Email Deliverability Guides

What is SPF?

SPF is an email authentication method that specifies which mail servers are authorized to send emails on behalf of your domain. It helps prevent email spoofing and phishing attacks.

How to set up SPF

Add a TXT record to your DNS with the following format:

v=spf1 include:_spf.google.com ~all

Common SPF mechanisms

• ip4: - Authorize specific IPv4 addresses (e.g., ip4:192.0.2.0/24)
• include: - Include SPF records from another domain (e.g., include:_spf.google.com)
• mx: - Authorize mail servers listed in MX records
• a: - Authorize IP addresses in A records
• ~all: - Soft fail (recommended for testing)
• -all: - Hard fail (strict policy)

Important limitations

SPF has a limit of 10 DNS lookups. Exceeding this limit will cause SPF to fail. Use our checker to verify your SPF record stays within limits.

What is DKIM?

DKIM adds a digital signature to your emails, allowing receiving servers to verify that the email was genuinely sent by your domain and was not altered in transit.

How DKIM works

Your mail server signs outgoing emails with a private key. Recipients verify the signature using a public key published in your DNS records.

Setting up DKIM

• Generate a DKIM key pair (private and public keys) through your email service provider
• Add the public key as a TXT record in your DNS (usually at selector._domainkey.yourdomain.com)
• Configure your mail server to sign outgoing emails with the private key
• Test your DKIM setup by sending an email and checking headers

Common DKIM selectors

Email providers use different selectors:

• Google Workspace: google._domainkey
• Microsoft 365: selector1._domainkey and selector2._domainkey
• SendGrid: s1._domainkey and s2._domainkey
• Mailchimp: k1._domainkey

What is DMARC?

DMARC builds on SPF and DKIM by telling receiving servers what to do with emails that fail authentication checks. It also provides reporting on email authentication results.

DMARC policies

• none: Monitor only - no action taken on failed emails (good for testing)
• quarantine: Move failed emails to spam/junk folder
• reject: Reject failed emails entirely (strictest policy)

Example DMARC record

v=DMARC1; p=quarantine; rua=mailto:dmarc@yourdomain.com; ruf=mailto:forensic@yourdomain.com; fo=1

DMARC tags explained

• v: Protocol version (always DMARC1)
• p: Policy for domain (none, quarantine, or reject)
• rua: Email address for aggregate reports
• ruf: Email address for forensic reports
• fo: Forensic reporting options (0=all fail, 1=any fail)
• pct: Percentage of emails to apply policy to (default: 100)

Recommended implementation

Start with p=none to monitor, then gradually move to p=quarantine and finally p=reject once you are confident in your setup.

What are blacklists?

Email blacklists (RBLs - Real-time Blackhole Lists) are databases of IP addresses and domains that are known to send spam or malicious emails. Being listed can severely impact your deliverability.

Major blacklist providers

• Spamhaus: Most widely used blacklist
• SpamCop: Community-driven spam reporting
• Barracuda: Enterprise email security
• SORBS: Various spam and abuse categories

How to avoid blacklists

• Never purchase email lists - only email people who opted in
• Implement double opt-in for subscriptions
• Include clear unsubscribe links in all emails
• Monitor bounce rates and remove invalid addresses
• Use authenticated email (SPF, DKIM, DMARC)
• Avoid spam trigger words in subject lines
• Maintain consistent sending patterns

If you get blacklisted

• Identify the cause - check recent email campaigns
• Fix the underlying issue (compromised account, spam complaints, etc.)
• Request removal from the blacklist (each has its own process)
• Monitor your listing status regularly

How we calculate your score

Your deliverability score is calculated based on multiple factors:

• SPF validation (20 points): Correct SPF record within DNS lookup limit
• DKIM validation (20 points): Valid DKIM signatures found
• DMARC policy (20 points): DMARC record with appropriate policy
• Blacklist status (15 points): Not listed on major blacklists
• Additional checks (25 points): PTR record, MX records, domain age

Score grades

• A (90-100): Excellent - Optimal deliverability
• B (75-89): Good - Minor improvements possible
• C (60-74): Fair - Some issues to address
• D (40-59): Poor - Significant issues affecting deliverability
• F (<40): Critical - Major deliverability problems

Quick wins for better scores

• Set up SPF, DKIM, and DMARC if missing
• Fix SPF records exceeding 10 DNS lookups
• Ensure DKIM signatures are valid
• Upgrade DMARC policy from "none" to "quarantine" or "reject"
• Check blacklist status and request removal if listed
• Verify your domain has valid MX and PTR records

Authentication

• Implement all three authentication methods: SPF, DKIM, and DMARC
• Use DMARC policy of "quarantine" or "reject" for maximum protection
• Rotate DKIM keys annually for security
• Monitor DMARC reports to identify authentication issues

List management

• Use double opt-in for new subscribers
• Make unsubscribe process easy and honor requests immediately
• Remove hard bounces immediately
• Re-engage inactive subscribers or remove them
• Segment your lists and personalize content

Content quality

• Avoid spam trigger words (FREE, URGENT, WINNER, etc.)
• Maintain good text-to-image ratio
• Use proper HTML formatting
• Include both HTML and plain text versions
• Test emails before sending to large lists

Sending patterns

• Warm up new IP addresses gradually
• Maintain consistent sending volume
• Avoid sudden spikes in email volume
• Use dedicated IPs for high-volume sending
• Monitor engagement rates (opens, clicks)

Monitoring

• Check deliverability scores regularly
• Monitor blacklist status weekly
• Track bounce and complaint rates
• Review DMARC reports monthly
• Set up alerts for sudden deliverability drops