Deliverability
How DMARC Works
Authentication & Security
Authentication Protocols (Required Feb 2024)
Google and Yahoo require SPF, DKIM, and DMARC for bulk senders (5,000+ emails/day). Without these, emails go to spam.
| Protocol | Purpose | Requirement | Notes |
|---|---|---|---|
| SPF | Authorize sending IPs | Required for 5K+ daily senders | Lists which mail servers can send for your domain. Keep under 10 DNS lookups. |
| DKIM | Cryptographic signature | Required for 5K+ daily senders | Proves message was not tampered in transit. Rotate keys annually. |
| DMARC | SPF/DKIM alignment policy | Required for 5K+ daily senders | Specifies what ISPs should do when emails fail authentication. |
| BIMI | Brand logo in inbox | Optional (requires p=reject DMARC) | 8-10% higher engagement with visible brand logos in inbox. |
v=spf1 include:sendgrid.net include:klaviyo.com include:_spf.google.com ~allThis tells receiving servers: "Email from this domain should originate from SendGrid, Klaviyo, or Google Workspace."
~all= soft fail (suspicious but deliver)-all= hard fail (reject unauthorized)- Keep under 10 DNS lookups (some ISPs reject if exceeded)
default._domainkey.yourdomain.com TXT "v=DKIM1; k=rsa; p=MIGfMA0GCSq..."- Your ESP generates DKIM keys automatically
- Add the public key to your DNS as a TXT record
- Rotate keys annually for security
- Use multiple selectors for key management
Gmail and Yahoo require List-Unsubscribe headers with one-click functionality:
- Add
List-UnsubscribeandList-Unsubscribe-Postheaders - Single click opens confirmation popup (no additional pages)
- Process unsubscribe within 2 days
- No re-confirmation steps or additional information requests
Common DMARC Myths & Misconceptions
Misunderstanding these principles leads to false security or broken email programs.
Myth: "p=none protects me"
Fact: p=none provides zero protection. It is a monitoring-only mode. Spoofing continues unabated until you move to p=quarantine or p=reject.
Myth: "Only large corps need it"
Fact: Attackers target small businesses specifically because they lack protection. Any domain without DMARC can be used to send phishing emails that look 100% authentic.
Myth: "It's just a spam filter"
Fact: It is an instruction manual for receivers. It tells Gmail/Yahoo exactly what to do with unauthenticated mail (trash it or bounce it).
Myth: "Parked domains are safe"
Fact: unused domains are prime targets for spoofing because nobody is watching them. Parked domains must have a reject policy.
Sending Infrastructure
IP Warming Protocol
New IPs have no sending history. Suddenly sending 50,000 emails from a cold IP triggers spam filters regardless of content quality.
| Days | Daily Volume | Recipient Quality | Key Actions |
|---|---|---|---|
| 1-3 | 10-20 | Seed list only (colleagues) | Monitor for bounces/spam |
| 4-7 | 50-100 | Seed list + most engaged | Track inbox placement |
| 8-14 | 200-500 | Clicked in past 30 days | Watch open/click rates |
| 15-21 | 1,000-2,000 | Engaged + recently active | Increase 20-30% daily |
| 22-30 | 5,000-10,000 | Full engaged list | Add less engaged segments |
| 30+ | Full volume | All deliverable subscribers | Maintain consistent cadence |
Critical Warming Rules
- Never 3x volume increase day-over-day
- Every hard bounce in warming phase can significantly damage reputation
- Maintain consistent daily sending (no gaps)
- Send only to verified, engaged addresses initially
AI-Powered Warming Tools
- Warmy.io, Instantly, Smartreach
- Simulate genuine human behavior (open, scroll, click)
- Manually remove from spam, mark as important
- Reduces 8-week warm-ups to 5 weeks
List Hygiene and Data Quality
List quality determines deliverability as much as authentication. A list with invalid addresses suppresses sender reputation.
NeverBounce
10K emails in 3 minBest for: E-commerce/SaaS
Hybrid verification + real-time API
Real-time form validation prevents 20% invalid capturesZeroBounce
100K in 45 minBest for: Enterprise/Healthcare/Finance
Multi-point validation from global locations
Categorizes spam traps, abuse emails, do-not-mail flagsSubdomain Strategy
Using different subdomains for different email types isolates reputation. If marketing tanks, transactional survives.
marketing.domain.com
Newsletters, campaigns, promotions
transactional.domain.com
Order confirmations, receipts, password resets
domain.com (main)
Internal/company use only
Real scenario: Marketing list grows 40%, you 4x daily volume. ISP engagement dips, IP reputation declines. Suddenly, customer order confirmations start soft bouncing. This never happens with separate subdomains.
Custom tracking domains: Using track.yourdomain.com instead of track.sendgrid.net shows 2-4% higher CTR. ISPs perceive links as more trustworthy when tracked through your domain.
Rendering & Design
Email Rendering Across Clients
Email clients have inconsistent CSS support. Test across minimum 10 clients before sending.
| Client | CSS Support | Notes |
|---|---|---|
| Gmail | Strips most CSS, ignores external stylesheets | Inline styles required |
| Outlook 2007-2019 | Uses Word rendering engine | No modern CSS support |
| Apple Mail | Best CSS support, renders HTML5 | Full media query support |
| Yahoo Mail | Moderate, wraps in container | Can break layouts |
| Outlook.com | Better than desktop, some CSS3 | Moderate support |
Litmus
- 100+ email client previews
- Detailed accessibility testing
- Advanced collaboration tools
- Heatmaps and read-time analysis
Email on Acid
- Screenshots under 10 seconds
- Built-in HTML editor and inliner
- Instant code optimization suggestions
- Simpler interface for daily testing
The 60/40 Rule for Image-to-Text Ratio
- Optimal: 60% text, 40% images maximum
- Above 70% images triggers spam filters
- Many clients block images by default (email appears blank)
- Ensure core message readable without images
Mobile Optimization (50-60% of Opens)
Roughly 50-60% of emails open on mobile. Mobile-first means designing for small screens first, then scaling up.
Single-column layout
Multi-column requires zooming, kills engagement
14px+ font size
12px fonts are unreadable on small screens
44x44px tap targets
Smaller buttons cause accidental clicks/frustration
Subject line under 40 chars
Mobile truncates longer subjects
Preheader under 50 chars
Preview text cut off on mobile
10px+ link spacing
Prevents accidental taps on wrong links
Images compressed
Large images slow mobile load times
Dark Mode & Accessibility
Dark Mode Email Design (~35% of Email Views)
When users enable dark mode, email clients invert colors automatically, often breaking design completely.
| Client | Support | Notes |
|---|---|---|
| Apple Mail | Full | Respects prefers-color-scheme |
| Gmail (iOS/Android) | Partial | Auto-inverts, may need targeting |
| Outlook (iOS/Android) | Partial | Uses [data-ogsb] targeting |
| Yahoo Mail | Partial | Auto-inverts colors |
| Outlook Desktop | None | No dark mode email support |
Video in Email
Native video playback isn't supported in most email clients. Gmail, Yahoo, and Outlook desktop require fallback images.
Partial HTML5 Video Support
- Apple Mail (iOS, macOS) - partial support, no autoplay
- Support elsewhere is inconsistent; treat video as an Apple-Mail-only enhancement
Requires Fallback (the large majority of opens)
- Gmail (all platforms)
- Yahoo Mail
- Outlook (desktop and Outlook.com)
Best Practice: Static Thumbnail + Link
- Take screenshot from video
- Add play button icon overlay
- Link thumbnail to YouTube/Vimeo/hosted video
- Recipient clicks and opens in browser
Email Accessibility (WCAG)
WCAG standards ensure emails are accessible to users with disabilities. Screen readers require proper semantic HTML.