Email deliverability — the practitioner's guide

Deliverability isn't a single setting; it's the result of four distinct systems working together. Break any one of them and the entire program suffers, often in ways that look like something else (low open rates, slow send throughput, complaints you can't explain).

1. Authentication.SPF, DKIM, DMARC. These are DNS-level configurations that prove to mailbox providers you're authorised to send from your domain. Without all three, major providers (Gmail, Yahoo, Microsoft) now reject bulk senders outright.Source · GoogleEmail sender requirementsGoogle's sender requirements updated in 2024 mandating SPF, DKIM, DMARC, and one-click unsubscribe for bulk senders.support.google.com/a/answer/81126

2. Reputation. Mailbox providers assign your sending IP(s) and domain a reputation score based on historical behaviour. Reputation is earned over weeks and months of consistent, engaged sending. It decays quickly when you break the rules.

3. Engagement. The forward-looking signal. Providers watch how recipients interact with your mail — opens, clicks, replies, adds-to-contacts, moves-to-inbox, marks-as-spam — and treat engagement as the single strongest predictor of future legitimacy.

4. List hygiene. The discipline of removing unreachable, uninterested, and inactive addresses from your sending list. A clean list drives higher engagement; high engagement protects reputation; good reputation delivers mail. The four pillars compound.

SPF (Sender Policy Framework) publishes which servers are allowed to send mail for your domain via a DNS TXT record. DKIM (DomainKeys Identified Mail) cryptographically signs messages so recipients can verify the mail hasn't been tampered with. DMARC (Domain-based Message Authentication, Reporting & Conformance) tells recipients what to do when SPF or DKIM fail, and sends you reports on authentication outcomes.

All three have to be configured correctly. In 2024, Google and Yahoo began requiring all three for bulk senders; Microsoft has equivalent requirements for Outlook.com. Misconfiguration causes deliverability degradation that's hard to debug because everything else in your program looks fine.

Practical rule for Braze or any bulk ESP: use a custom sending subdomain (e.g. mail.yourbrand.com) rather than your primary domain for marketing sends. This isolates your marketing reputation from your corporate transactional mail and lets you configure authentication cleanly. Set up DMARC in monitoring mode (p=none) first, review the reports for 2–4 weeks, then move to quarantine or reject.

Reputation is assessed independently per IP address and per sending domain. You earn it through consistency: the same sender, same volume range, same content character, same kind of engaged recipients, over time. For new IPs, this means a disciplined ramp before full volume — the IP warm-up playbook covers the specific methodology.

Three things erode reputation fastest. Sudden volume spikes. High bounce rates (2%+ flags hard reputation damage). High complaint rates (above 0.1% is a warning; above 0.3% is actively damaging). A reputation that took six months to build can be knocked down to fair or bad in a week of bad sending.

Monitor with Google Postmaster Tools (free, covers Gmail) and Microsoft SNDS (free, covers Outlook.com and Hotmail).Source · GooglePostmaster ToolsGoogle's free service for monitoring Gmail sender reputation, spam complaint rates, authentication results, and delivery errors.postmaster.google.comCheck at least weekly. A sudden drop in reputation usually precedes delivery problems by 3–5 days — catching it early means you can pause sending and diagnose before the inbox placement craters.

Engagement is what separates a sender whose reputation survives a bad week from one that doesn't. Mailbox providers weight engaged recipients heavily — if your active base opens, clicks, and replies at healthy rates, the provider treats you as a legitimate sender even when specific sends miss.

Protect engagement actively. Suppress long-dormant users during marketing sends. Segment so the audience for every campaign has above-baseline engagement probability. Run re-engagement programs early — before the user hits 90 days inactive — because reactivating a 30-day-dormant user is much easier than reactivating a 180-day one.

The Orbit Braze Deliverability Health Check skill pulls bounce and complaint data directly from Braze and flags segments where engagement is eroding faster than average — so you see the issue before it becomes a reputation problem.

List hygiene isn't cleanup after the fact; it's a continuous discipline. Three rules that protect sender reputation over time:

Hard-bounce once, remove forever.Any email that hard-bounces should never be mailed again. The address either doesn't exist or has been disabled — continuing to send is a strong negative signal.

Soft-bounce 3x, suppress. Soft bounces are recoverable in principle — a full mailbox, a temporary server issue — but in practice, three soft bounces in a row usually means the address is abandoned. Suppress until engagement re-evidence.

Sunset inactive users.A user who hasn't opened any mail in N days (typically 90–180 for consumer programs) should be removed from marketing sends. Keep them in transactional, invite them back via a re-engagement program, and if they don't respond, let them go. A list that never shrinks is a list that's slowly poisoning your deliverability.

Diagnose before treating. A deliverability drop has three common causes and three different fixes:

A reputation collapse. Typically follows a volume spike or a high-complaint send. Postmaster Tools and SNDS show the drop. Fix: immediately scale back volume, suppress dormant users, send only to most-engaged segment for 2–3 weeks. Monitor reputation recovery before returning to normal volume.

An authentication failure. Symptoms: sudden delivery drop with no volume change, often coinciding with a DNS change or ESP configuration update. DMARC reports show the failure mode. Fix: correct the authentication configuration and redeploy; reputation recovers within days once mail authenticates correctly.

Blacklisting.Your IP or domain has been listed on a major blacklist (Spamhaus, SORBS). Symptoms: severe delivery failures, bounces mentioning the blacklist. Fix: understand why you were listed (usually a sudden volume spike, a compromised account sending spam, or high complaint rate), resolve the underlying cause, then request delisting through the blacklist's official channel. Repeat listings compound.

In all three cases, the recovery time is longer than the breakage time. Expect 3–6 weeks to fully recover reputation from a significant incident. Prevention always costs less than recovery.