1Authenticate every domain that sends mailCritical

Authentication is the foundation. Without proper SPF, DKIM, and DMARC records, mailbox providers treat your messages as unauthenticated traffic and either filter them aggressively or reject them outright. In 2026, all three records are expected, and DMARC must be enforced (not just monitored).

What to do:

• Publish an SPF record listing every server authorized to send mail for your domain. Watch out for SPF flattening if you have more than ten lookups; the record fails silently when it exceeds the limit.
• Sign every outbound message with DKIM using a 2048-bit key. Rotate keys annually.
• Publish a DMARC record. Start at p=none while you analyze reports, then move to p=quarantine, then p=reject. Bulk senders are expected to be at quarantine or reject.
• For bulk senders specifically, both SPF and DKIM domains must align with your visible sender domain, not just one of them.

Failure mode: Authentication mistakes are silent. Your messages route to spam without any obvious error in your sending logs. Use Google Postmaster Tools to confirm your authentication is passing at the receiver, not just configured at your end.

2Verify your list before every major sendCritical

Bounce rate is one of the loudest negative signals you can send to a mailbox provider. A clean list verified within the last 90 days bounces under 1 percent. A neglected list bounces 5 to 15 percent and triggers throttling immediately. Verification removes invalid addresses, dead domains, and disposable mailboxes before you ever send to them.

What to do:

• Run your full list through bulk email verification on a 90-day cycle as a baseline.
• Re-verify any segment that has not been mailed in 60+ days before re-engagement campaigns.
• Always verify before any one-time send larger than your typical volume (announcements, product launches, year-end recaps).
• Remove failed addresses immediately. Move unknown addresses (catch-all, greylisted) to a separate warm-up segment.

Failure mode: Skipping verification before a large send is the most common cause of sudden deliverability collapse. The bounce spike that follows can take weeks to recover from.

3Keep your spam complaint rate under 0.10 percentCritical

Gmail and Yahoo set the disqualifying threshold at 0.30 percent (3 complaints per 1,000 messages), but the practical operating ceiling is much lower. A program running at 0.30 percent gets penalized; a healthy program runs under 0.10 percent. Spam complaints damage sender reputation faster than any other single signal.

What to do:

• Monitor complaint rate per domain in Postmaster Tools daily, not weekly.
• Set internal alerts at 0.05 percent so you have time to react before you cross 0.10 percent.
• If complaint rate spikes, pause the affected campaign immediately and audit the segmentation, frequency, and content.
• Make unsubscribe genuinely easy (see practice #4). Users who can't find the unsubscribe button hit "report spam" instead.

Failure mode: A single bad segmentation decision (mailing a re-engagement campaign to a year-old cold list, for example) can push complaints over 0.30 percent in one send, which makes your domain ineligible for Gmail's delivery support until complaints stay under threshold for seven consecutive days.

4Implement RFC 8058 one-click unsubscribeHigh

This is the single most under-implemented requirement two years after the Gmail and Yahoo rules took effect. Many senders add a visible unsubscribe link in the email body but omit the RFC 8058 headers that mailbox providers actually check for. Gmail surfaces this as a native unsubscribe button at the top of the message; without the headers, that button doesn't appear.

What to do:

Add both required headers to every marketing message:

List-Unsubscribe: <https://example.com/unsubscribe?id=abc123>, <mailto:unsubscribe@example.com?subject=unsubscribe>
List-Unsubscribe-Post: List-Unsubscribe=One-Click

# When the user clicks Gmail/Yahoo native unsubscribe, the provider
# sends a POST to the URL above. Your server must process the unsubscribe
# immediately, return 200 OK, and stop sending within 24-48 hours.

Failure mode: Without the List-Unsubscribe-Post header specifically, the URL is treated as a regular link instead of a one-click action. Users hit "report spam" because the unsubscribe button never appears, and your complaint rate climbs.

5Run a sunset policy on inactive subscribersHigh

Mailbox providers track engagement (opens, clicks, replies, foldering) at the per-recipient level. Sustained sending to recipients who don't engage tells the provider your messages are unwanted, and your reputation degrades even though no one is hitting the spam button.

What to do:

• Define inactive: typically no open or click in the last 60 to 90 days, depending on your normal cadence.
• Suppress inactive subscribers from your primary send list.
• Run a re-engagement sequence to those suppressed subscribers asking them to confirm interest. Two or three messages, spaced over 2 weeks, with a clear "stay subscribed" CTA.
• If they don't engage with the re-engagement sequence, suppress permanently.

Failure mode: Continuing to mail subscribers who haven't engaged in 6+ months is the slow-burn version of a deliverability problem. There's no obvious failure event, just a steady decline in inbox placement that's hard to attribute.

6Separate transactional and marketing infrastructureHigh

Transactional mail (password resets, order confirmations, security alerts) and marketing mail (newsletters, promotions, drip campaigns) have different deliverability profiles and different consequences when something goes wrong. Mixing them on the same sending domain or IP means a marketing complaint spike can prevent your customer from receiving their password reset email.

What to do:

• Use a dedicated subdomain for marketing mail (e.g., news.example.com) and a separate one for transactional (account.example.com or mail.example.com).
• Configure separate DKIM signing keys per subdomain.
• If you're on a dedicated IP, allocate one to each function. If you're on shared IPs (most senders under 100K monthly volume), the subdomain separation is what matters.
• Monitor reputation per subdomain in Postmaster Tools.

Failure mode: A bad marketing campaign drags transactional reputation down with it, and suddenly your password resets land in spam too.

7Warm new domains and IPs graduallyMedium

A brand new sending domain with no reputation can't suddenly send 50,000 messages and expect them all to reach the inbox. Mailbox providers treat unfamiliar high-volume senders as suspicious by default. Warming establishes a positive sending pattern over 4 to 6 weeks before you ramp to full volume.

What to do:

• Start with your most engaged segment (recent active subscribers who open and click reliably).
• Send small daily volumes (a few hundred messages) and double roughly every 2 to 3 days as long as engagement metrics stay healthy.
• Don't ramp into low-engagement segments during warmup. Save them for after the domain has earned its reputation.
• If complaint or bounce rates spike during warmup, hold volume flat for a week before resuming the ramp.

Failure mode: Cold-starting a new domain at full volume gets it filtered into spam immediately, and recovering takes longer than warming would have taken.

8Monitor with Postmaster Tools and watch the slopeMedium

You can't fix what you don't see. Google Postmaster Tools, the Yahoo Sender Hub, and the Microsoft Smart Network Data Service expose the metrics mailbox providers actually use to make placement decisions. Configuration takes a few hours; the data is invaluable.

What to do:

• Verify your sending domain in Google Postmaster Tools and check spam rate, IP reputation, domain reputation, authentication, and encryption daily.
• Set alerts on month-over-month slope, not just current values. A program running at 0.08 percent complaint rate is healthy; the same program at 0.08 percent climbing 15 percent month-over-month is heading for trouble.
• Track inbox placement per major provider (not just average) so you catch provider-specific problems before they become global.

9Real-time verify at every point of captureMedium

Pre-send list verification (practice #2) catches bad addresses that are already in your database. Real-time verification at signup prevents them from getting in. The two strategies are complementary, not interchangeable.

What to do:

• Wire the real-time email verification API into every signup form, lead form, and checkout that captures an email address.
• Block obviously failed addresses (invalid syntax, dead domains, disposable mailboxes) at submission with a clear error message.
• Surface typo suggestions when the API detects them ("Did you mean gmail.com?").
• For unknown results (catch-all, greylisting), allow the signup but flag the contact for additional verification before adding to active campaigns.

Failure mode: Skipping real-time verification means cleaning up the same problem repeatedly, every quarter, instead of solving it once.

10Send what people actually opted in forMedium

This sounds obvious, but the most common cause of complaint spikes is content drift: someone signed up for a weekly tips newsletter and is now getting daily promotional sends. Honor the original promise, and the complaint rate stays low because subscribers get what they expected.

What to do:

• Use double opt-in for new subscribers. The single confirmation email filters out fake signups and confirms intent.
• Set clear expectations on the signup form: what kind of content, how often.
• Segment by signup source. Subscribers from a contest entry have different intent than subscribers from a long-form blog post.
• If you're going to change frequency or content type significantly, notify subscribers and offer them a way to opt down (not just out).