Resources
Email Deliverability Best Practices
Email deliverability is whether the messages you send reach the inbox instead of spam or a silent block. Four levers move it more than anything else: authentication, list quality and consent, engagement, and the reputation of the domain and IP you send from. Get those right and most mail lands; get them wrong and no subject-line trick will save you.
This guide covers the levers in order of impact, gives you a copy-ready checklist, and links to deeper resources. It is written for product, lifecycle, and transactional email from software, not cold outreach, which is a different game with different rules.
Deliverability vs. inbox placement
People use “deliverability” to mean two different things, and conflating them hides the metric that matters.
Delivery rate is whether the receiving server accepted the message, meaning it did not bounce. You can hit 99% delivery and still have a problem.
Inbox placement is whether the accepted message landed in the inbox versus spam, Promotions, or a quiet quarantine the recipient never checks.
The gap between the two is where money leaks. Validity’s 2025 benchmark put global average inbox placement at 83.5%, meaning roughly one in six legitimate marketing emails never reaches the inbox, and Microsoft mailboxes ran hardest at 75.6%. A delivered email that sits in spam is, for practical purposes, not delivered. Track inbox placement, not just delivery.
Email authentication: SPF, DKIM, DMARC, BIMI
Authentication is how a receiving server decides your mail is really from you and not a spoof. Since the February 2024 Gmail and Yahoo bulk-sender rules, anyone sending 5,000 or more messages a day to their users must pass SPF or DKIM, publish a DMARC policy, and align it. Treat all of it as table stakes regardless of volume.
SPF (Sender Policy Framework). A DNS record listing which servers may send mail for your domain. The receiver checks the sending server against that list.
DKIM (DomainKeys Identified Mail). A cryptographic signature on each message. The receiver verifies it against a public key in your DNS, proving the message was not tampered with and genuinely came from your domain.
DMARC. A policy telling receivers what to do when SPF or DKIM fails (none, quarantine, or reject), plus alignment: the domain that passes must match the visible From domain. This is the piece most senders miss, and it is now mandatory at scale.
BIMI. Optional, and it does not improve placement on its own. It shows your verified logo in supporting clients but requires an enforced DMARC policy first. Do it last.
Setup, in order: pick a dedicated sending subdomain (like mail.yourcompany.com) so sending never risks your root domain; publish SPF; enable DKIM; publish DMARC starting at p=none with a reporting address, then tighten to quarantine and eventually reject once reports confirm your legitimate mail aligns; confirm a custom return-path so SPF aligns; verify with a checker after every DNS change; add BIMI last.
If you send through Loops, this is largely filled in for you. Loops generates the exact SPF, DKIM, and MX records for your sending domain, places its SPF record at an envelope. subdomain so it will not collide with an existing one, and you copy them into your registrar once and click verify. See the sending-domain guide for the step-by-step.
Sender reputation and warming
Mailbox providers keep a running score of how trustworthy your IP and sending domain are, built from how recipients react over time. Complaints, spam-trap hits, and dead addresses drag it down; consistent opens, replies, and low complaints build it up. Once authentication is in place, reputation is the single biggest factor, and it is earned, not configured.
Warming. A brand-new IP or domain has no reputation, so providers throttle it and watch. Ramp volume gradually, sending to your most engaged contacts first, so you build a positive track record before you mail the whole list. A practical move many software senders miss: send every new signup a welcome email through an automated workflow. It produces a steady stream of high-engagement sends that signal real, wanted mail and steady your reputation.
Dedicated vs. shared IPs. A dedicated IP only helps if you send enough consistent volume to keep it warm, think tens of thousands per week. Below that, a well-run shared pool usually delivers better because the aggregate volume keeps the reputation healthy. Do not ask for a dedicated IP by default.
List hygiene and consent
The fastest way to wreck deliverability is to mail people who did not ask, or who stopped caring. Providers read low engagement and complaints as a signal that your mail is unwanted, and they apply that judgment to everyone on your list, not just the unhappy few.
Consent. Only send to people who explicitly opted in. Purchased lists, scraped addresses, and “they are a customer so they will not mind” are how good domains go bad.
Double opt-in. Subscribe people only after they click a confirmation email. It costs a few signups but filters out typos, bots, and spam traps before they touch your reputation.
Sunset policies. Stop mailing contacts who have not engaged in a defined window, commonly 90 to 180 days, so chronic non-openers stop dragging down your sender score.
Bounce and complaint handling. Remove hard bounces immediately and suppress anyone who marks you as spam. Keep your complaint rate below 0.3% (Gmail’s hard ceiling; aim for under 0.1%).
Engagement signals and content
Once you are authenticated and mailing a clean list, engagement is what providers watch. Opens, clicks, replies, and move-to-inbox actions teach Gmail and friends that your mail is wanted. Deletes without reading, mark-as-spam, and dead silence teach them the opposite.
Relevance over volume. Segment so each message is worth opening. The right email to the right person beats one more blast to everyone.
A real, monitored From address people can reply to. A no-reply address is a small negative signal and kills the most useful engagement there is.
An easy, obvious unsubscribe, including the one-click List-Unsubscribe header now required of bulk senders. Making people hunt for it just earns spam complaints, which hurt far more than an unsubscribe.
Clean content. A sane text-to-image ratio, a plain-text alternative, no link shorteners or cloaked URLs, and well-formed HTML. Loops engineering found that a shortened YouTube link combined with click tracking was enough to get a message flagged as phishing, while the full URL was fine.
How Loops handles the hard parts for you
Deliverability has a floor of unglamorous engineering work, and a managed platform absorbs most of it.
Authentication on setup. Loops generates your SPF, DKIM, and MX records and walks you through DNS verification, including a non-colliding SPF record and a recommendation to send from a subdomain.
Managed sending infrastructure. Sends go out over Loops’ maintained infrastructure, so reputation, bounce handling, and the mechanics of large sends are not yours to operate.
A pipeline tuned to pass spam filters. Loops re-engineered how it builds messages (MJML rendering and MIME encoding) specifically to score well against scanners. In one documented case it cut a message’s rspamd spam score from 5.24 to 1.24 through encoding fixes alone.
Pre-send guardrails. A Guardian check catches known deliverability traps, like shortened YouTube links, and warns you before you hit send.
The short version: authentication, infrastructure, and message hygiene are handled; consent, relevance, and what you actually say are still yours to own. Want the API view of the same platform? See the email API for developers.
The deliverability checklist
Authentication
Sending from a dedicated subdomain, not the root domain
SPF published and passing
DKIM signing enabled and passing
DMARC published (none to quarantine to reject) with reporting on and alignment confirmed
Custom return-path aligned
BIMI only once DMARC is enforced
Reputation and warming
New domain or IP warmed gradually, most-engaged contacts first
Steady baseline cadence, such as a welcome workflow on every signup
Dedicated IP only if volume justifies it; otherwise a healthy shared pool
List and consent
Explicit opt-in only; no purchased or scraped lists
Double opt-in on marketing signups
Sunset policy for chronic non-openers
Hard bounces and complainers suppressed automatically
Engagement and content
Segmented, relevant sends
Real, monitored, replyable From address
One-click List-Unsubscribe header plus an obvious unsubscribe link
Complaint rate under 0.3% (target under 0.1%)
No link shorteners; clean HTML with a plain-text alternative
Tracking inbox placement, not just delivery rate
Frequently asked questions
What is email deliverability?
What are the most important email deliverability best practices?
How do I improve email deliverability?
What is email authentication?
What is the difference between SPF, DKIM, and DMARC?
Do I need a dedicated IP for good deliverability?
What is a good spam complaint rate?
Does Loops handle deliverability for me?
Related guides
Why are my emails going to spam? — the seven causes of spam placement and how to fix each.
Best time to send email — what the data says about send timing, by day and audience.
Email API for developers — send transactional and marketing email from your code.