The Deliverability Keystone and It’s 4 Legs


What determines your deliverability performance? I’ve seen a bunch of different images trying to explain this visually, each with their own pillars or cornerstones. None of them are wrong, but they can get too into the weeds.

I argue that what determines your deliverability can be simplified and anchored into one keystone: SPAM. Or shall I say the anti-spam and the fight against it: from how to identify it to how to prevent it. Chad White’s, “The Fifth Age of Email Deliverability” and Al Iverson’s, “The Evolution of Spam Filters” touch on this in how mailbox providers are evolving their filtering techniques to better fight spam, the unwanted mail - sometimes malicious, sometimes not, but always annoying.

That keystone is supported by 4 key legs. And although I could turn this into a centipede’s worth of legs, my focus is not only on the factors mailbox providers use, but marketers should as well to ensure your mail passes the keystone sniff test of “is this spam or just lightly salted ham?”

Note: Jennifer will be leading a discussion on this blog post during the OI-members-only Live Zoom on Thursday, August 17, 2023. OI members -- see you there!

Not a member? Join today -- or reach out to Jeanne, our general manager, to learn more. 

Leg 1: Technical Setup

Putting aside what the most optimized setup should be for your program (Shared IP VS Dedicated IP, etc.), what should occur for all senders is a setup and a system that follows RFC guidelines (the standards to guide users on how to send email so that it can operate with any machine worldwide.) AND one that can best identify your streams.

Gmail is at least one provider that is clamping down on mail received that doesn’t follow RFC guidelines. Guidelines such as the correct number of characters per line, making sure the return-path does not have a friendly name and its local portion is within 64 characters, repeated header lines, etc. And if you don’t meet these guidelines, it’s not just spam folder placement for you, but a full blown rejection (a.k.a. bounce, NDR, see ya later!)

Why? Because the bad guys test every iteration of what they can do with mail in hopes they can find a way “in.” They are acutely aware of what they can and can’t do technically. Breaking or following the rules doesn’t matter so long as they get it to work because it makes them money.

Email isn’t perfect. There are a lot of imperfect system setups out there sending legitimate email. Mailbox Providers understand this and see this coming in. Do they weigh it? Likely. But it’s not likely a big factor in decisioning.

With that in mind, bad actors try to bend the RFC rules until they find a soft spot that allows their mail to slip through the cracks. But the AI and ML have gotten smarter. And it is catching up to these actions. It’s why some mail seemingly successful today will often have to use a new setup tomorrow. It’s a game of whack-a-mole, but without the prize..

Now that email has been around the block, as they say, there really is no reason to NOT follow the RFCs, especially if you want to send mail and be identified.

Which brings us to identity. Branded authentication is becoming more and more important to deliverability. Branded authentication is the use of your domain in the Return-Path address to check SPF and/or using your domain to sign the DKIM signature.

This not only builds additional reputation signals for your domain and ties the message to your domain (so to speak), but by using your domain you are creating an alignment with your ‘from address.’ Even without a DMARC record, domain alignment is foundational to DMARC. If you had to focus on one authentication method, focus on DKIM because SPF can be easily broken and easier to abuse (check out how it led to BIMI abuse in Gmail to see why).

Adding your domain to authentication helps mailbox providers better identify the mail you are authorizing. If you use a shared domain and someone does something unsavory, unfortunately, you may reap the consequences of another’s actions.

Keep in mind, bad actors authenticate too. Which is why branded authentication isn’t a magical formula, but if you are a good sender, the data I’ve seen shows that it can help improve deliverability.

So what do you need to do? Check your email headers, to make sure you are authenticating with your domain. And run your email through some spam testing or email testing tools to point out any obvious issues with your system setup. You can even go as far as running a full-blown audit. Point being, if your system or your provider has gaps, now is the time to close them or find another provider.

Leg 2: Legality

There are a number of laws out there. Some email specific and a little lackluster (cough, CAN-SPAM, cough). Some focus on data processing and privacy which means you need to take certain steps before you can send to an email address.

Following the law is the bare minimum to avoid fines, but it’s not enough to avoid the spam folder. Is it legal to send using small font? Well, it’s not illegal, but mailbox providers know that small fonts can make it difficult to find the unsubscribe or contact information so tiny fonts or hidden fonts can factor into a message’s weight on the spam/not spam scale.

Dark patterns are a big problem as they can be used abusively by really nasty entities to deceive and trick a customer into a phishing or extortion scheme. But bad actors aren’t the only ones that do this.

Amazon was recently sued by the FTC for purportedly ‘trapping’ customers into recurring subscriptions. If your email designs, collection practices, etc. are trying to manipulate an end user into taking an action that is more beneficial to you than them, you are likely moving into the dark patterns territory.

Similarly, when thinking about the laws regarding consent, the bare minimum is not enough. How long does that consent last and how strong is it? GDPR and CASL have some guidelines around data retention and how long implied consent lasts for, but within those bounds, one could still find an overzealous use of someone’s email.

Kate Harding wrote about her perspective on consent and how you shouldn’t just want the bare minimum consent, but enthusiastic consent. Although you may be sending bulk mail, your message is still being received by an individual (1:1). You are entering your customer’s personal space when you email them.

And email isn’t consumed in public, in the middle of Times Square where ads smack you in the face with delight, but on a personal mobile device, in bed, at home with kids. With that in mind, I would venture to say that as you mail, your goal should be to regain consent each time you mail. Not with a formal, “Do you continue to give us consent to email you?,” but mailing and targeting with the intent to elicit a response that can tell you, in its best way possible, that the customer wants your mail.

Your audience should not only want your mail, expect your mail, look for your mail, but also your mail should also meet their expectations, and make it easy to engage. All this so that they can and will engage, giving you more signals that they are renewing interest in your mail. But that may not last forever, so you also need to make it easy to unsubscribe.

Bad actors know what they can and can’t do legally and they don’t care. As stated above, it makes them money. So the more you look like the bad actors with your content that either brushes the line of dark patterns or flat out erases it, the more you will likely feel the ramifications that could get you into the spam folder, or worse, in the crosshairs of massive fines.

So what do you need to do? Take a good look at your list and find out who you know is ‘really that into you.’ Then take the rest and do some analysis of what they bring to your program. What other signals do you want from them? How can you determine if they are still valuable? Can you find a way to save the relationship? Have you tried to reengage? And then determine when you can let them go. And finally, revisit your onboarding stream and the expectations set. As you go through it, are you getting what you signed up for? Is it too much, not enough? Is the content relevant? Are there times where it may no longer be relevant, and can you measure that or make it easy for someone to leave?

If you are too familiar with your program, ask a friend.

Leg 3: Customer

Consent is the starting point when thinking about your customer as the third, and often the most influential leg of deliverability. Consent is a factor of many things beginning with why they are giving you their email at the start, why they would allow you to keep it, what they are getting from you (as much as what you are getting from them), and if you are still relevant.

What happens when your messaging crosses the threshold of annoying where the noise becomes too loud and needs to stop? Even if you were wanted, that doesn’t mean you are needed. Does that sentiment change the propensity for someone to want to be removed? 

What if you become a need? How does that change how your customers interact with your messages? 

What drives perpetual consent is different for everyone? What drives it for your business?

The actions of customers tell a big story, especially when those actions are repeated by others. And that is a big factor for mailbox providers to separate wanted mail from unwanted mail. 

Being able to spot this before a deliverability problem occurs will save you money. This doesn’t mean you have to dramatically change your program, but if you can’t spot this today, you need a plan to be able to uncover this.

So what do you need to do? Start small with testing. Understand the questions you want answers to and develop a plan to find them. You may not get those answers in a day, week, or even a month. Some test for years before they are confident about their email program and automations.

Questions to consider:

  • Do you need a new template to make the experience with your email more enjoyable, easier to read and interact with, etc.?
  • What drives your customer?
  • What is a typical day for your customer, where do they read email, how often, and when do they want to look at promotional mail versus transactional versus newsletter, etc.?
  • When they are shopping, who are they shopping for? Is this seasonal?
  • Do readers of newsletters want it all in one email or are they good with highlights and links to articles?
  • Do they care about the products or just the coupons?
  • Do loyalty rewards matter?

Leg 4: Time

Good deliverability is not a guarantee when you start mailing. It’s why warming is essential to a new program setup. It’s also why a brand-new program or domain without any blemishes is not a solution for a program struggling to get delivered to the inbox.

Deliverability, or in this context reputation, starts at zero and has to be earned. Spammers love to spin up new domains so that reputation and activity is hard to track. It’s one reason why your brand-new domain can be listed on a domain blocklist before you even start. New domains could have been owned by a bad actor or the new domain could just look like a bad actor if it immediately starts mailing without being in existence for at least 30 or more days.

Time is a big factor for mailbox providers and senders. Time reveals if your issue is lasting or temporary. Time tells filters if a sender had an “oppsy” moment or is consistently behaving in a way that is undesirable. Time finds trends and identifies behaviors that are different than predicted.

The history of a sender tells a filter a lot about them. History tends to repeat itself, so a good sender often doesn’t see the impacts of a “risky” send as obviously as one that does that more often. MBP will expect things will be corrected. But when that history doesn’t happen, the filters are there to course correct. And when they do, depending on the severity and length, you may need even more time to “right the ship,” an often-costly exercise.

What does this mean for marketing, best practices aren’t a one and done thing. They are ongoing. They are evergreen, but also flexible. Give yourself the time to build something great. And know that one step in the wrong direction won’t get you lost, but too many will.


Like a four-legged stool, take away one leg and it becomes wobbly at best and at worst, a precarious piece of furniture waiting to crash the moment you touch it. As you review your program, make sure your four legs are in place.

  1. Technical Setup: Anyone’s system can look legitimate, but if it doesn’t, it’s a warning sign so make sure your provider is doing it right. Run a quick audit of your system.
  2. Legality: Using the “It’s legal” excuse is about as “good” as saying “They didn’t say, ‘No’”. Because you know what, they didn’t say, “Yes” either. Don’t toe the line of the bare minimum. Deception will only get you so far.
  3. Customer: “Watch what they do more than what they say.” Pay attention to your customer and how they are interacting with you, or not interacting. Not just because mailbox providers are, but because it will make you a better marketer.
  4. Time: “Time will tell.” History is a good indicator of the future. Good reputation is fleeting in a moment, but is lasting when repeated. It must be maintained over time and if it’s not, it can expire.

shashi chaturvedula EyklrWNBxSM unsplash 600Photo by Shashi Chaturvedula on Unsplash