Email Deliverability Checklist for Developers
A practical checklist to ensure your transactional emails actually reach the inbox. Authentication, content, infrastructure, warmup, and monitoring — everything you need.
Email deliverability is the ability to get your emails into the inbox, not spam. The minimum requirement: set up SPF, DKIM, and DMARC on your sending domain. Without authentication, most providers will filter your emails regardless of content quality.
This checklist covers everything a developer needs — authentication, infrastructure, content, warmup, and monitoring.
The essentials:
- Set up SPF, DKIM, DMARC (non-negotiable)
- Send from a subdomain
- Include plain text + List-Unsubscribe header
- Handle bounces automatically
- Monitor bounce rate (<2%) and complaint rate (<0.1%)
Authentication (Non-Negotiable)
Email authentication tells inbox providers you're legit. Without it, you're basically anonymous mail.
Need a deeper explanation? Read DKIM, SPF, and DMARC Explained Simply.
SPF (Sender Policy Framework)
SPF tells receivers which servers can send email for your domain.
v=spf1 include:sendpigeon.com ~all
Add this TXT record to your domain's DNS. Replace with your actual email provider's include statement.
Check: Use our free deliverability checker or MXToolbox to verify.
DKIM (DomainKeys Identified Mail)
DKIM adds a cryptographic signature to your emails, proving they weren't tampered with.
Your email provider gives you a public key to add as a DNS record:
sendpigeon._domainkey.yourdomain.com TXT "v=DKIM1; k=rsa; p=MIGfMA0G..."
Check: Send a test email and inspect headers for dkim=pass.
DMARC (Domain-based Message Authentication)
DMARC tells receivers what to do when SPF/DKIM fail. Start with monitoring:
v=DMARC1; p=none; rua=mailto:dmarc@yourdomain.com
Once you're confident, move to p=quarantine or p=reject.
Infrastructure
Use Subdomains for Email
Send from mail.yourdomain.com or notifications.yourdomain.com, not your root domain. This isolates email reputation from your main domain.
If your marketing emails get flagged, your transactional emails from a different subdomain stay unaffected.
Set Up Proper PTR Records
Your sending IP should have a reverse DNS (PTR) record that matches your sending domain. Most email providers handle this, but verify.
Dedicated IP (Maybe)
Shared IPs are fine for low volume. But if you're sending 50k+ emails/month, a dedicated IP gives you full control over reputation.
The catch: you need to warm it up gradually. Don't blast 100k emails day one.
Content Best Practices
Keep it Simple
- Plain text alternative for every HTML email
- No URL shorteners (they look spammy)
- Minimal images, especially in transactional email
- Avoid spam trigger words ("FREE!!!", "Act Now")
Include Required Headers
From: YourApp <notifications@mail.yourapp.com>
Reply-To: support@yourapp.com
List-Unsubscribe: <mailto:unsubscribe@yourapp.com>
Even transactional emails benefit from a List-Unsubscribe header. Gmail shows an unsubscribe button for emails with this header.
Test Before Sending
Send test emails to:
- Gmail (personal)
- Outlook/Hotmail
- Yahoo
- Your work email
Check if they land in inbox or spam. Check how they render.
Monitoring
Watch Your Metrics
| Metric | Target | Why it matters |
|---|---|---|
| Bounce rate | <2% | Hard bounces hurt reputation |
| Complaint rate | <0.1% | Complaints are reputation killers |
| Open rate | Consistent | Sudden drops indicate deliverability issues |
Handle Bounces Immediately
| Type | Action |
|---|---|
| Hard bounce (invalid address) | Remove from list immediately |
| Soft bounce (temporary) | Retry 2-3 times, then remove |
| Complaint | Never email that address again |
Set Up Feedback Loops
Register with major ISPs to receive complaint notifications:
Quick Checklist
Use our free deliverability checker to instantly verify SPF, DKIM, and DMARC for any domain.
| Item | Status |
|---|---|
| SPF record configured | ☐ |
| DKIM signing enabled | ☐ |
| DMARC policy set (start with p=none) | ☐ |
| Sending from subdomain | ☐ |
| PTR record matches sending domain | ☐ |
| Plain text alternative included | ☐ |
| List-Unsubscribe header present | ☐ |
| Bounce handling automated | ☐ |
| Complaint handling automated | ☐ |
| Monitoring dashboards set up | ☐ |
Domain Warmup
New domains and IPs have no reputation. ISPs are suspicious of new senders — high volume on day one looks like spam.
| Period | Daily volume | Notes |
|---|---|---|
| Days 1-3 | 50-100 | Send to your most engaged users first |
| Days 4-7 | 200-500 | Monitor bounce rate closely |
| Week 2 | 500-1,000 | Check Google Postmaster Tools |
| Week 3 | 1,000-5,000 | Ramp up if metrics are healthy |
| Week 4+ | Full volume | Continue monitoring |
Start with users who are most likely to open and engage — this builds positive signals with ISPs.
For a detailed warmup guide, see How to Warm Up an Email Domain.
Common Mistakes
Sending from your root domain — Use a subdomain like mail.yourapp.com. If email reputation drops, your root domain stays clean.
Ignoring bounces — Every hard bounce you keep sending to hurts your reputation. Suppress them immediately.
No plain text alternative — HTML-only emails are a spam signal. Always include a plain text version.
Using URL shorteners — bit.ly and similar services are heavily abused by spammers. Use full URLs.
Sending to old lists — Addresses that haven't engaged in 6+ months may have been converted to spam traps. Clean your list regularly.
Skipping warmup — A new domain sending 10,000 emails on day one will get throttled or blocked. Ramp up gradually.
FAQ
What is email deliverability?
Email deliverability is the ability to get your emails into the recipient's inbox rather than spam or junk folders. It depends on authentication (SPF, DKIM, DMARC), sender reputation, content quality, and infrastructure.
What is a good email deliverability rate?
A good deliverability rate is 95% or higher. Your bounce rate should be below 2% and complaint rate below 0.1%. If you're below these thresholds, check authentication and list hygiene first.
How do I check my email deliverability?
Check authentication with our deliverability checker (SPF, DKIM, DMARC), monitor bounce and complaint rates in your email provider's dashboard, and use Google Postmaster Tools to see your domain reputation with Gmail.
Why are my emails going to spam even with SPF and DKIM?
Authentication is necessary but not sufficient. Common causes: new domain without warmup, high bounce rate, spam complaints above 0.1%, content triggers (URL shorteners, all caps), or sending from a shared IP with poor reputation. See Why Are My Emails Going to Spam? for a full diagnostic guide.
Do transactional emails need List-Unsubscribe headers?
It's strongly recommended. Gmail shows an unsubscribe button for emails with this header, and its presence signals legitimacy to spam filters — even for transactional emails.
The Reality
Perfect authentication won't guarantee inbox placement. ISPs use hundreds of signals. But missing authentication almost guarantees spam placement.
Get the basics right, monitor your metrics, and iterate. Deliverability is an ongoing process, not a one-time setup.
Next Steps
- Need help with authentication? Check our step-by-step setup guide or use our email authentication checker
- Understand MX records: MX Record Priority Explained — how mail routing works
- Validate your domain: How to Check if an Email Domain Is Valid
- Ready to send? Follow our Next.js email guide or browse all framework guides
- Need email HTML? Browse our email templates for ready-to-use code
- Testing first? Set up an email sandbox so you don't accidentally email real users
- Comparing providers? See SendPigeon vs Resend, vs Mailtrap, vs Amazon SES