Skip to content
Resource · Guide

The Cleanify deliverability guide.

Everything we've learned about keeping mail out of the spam folder — authentication, hygiene, reputation, and the numbers that actually matter. Read in 22 minutes, bookmark for the next incident.

Last updatedApril 2026 Read time22 min Chapters8 LevelIntermediate
Chapter 01

What deliverability actually means.

Deliverability is not "did the email send." It's "did the email reach the inbox, on time, with the header your recipient will trust." Those are three different things and you can be winning on one while silently losing the other two.

Every email you send is evaluated by the receiving mailbox provider against three axes: identity (is this really from who it claims?), reputation (do we trust this sender's history?), and content (does this message look like what that sender usually sends?). Failing any one drops you to promotions; failing two sends you to spam; failing three blocks you at the SMTP layer.

Rule of thumb

If your identity is clean and your reputation is healthy, content is forgiving. If either identity or reputation is bad, no amount of A/B-tested subject lines will save you.

Chapter 02

Authentication — SPF, DKIM, DMARC.

These three DNS records are the baseline for "identity." Without them, large providers treat your domain as anonymous and your mail gets the treatment anonymous mail deserves.

Authentication flow · sender to inbox
Sender SPF who's allowed DKIM signed by domain DMARC policy to enforce Identity = SPF pass + DKIM pass + aligned with From domain

SPF · who is allowed to send?

An SPF record lists the IPs and hostnames permitted to send on your domain's behalf. Keep it under 10 DNS lookups. Over that, providers return permerror and your authentication collapses.

DKIM · did the message arrive intact?

A DKIM signature is a cryptographic proof that the headers and body haven't been tampered with since the signing server sent them. Rotate keys annually. Use 2048-bit at minimum.

DMARC · what happens on failure?

DMARC ties SPF and DKIM to the From header and tells receivers what to do when something's off: none (monitor), quarantine (spam), or reject. Start at p=none, read the reports for 30 days, then move to p=quarantine.

Chapter 03

Reputation signals — the scorecard.

Providers weight roughly a dozen signals. The important ones, in rough order:

  • Complaint rate — subscribers hitting "mark as spam." Target under 0.1%.
  • Bounce rate — hard bounces after send. Target under 1%.
  • Engagement — opens, clicks, replies. Rising trend matters more than absolute number.
  • Send-volume consistency — sudden spikes look like spam campaigns. Ramp gradually.
  • Spam trap hits — any hit is bad; a recycled trap hit is catastrophic.
  • Authentication pass rate — close to 100% or you look spoofable.

Watch out

Complaint rate is the single hardest signal to recover from. One campaign with 0.3% complaints can take two months of clean sending to unwind.

Chapter 04

List hygiene — the actual lever.

You can't control Gmail's algorithm. You can control what you send into it. Clean lists are the single highest-leverage action available to most senders.

Three hygiene rules

  • Verify on capture. Every signup runs through the API inline. Disposable and obviously-invalid addresses never reach your ESP.
  • Verify before import. Any list you didn't capture yourself — purchased, event-sourced, re-engaged — gets a bulk pass first.
  • Re-verify every 90 days. Lists decay at roughly 2–3% per month. What was clean in January is medium-dirty by April.
Want to know what bad hygiene is costing you?
Plug your numbers into the bounce calculator.
Open calculator
Chapter 05

Bounce handling.

Bounces come in two flavors — and treating them identically is how most teams dig the hole deeper.

Hard bounces

Permanent failures: mailbox does not exist, domain is dead, explicit reject. Remove from active lists within 24 hours of the bounce. Never re-send.

Soft bounces

Transient failures: mailbox full, server unreachable, greylisted. Retry twice on a backoff (6h, 24h). After a third failure in 30 days, treat as hard.

Chapter 06

Spam traps & feedback loops.

A spam trap is an address that exists only to catch senders with bad practices. Hitting one tells the receiving provider "this sender does not maintain their list." Three kinds:

  • Pristine traps — addresses that were never valid. If you hit one, you scraped or bought your list. Providers weight these heaviest.
  • Recycled traps — addresses that used to be real, were abandoned for 12+ months, and are now turned into traps. Indicates you don't re-verify.
  • Typo traps — e.g. @gmial.com. Catch these at capture with validation, not verification.
Chapter 07

Warming a new sending domain.

If you move to a new domain, ramp your volume over four weeks. Day 1: 50 sends to your most engaged segment. Double every 2–3 days. Watch complaint and bounce metrics at every step.

Warming schedule

Week 1: top 500 engagers. Week 2: top 5,000. Week 3: top 30,000. Week 4: full list. Break the schedule only if complaints stay under 0.05%.

Chapter 08

Incident response.

You're being throttled. Opens have dropped 30% overnight. What you do in the first 48 hours determines how long recovery takes.

  • Stop broadcasting. Pause any campaigns not strictly transactional.
  • Run a verification pass across the segment that triggered the drop.
  • Remove all invalids, suppress all risky, and re-verify accept-all addresses in 14 days.
  • Send only to top engagers (opened or clicked in the last 30 days) for the next 14 days.
  • Monitor DMARC reports and FBL feeds daily during the recovery window.
  • Ramp volume back 25% per week until you hit normal cadence.

Got a deliverability incident right now?

Our engineering-led support team can review your situation in real time.

Talk to support