Email Deliverability

Maximize your email deliverability by properly configuring authentication and following best practices.

What is Deliverability?

Deliverability is the ability to get your emails into recipients’ inboxes rather than spam folders. Three key factors determine deliverability:

1. Authentication - Prove you’re authorized to send from your domain
2. Reputation - Your domain and IP sending history
3. Content - Quality and relevance of your emails

Authentication Protocols

SPF (Sender Policy Framework)

What it does: Specifies which mail servers can send email on behalf of your domain.

How it works:

1. You publish a DNS record listing authorized servers
2. Receiving mail servers check this record
3. If the sending server isn’t authorized, email may be marked as spam

TrackPost SPF Record:

v=spf1 include:amazonses.com ~all

Components explained:

• v=spf1 - SPF version 1
• include:amazonses.com - Allow AWS SES servers to send
• ~all - Soft fail (mark suspicious but don’t reject)

Testing SPF:

# Check your SPF record
dig TXT yourdomain.com | grep spf

# Online tool
# https://mxtoolbox.com/spf.aspx

Common SPF Issues:

Merging Multiple Services:

If using multiple email services:

# Before (separate records - WRONG!)
v=spf1 include:sendgrid.net ~all
v=spf1 include:amazonses.com ~all

# After (merged - CORRECT!)
v=spf1 include:sendgrid.net include:amazonses.com ~all

DKIM (DomainKeys Identified Mail)

What it does: Cryptographically signs emails to verify they weren’t modified and came from your domain.

How it works:

1. AWS SES signs outgoing emails with a private key
2. Public key is published in your DNS
3. Receiving servers verify the signature
4. If valid, email passes DKIM check

DKIM Records:

TrackPost provides two DKIM selectors:

Name: selector1._domainkey.yourdomain.com
Value: [long public key]

Name: selector2._domainkey.yourdomain.com  
Value: [long public key]

Testing DKIM:

1. Send a test email to yourself
2. View email headers
3. Look for:

DKIM-Signature: v=1; a=rsa-sha256; d=yourdomain.com; ...
Authentication-Results: dkim=pass

DKIM Key Rotation:

AWS automatically rotates DKIM keys. You’ll have two selectors active at any time for seamless rotation.

DMARC (Domain-based Message Authentication)

What it does: Tells email providers what to do when SPF or DKIM checks fail, and provides reporting.

DMARC Policies:

Basic DMARC Record:

Name: _dmarc.yourdomain.com
Value: v=DMARC1; p=none; rua=mailto:[email protected]

Advanced DMARC (with reporting):

v=DMARC1; 
p=quarantine; 
rua=mailto:[email protected]; 
ruf=mailto:[email protected]; 
fo=1; 
adkim=r; 
aspf=r; 
pct=100

DMARC Components:

DMARC Graduation Strategy:

Week 1-4:   p=none    (monitor only)
Week 5-8:   p=none; pct=10   (test with 10% of emails)
Week 9-12:  p=quarantine; pct=10   (quarantine 10%)
Week 13-16: p=quarantine; pct=50   (quarantine 50%)
Week 17+:   p=quarantine; pct=100  (full quarantine)
Month 6+:   p=reject   (if confident)

Testing Authentication

Method 1: Email Headers

Send yourself an email and check headers:

Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of ... designates ... as permitted sender)
       dkim=pass [email protected]
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=yourdomain.com

Look for:

• spf=pass
• dkim=pass
• dmarc=pass

Method 2: Online Tools

Method 3: Command Line

# Check SPF
dig TXT yourdomain.com | grep spf

# Check DKIM
dig TXT selector1._domainkey.yourdomain.com

# Check DMARC
dig TXT _dmarc.yourdomain.com

Reputation Management

What Affects Reputation

Positive Factors:

• Low bounce rates (< 2%)
• Low complaint rates (< 0.1%)
• High engagement (opens, clicks)
• Consistent sending volume
• Authentication (SPF, DKIM, DMARC)

Negative Factors:

• High bounce rates
• High complaint/spam rates
• Sending to purchased lists
• Sudden volume spikes
• Lack of authentication
• Spammy content

Monitoring Your Reputation

AWS SES Reputation Dashboard:

1. Log in to AWS SES Console
2. Go to Reputation metrics
3. Monitor:
   • Bounce rate
   • Complaint rate
   • Reputation status

TrackPost Dashboard:

• Go to Analytics in your dashboard
• View bounce and complaint rates
• Monitor open/click rates

Reputation Tiers

Content Best Practices

Email Structure

✅ Do:

• Use clear, descriptive subject lines
• Include both HTML and plain text versions
• Keep HTML clean and valid
• Use recognizable “from” names
• Include clear unsubscribe links

❌ Don’t:

• Use all caps or excessive punctuation!!!
• Include too many images vs. text
• Hide unsubscribe links
• Use URL shorteners
• Include suspicious attachments

Subject Lines

✅ Good Examples:

• “Your order #12345 has shipped”
• “Welcome to Acme Inc - Confirm your email”
• “Password reset request”

❌ Bad Examples:

• “CONGRATULATIONS YOU WON!!!”
• “Act now!!! Limited time!!!”
• “Re: Re: Fwd: Important”

HTML Guidelines

1. Text-to-Image Ratio: At least 60% text
2. Alt Text: Always include alt text for images
3. Responsive: Use mobile-friendly templates
4. Size: Keep emails under 102KB
5. Links: Use full URLs, not shortened links

IP and Domain Warming

What is Warming?

Gradually increasing email volume to build reputation with ISPs.

Warming Schedule

Warming Best Practices:

1. Start with your most engaged subscribers
2. Send consistently (same time/day)
3. Monitor bounce/complaint rates closely
4. Don’t exceed 20% daily volume increase
5. Pause if bounce rate exceeds 5%

List Management

List Hygiene

Remove addresses that:

• Bounce repeatedly (hard bounces)
• Mark as spam (complaints)
• Haven’t engaged in 6+ months
• Are role accounts (noreply@, admin@) without permission

Verification:

• Use double opt-in for signups
• Verify email format before adding
• Consider email verification services for bulk imports

Suppression Lists

TrackPost automatically suppresses:

• Hard bounces
• Spam complaints
• Unsubscribes

View suppressed addresses:

• Dashboard → Suppression List
• Or via API: GET /suppressions

Troubleshooting Deliverability Issues

Emails Going to Spam

Checklist:

1. ✅ SPF record published and valid
2. ✅ DKIM enabled and working
3. ✅ DMARC policy set
4. ✅ Domain reputation good
5. ✅ Content not spammy
6. ✅ Sending IP not blacklisted

Tools to diagnose:

• Mail Tester - Score your email
• Google Postmaster Tools - Gmail-specific data
• Microsoft SNDS - Outlook/Hotmail data

High Bounce Rates

Causes:

• Invalid email addresses
• Full mailboxes
• Blocked by recipient server
• Greylisting (temporary rejection)

Solutions:

• Verify addresses before sending
• Implement double opt-in
• Check blocklists for your IP/domain
• Handle soft bounces with retry logic

Blacklisting

Check if blacklisted:

• MXToolbox Blacklist Check
• MultiRBL

If blacklisted:

1. Identify the cause (complaints, bad lists, etc.)
2. Fix the underlying issue
3. Request delisting from the blacklist
4. Monitor closely going forward

Best Practices Summary

Technical Setup

• SPF record configured
• DKIM enabled
• DMARC policy implemented (start with p=none)
• Custom domain (not @gmail.com, @yahoo.com)
• Proper reverse DNS (PTR) records

List Management

• Double opt-in enabled
• Regular list cleaning
• Suppression management
• No purchased lists

Sending Practices

• Consistent sending schedule
• Gradual volume increases
• Monitor bounce/complaint rates
• Segment by engagement level
• Personalize content

Monitoring

• Check reputation dashboard weekly
• Review DMARC reports monthly
• Monitor deliverability metrics
• Set up alerts for issues

Next Steps

• Test Your Setup - Send test emails and check authentication
• Setup Webhooks - Monitor bounces and complaints in real-time
• Create Templates - Build professional, mobile-friendly emails
• Review Troubleshooting - Common issues and solutions

Resources

• AWS SES Deliverability Guidelines
• Google Sender Guidelines
• Yahoo Deliverability Best Practices
• DMARC.org - DMARC resources