Email Deliverability Checklist

Run the sending domain through MXToolbox or EasyDMARC to confirm the SPF TXT record includes every legitimate sending source — ESP (SendGrid, Mailgun, Postmark), MAP (HubSpot, Marketo), and any transactional service. Watch for the 10-DNS-lookup limit; flatten with a tool like SPF Surveyor if exceeded.

Send a test message from each sending platform to a Gmail account and check the headers for dkim=pass with the expected selector. Common gotcha: a new ESP added without rotating in its DKIM selector signs as the ESP's shared domain instead of yours.

Per Google and Yahoo's 2024 bulk-sender requirements, any domain sending 5,000+ messages/day to Gmail needs a published DMARC record at minimum p=none with a rua aggregate-report mailbox. Use EasyDMARC or Valimail to parse aggregate reports weekly and confirm SPF + DKIM alignment before tightening to quarantine or reject.

BIMI requires a VMC (Verified Mark Certificate) from Entrust or DigiCert and DMARC at quarantine or reject. Replace the ESP's default click-tracking domain (e.g., sendgrid.net) with a branded CNAME like links.yourdomain.com — improves deliverability and trust signals.

Push the target segment through ZeroBounce, NeverBounce, or Kickbox before send. Remove role addresses (info@, sales@), known spam traps, and high-risk catch-alls. Keep hard-bounce rate under 2% and complaint rate under 0.3% per Google's bulk-sender rules.

Pull the last-90-day open and click rates for the target segment. A segment dormant 6+ months will tank sender reputation regardless of content quality.

For dormant subscribers, send a 2–3 message win-back series with a clear opt-down and opt-out. Suppress non-responders before the main broadcast — sending to dead addresses is the single fastest way to land in spam.

CAN-SPAM requires honoring opt-outs within 10 business days. If your team uses HubSpot for nurture and Klaviyo for promo, the suppression list must be synced across both — orphan sends from a second platform are a common violation.

Use Mail-Tester or GlockApps to score the subject + preheader + body. Aim for 9/10 or higher. Watch for trigger words flagged by SpamAssassin and excessive ALL-CAPS or punctuation.

Confirm rendering across Gmail (web + iOS + Android), Outlook 365, Outlook Desktop (Windows), Apple Mail, and dark-mode variants. Outlook Desktop is the most common breakage point — check for VML fallbacks on background images and bulletproof buttons.

Keep text content above 60% to avoid image-only spam classification. Every image needs descriptive alt text — both for accessibility (WCAG 2.1 AA) and for the many subscribers who block images by default.

Every CTA must carry consistent UTM source/medium/campaign per the team's UTM convention doc. Test the destination URLs in incognito; broken landing pages on send day distort GA4 attribution and waste the send.

CAN-SPAM requires a valid physical postal address — PO Box registered with USPS or a real street address. Check the live template; default ESP footers sometimes get overridden by branded templates that strip the address block.

Visible unsubscribe in the footer is required. Per Gmail/Yahoo 2024 rules, bulk senders must also include List-Unsubscribe and List-Unsubscribe-Post: List-Unsubscribe=One-Click headers. Most modern ESPs add these automatically — verify by inspecting the headers of a seed-list send.

GDPR and CASL require explicit consent — not the same as a US opt-out model. Confirm the segment filter excludes contacts without express consent recorded in the MAP, or routes them through a region-specific consent flow.

Pull consent timestamp, source, and lawful basis for every EU/UK/CA contact in the send. CASL requires implied or express consent with a documented audit trail; GDPR Article 7 requires demonstrable consent. Suppress contacts without records before send.

Slack DMs don't count — capture timestamped approval here. For regulated industries (finance, health, pharma), include the additional reviewer (FINRA-licensed principal, medical/legal/regulatory).

Use GlockApps or Inbox Monster seed lists to confirm placement at Gmail, Yahoo, Outlook.com, and major B2B receivers before the broadcast. Inbox rate below 85% means stop and investigate — usually authentication, content, or list issues.

Check Google Postmaster Tools for IP/domain reputation, spam rate, and feedback loop signals. Review the SpamAssassin score from Mail-Tester. Common fixes: throttle send rate, remove flagged content, suppress recently-bounced addresses, or pause and warm a fresh IP.

For sends over 100K, throttle to spread delivery across 2–4 hours rather than blasting. Schedule for the segment's historical peak engagement window, not blanket 9 AM ET. Confirm A/B subject line split is configured if applicable.

Review domain reputation, IP reputation, spam rate, and authentication pass rate for the sending domain. Spam rate above 0.3% is the Google bulk-sender ceiling; sustained rates above 0.1% should trigger an investigation.

Capture delivered rate, hard/soft bounces, complaint rate, open rate (with Apple MPP caveat), click rate, and unsubscribe rate. Compare against the trailing 90-day baseline for this segment, not just the all-list average.

Flush new hard bounces and complaints into the global suppression list across every sending platform. Archive the DMARC aggregate report from this send window for the quarterly deliverability review.