Back to blog
DeliverabilityDeveloper Guide

Email Deliverability Checklist for Developers

A practical checklist to ensure your transactional emails actually reach the inbox. Authentication, content, infrastructure—everything you need.

SendPigeon TeamDecember 5, 20253 min read

You built the feature. You integrated the email API. But emails are landing in spam. Here's a no-nonsense checklist to fix that.

Authentication (Non-Negotiable)

Email authentication tells inbox providers you're legit. Without it, you're basically anonymous mail.

SPF (Sender Policy Framework)

SPF tells receivers which servers can send email for your domain.

v=spf1 include:sendpigeon.com ~all

Add this TXT record to your domain's DNS. Replace with your actual email provider's include statement.

Check: Use MXToolbox to verify.

DKIM (DomainKeys Identified Mail)

DKIM adds a cryptographic signature to your emails, proving they weren't tampered with.

Your email provider gives you a public key to add as a DNS record. It looks like:

sendpigeon._domainkey.yourdomain.com TXT "v=DKIM1; k=rsa; p=MIGfMA0G..."

Check: Send a test email and inspect headers for dkim=pass.

DMARC (Domain-based Message Authentication)

DMARC tells receivers what to do when SPF/DKIM fail. Start with monitoring:

v=DMARC1; p=none; rua=mailto:dmarc@yourdomain.com

Once you're confident, move to p=quarantine or p=reject.

Infrastructure

Use a Dedicated IP (Maybe)

Shared IPs are fine for low volume. But if you're sending 50k+ emails/month, a dedicated IP gives you full control over reputation.

The catch: you need to warm it up gradually. Don't blast 100k emails day one.

Set Up Proper PTR Records

Your sending IP should have a reverse DNS (PTR) record that matches your sending domain. Most email providers handle this, but verify.

Use Subdomains for Email

Send from mail.yourdomain.com or notifications.yourdomain.com, not your root domain. This isolates email reputation from your main domain.

Content Best Practices

Keep it Simple

  • Plain text alternative for every HTML email
  • No URL shorteners (they look spammy)
  • Minimal images, especially in transactional email
  • Avoid spam trigger words ("FREE!!!", "Act Now")

Include Required Headers

From: YourApp <notifications@mail.yourapp.com>
Reply-To: support@yourapp.com
List-Unsubscribe: <mailto:unsubscribe@yourapp.com>

Even transactional emails benefit from a List-Unsubscribe header.

Test Before Sending

Send test emails to:

  • Gmail (personal)
  • Outlook/Hotmail
  • Yahoo
  • Your work email

Check if they land in inbox or spam. Check how they render.

Monitoring

Watch Your Metrics

  • Bounce rate: Should be under 2%. Hard bounces hurt reputation.
  • Complaint rate: Should be under 0.1%. Complaints are killer.
  • Open rate: Sudden drops indicate deliverability issues.

Handle Bounces Immediately

  • Hard bounce (invalid address): Remove from list immediately
  • Soft bounce (temporary): Retry 2-3 times, then remove
  • Complaints: Never email that address again

Set Up Feedback Loops

Register with major ISPs to receive complaint notifications:

Quick Checklist

[ ] SPF record configured
[ ] DKIM signing enabled
[ ] DMARC policy set (start with p=none)
[ ] Sending from subdomain
[ ] PTR record matches sending domain
[ ] Plain text alternative included
[ ] List-Unsubscribe header present
[ ] Bounce handling automated
[ ] Complaint handling automated
[ ] Monitoring dashboards set up

The Reality

Perfect authentication won't guarantee inbox placement. ISPs use hundreds of signals. But missing authentication almost guarantees spam placement.

Get the basics right, monitor your metrics, and iterate. Deliverability is an ongoing process, not a one-time setup.