Updated · 8 min read
Bounce rate management: the thresholds and the fix order
Every deliverability dashboard has a bounce rate chart. Most lifecycle teams look at it, see a number under 2%, and move on. But bounce rate has texture — hard vs soft, by ISP, by cohort — and the texture is where the operational decisions live. Here's how to read it and how to act on it.
Justin Williames
Founder, Orbit · 10+ years in lifecycle marketing
Hard vs soft — and why it matters
Hard bounces are permanent — the address doesn't exist, has been disabled, or is otherwise unreachable. Treatment: immediate permanent suppression. Covered in the list hygiene policy.
Soft bounces are temporary — mailbox full, server temporarily unavailable, greylisting. Treatment: retry a reasonable number of times, then suppress after repeated failures (3 consecutive is the operator default).
The gotcha: some providers report soft bounces that are actually persistent (the mailbox has been full for months, will never be emptied). Look at soft bounce recurrence — if an address has soft-bounced on every send for 3+ months, treat it as hard even if the provider category says otherwise.
The thresholds that matter
< 2%
Healthy total bounce rate. Below this, no action needed.
2–5%
Warning zone. Investigate acquisition channels; audit recent imports.
> 5%
ISPs start rate-limiting. Gmail and Yahoo may temporarily block further sending.
The thresholds are cumulative across recent sends (typically 30-day rolling). A single send with a 10% bounce rate on a badly-targeted broadcast doesn't break you if the rest of the program is healthy. A 30-day rolling average above 5% typically does.
The deliverability guide covers the full connection between bounce rates and sender reputation. Bounce rate is the fastest-moving indicator; complaint rate is slower but more damaging when it moves.
The five causes, in order of frequency
1. Stale list data. The most common cause. Addresses that were valid 18 months ago have been abandoned, disabled, or rotated. Solution: aggressive sunset policy + validation on any long-dormant segment before sending to it.
2. Bad acquisition.List imports from a legacy source, a promotion that allowed fake emails, a co-marketing arrangement where the partner's list was dirty. Solution: audit the acquisition path behind the bounces. High-bounce segments usually trace back to a specific acquisition event.
3. Authentication failure. SPF, DKIM, or DMARC suddenly failing. Bounce rate climbs because receiving servers are rejecting messages they can't authenticate. Symptoms: sudden spike rather than gradual climb. Solution: check DMARC reports, verify DNS hasn't been changed, confirm ESP configuration. Covered in the authentication guide.
4. IP or domain reputation damage.You've accumulated negative signal (volume spike, complaint surge, previous authentication issues) and one or more ISPs are now blocking your sending. Symptoms: bounces concentrated at specific providers (Gmail and nowhere else; Microsoft and nowhere else). Solution: full reputation recovery sequence — scale back volume, tight segmentation to most-engaged users, monitor reputation recovery via Postmaster Tools and SNDS.
5. Content triggering spam filters. Specific message content tripping provider filters. Symptoms: bounces on a specific campaign, not across the program. Solution: isolate the campaign, test with seed addresses, adjust content (links, images, spam-flag phrases).
The fix order when bounce rate spikes
1. Stop and segment. Pause any non-critical sends. Bucket bounces by ISP, by campaign, by user cohort. The pattern tells you which cause you're dealing with.
2. Apply immediate suppression. Hard bounces from the spike are permanently suppressed. Soft bounces beyond the retry threshold go to temporary suppression.
3. Investigate the pattern. Look at the five causes in order. Usually the pattern tells you within 30 minutes which is the culprit.
4. Fix the underlying cause. Authentication fix is fast; reputation recovery is slow (3–6 weeks). List-data fixes take investigation but are straightforward once the bad acquisition path is identified.
5. Resume gradually. Don't go back to full volume the day the fix deploys. Ramp back over a week, monitoring bounce rate daily.
The Orbit Deliverability Management skill runs this triage workflow and produces the structured diagnosis. Worth having in the toolkit when a spike happens — the decision pressure during an incident usually leads to rushed judgement.
Frequently asked questions
- What's a healthy bounce rate?
- Under 2% on a 30-day rolling basis. 2–5% is a warning zone — investigate. Above 5% and ISPs may start rate-limiting or blocking your sends entirely.
- Should I remove soft-bounced addresses immediately?
- Not immediately. Soft bounces are often recoverable. Operator default: suppress after 3 consecutive soft bounces. For addresses that soft-bounce on every send for 3+ months, treat as hard bounces — they're effectively undeliverable even if technically categorised otherwise.
- What's the most common cause of a bounce rate spike?
- Stale list data — addresses that were valid but have been abandoned or disabled. Usually shows up as a gradual climb rather than a sudden spike. Sudden spikes are more often authentication failures or reputation damage.
- How do I diagnose a bounce rate problem?
- Segment first. If bounces concentrate at one ISP, it's a reputation issue with that ISP. If they're across all ISPs, it's probably authentication or list data. If they're concentrated on a specific campaign, it's content. The pattern determines the fix.
- How long does reputation recovery take?
- 3–6 weeks for most programs after a significant incident. Scale back volume, send only to most-engaged users, monitor Google Postmaster Tools and Microsoft SNDS for recovery signals. Don't return to full volume until reputation scores recover.
- Can I retry a hard-bounced address?
- No. Hard bounces are permanent negative signals. Continuing to send after a hard bounce is one of the cheapest ways to damage sender reputation. If an address was genuinely misclassified (rare), manual re-verification via a new opt-in is the only appropriate recovery path.
This guide is backed by an Orbit skill
Related guides
Browse all →Spam complaints: the playbook for detecting and reducing them
Spam complaints are the strongest negative reputation signal in email. They compound faster than bounces and recover slower. Here's the playbook — what triggers them, how to detect them early, and the four levers that reliably bring the rate down.
Bounces vs blocks vs deferrals: what your ESP's error codes actually mean
SMTP error codes are the mechanical reason emails don't arrive. Most programs lump them all into 'bounces' and miss the signal. Here's the actual taxonomy — hard bounce, soft bounce, block, deferral — and what each one tells you.
Email deliverability — the practitioner's guide
Deliverability is the cumulative result of every send decision over the lifetime of a domain. This guide covers the four pillars — authentication, reputation, engagement, and list hygiene — and how to recover when one breaks.
The unsubscribe page is the most important page in your lifecycle program
The page every lifecycle team ignores is the one that quietly decides sender reputation, suppressed-list quality, and the fate of your next quarter's deliverability. A short defence of why it's worth the ten-minute rebuild.
SPF, DKIM, and DMARC explained for lifecycle marketers
Three DNS records decide whether your marketing email is trusted or binned. Gmail and Yahoo have required all three for bulk senders since 2024. This is the practitioner's explainer — what each one does, how they interact, and the configuration that actually works.
Dedicated vs shared IP: the real decision
Every Braze sales conversation pitches the dedicated IP. Most programs don't need one. Here's the volume threshold that actually justifies a dedicated IP, the risks most teams don't anticipate, and when the shared pool is genuinely the better call.
Found this useful? Share it with your team.