factor compliance signals into their filtering decisions.
CAN-SPAM requirements (US)
The CAN-SPAM Act applies to commercial email sent to US recipients.
☐ Physical postal address is included in every commercial email
☐ Unsubscribe mechanism is present and functional
☐ Unsubscribe requests are honored within 10 business days
☐ Subject lines accurately reflect email content (no deceptive subject lines)
☐ Email is identified as an advertisement if required
GDPR compliance (EU recipients)
If you email EU residents, GDPR applies regardless of where your business is located.
☐ Legal basis for processing exists (consent, legitimate interest, or contractual necessity)
☐ Privacy policy explains data processing
☐ Data subject rights can be fulfilled (access, deletion, portability)
☐ Records of consent are maintained
Unsubscribe mechanism
Easy unsubscribes reduce spam complaints (which hurt deliverability more than unsubscribes do).
☐ Unsubscribe link is visible
☐ One-click unsubscribe works without login
☐ List-Unsubscribe header is included
☐ Unsubscribes processed immediately
Physical address inclusion
Make sure that:
☐ Valid physical address appears in email footer
☐ Address is readable
Monitoring and troubleshooting checklist
Deliverability isn’t set-and-forget. Ongoing monitoring catches problems before they become crises.
Google Postmaster Tools setup
Google Postmaster Tools shows how Gmail views your sending reputation.
☐ Domain is verified in Google Postmaster Tools
☐ Dashboard is checked weekly
☐ Spam rate, domain reputation, and authentication metrics monitored
☐ Alerts set up for reputation changes
Feedback loop registration
Feedback loops notify you when recipients mark your emails as spam. Major inbox providers offer FBL programs.
☐ Registered for Microsoft JMRP (Junk Mail Reporting Program)
☐ Registered for Yahoo Complaint Feedback Loop
☐ Spam complaints are processed, and complainers are suppressed
☐ Complaint rate is monitored (target: under 0.1%)
Key metrics to track
Here are the key email metrics you must track:
| Metric | Target | Warning Sign |
| Spam complaint rate | Under 0.1% | Above 0.1% |
| Hard bounce rate | Under 2% | Above 2% |
| Open rate | Varies by industry | Sudden drops of 20%+ |
| Inbox placement | Above 90% | Below 80% |
| Domain reputation (Postmaster) | High or Medium | Low |
☐ Metrics tracked per campaign and over time
☐ Sudden changes trigger an investigation
☐ Benchmarks established for your sending patterns
When to get expert help
If you’ve taken care of everything on this email deliverability checklist and still face issues, it’s time to bring in some expert help. An email deliverability consultant can audit your setup and help with blacklist removal or reputation recovery.
Frequently asked questions about email deliverability
Here are some commonly asked questions on this topic:
Run a full audit monthly if you’re sending consistently, and immediately after any deliverability drop. Quick checks (authentication, blacklists, Postmaster reputation) should happen weekly. The full checklist matters most before major campaigns or after infrastructure changes.
Run a full audit monthly if you’re sending consistently, and immediately after any deliverability drop. Quick checks (authentication, blacklists, Postmaster reputation) should happen weekly. The full checklist matters most before major campaigns or after infrastructure changes.
Inbox placement above 90% is considered good. Above 95% is excellent. Below 80% indicates serious problems that need immediate attention. These numbers refer to emails reaching the primary inbox — not just being delivered to the mail server (which includes spam folder placement).
Run inbox placement tests using seed lists across multiple providers. Check Google Postmaster Tools for spam rate data. Monitor open rates for sudden drops (which often indicate spam placement). Ask trusted contacts to check their spam folders after you send test emails.
The most common causes are authentication failures (SPF/DKIM/DMARC breaking due to DNS changes), reputation damage (from spam complaints, bounces, or hitting spam traps), sending pattern changes (sudden volume increases), or content issues (triggering spam filters). Usually, it’s a combination — one small problem makes others worse.
Authentication fixes take effect within 24-48 hours once DNS propagates. Reputation recovery takes 2-4 weeks of consistent good sending. Blacklist removal varies from immediate to several weeks, depending on the blacklist. Major reputation damage from spam trap hits or high complaint rates can take months to fully recover.
