Email Deliverability

Email Deliverability

Email Deliverability

Getting Started

Email marketing is like a two sided coin. One side is the “frontend” which is all about managing your email campaigns, audiences, auto responders, metrics and the other side is “backend” which is all about email deliverability, technical compliance and legal compliance.

No matter how perfect email strategy you build, without a solid email deliverability setup and plan, you will fail.

In this article, we cover all fundamental components of the email deliverability. Each one of these components must be studied and applied to your email marketing activities whether you use an in-house or hosted email marketing system.


Before we dive into email deliverability details, let’s study some primary email deliverability terms.

Audience Engagement

The events being done by your recipients. Example: Email opens, link clicks, unsubscriptions, spam complaints, sending a reply, etc.

Audience Segmentation

Narrowing down your audience into smaller groups based on their interests, attributes, activities. Example: Subscribers who have a Gmail address and opened at least one of the emails in the last 30 days.

Black List

A list of email delivery server IP addresses or sender domains that are regarded as unacceptable or untrustworthy and should be excluded or avoided.


The Controlling the Assault of Non-Solicited Pornography And Marketing Act of 2003 is a law passed in 2003 establishing the United States' first national standards for the sending of commercial e-mail. The law requires the Federal Trade Commission to enforce its provisions. Wikipedia

Delivery Server

The email sending servers. A delivery server has at least one IP address.


DomainKeys Identified Mail is an email authentication method designed to detect forged sender addresses in email, a technique often used in phishing and email spam. DKIM allows the receiver to check that an email claimed to have come from a specific domain was indeed authorized by the owner of that domain. Wikipedia


DMARC is an email authentication protocol. It is designed to give email domain owners the ability to protect their domain from unauthorized use, commonly known as email spoofing. Wikipedia

Domain Alignment

Domain alignment (also called identifier alignment) is a mechanism that ensures an authenticated email domain aligns with the domain found in the 'From' header address, which represents the sender's identity.


A Delivery Status Notification (DSN), or simply a bounce, is an automated electronic mail message from a mail system informing the sender of another message about a delivery problem.


A feedback loop, sometimes called a complaint feedback loop, is an inter-organizational form of feedback by which a mailbox provider forwards the complaints originating from their users to the sender's organizations. Wikipedia


A fully qualified domain name, sometimes also referred to as an absolute domain name, is a domain name that specifies its exact location in the tree hierarchy of the Domain Name System. It specifies all domain levels, including the top-level domain and the root zone. Wikipedia

Hard Bounce

A hard bounce indicates a permanent reason an email cannot be delivered. In most cases, bounced email addresses are cleaned from your audience automatically and immediately.

IP Address

An Internet Protocol address is a numerical label such as that is connected to a computer network that uses the Internet Protocol for communication. An IP address serves two main functions: network interface identification and location addressing. Wikipedia

List Hygiene

Email hygiene entails cleaning out inactive (cold) email subscribers from your future email marketing campaigns and keeping your remaining list warm with healthy email sending habits.


The Mail From (MFROM) address is the email address that identifies from where the email actually came. It is automatically added to the envelope of the message by the sending mail transfer agent (MTA) before the message is sent. The MFROM is the address to which undeliverable message notices, or bounces, are sent.


Within the Internet email system, a message transfer agent, or mail transfer agent, or mail relay is software that transfers electronic mail messages from one computer to another using SMTP. The terms mail server, mail exchanger, and MX host are also used in some contexts. Wikipedia


A mail exchanger record specifies the mail server responsible for accepting email messages on behalf of a domain name. It is a resource record in the Domain Name System. It is possible to configure several MX records, typically pointing to an array of mail servers for load balancing and redundancy. Wikipedia


A PTR (or Pointer) record is a security tool. Essentially, when you receive an email, your mail server uses the PTR record that comes in with the email message to check that the mail server sending the email matches the IP address that it claims to be using. This is also known as “reverse DNS lookup.”


In computer networks, a reverse DNS lookup or reverse DNS resolution is the querying technique of the Domain Name System to determine the domain name associated with an IP address – the reverse of the usual "forward" DNS lookup of an IP address from a domain name. Wikipedia

Sender Reputation

An email sender reputation is a score that an Internet Service Provider (ISP) assigns to an organization that sends email. It's a crucial component of your email deliverability. The higher the score, the more likely an ISP will deliver emails to the inboxes of recipients on their network.

Spam Complaint

Spam complaints are reports made by email recipients against emails they don't want in their inbox. It's important to understand how spam complaints work, and how to do your best to avoid them, because even legitimate senders get complaints.


Sender Policy Framework is an email authentication method designed to detect forging sender addresses during the delivery of the email. SPF alone, though, is limited to detecting a forged sender claim in the envelope of the email, which is used when the mail gets bounced. Wikipedia

Technical Configuration

Whether you run your in-house email delivery server or use a hosted third party service, you must make sure that each one of these technical configuration items is set properly.

IP Address & PTR

When you create and send an email campaign on your email marketing software, it renders that email for each recipient and delivers them to your MTA. MTA stands for “Mail Transfer Agent”. The mission of MTA is to queue incoming emails and deliver them to recipient mail servers.

During the transmission of emails from your MTA to the recipient mail server, the connection is made from your MTA IP address to the recipient mail server IP address.

Your MTA IP address must be a valid public IP address.

Spam filters and mail servers classify incoming emails based on many different factors but one of the most important factors is your MTA IP address and its corresponding PTR record.

Let’s say your MTA IP address is The PTR of this IP address is

Make sure that your MTA IP address PTR record also matches your MTA IP address. On Mac or Linux operating systems, you can test this quickly by running two commands:

$ dig -x +short

The result of the command above is which means, this domain is the PTR of the given IP address.

Now, let’s query this domain’s A record to see if it matches the IP address:

$ dig +short

As you can see, → → which is ✅

There may be multiple A DNS records for a domain. In such case, at least one of them must match the MTA IP address.

You must make sure that your MTA IP address and the corresponding PTR record are not blacklisted on any major blacklist services. You can use for instant checks and for automated monitoring and getting alerts when your IP addresses or domains are blacklisted.


The email is no different than a regular mail. During the delivery of the email from your MTA to the recipient mail server, your MTA is required to say who the sender is (in a regular, it’s the sender written on the top left corner of the envelope). This sender is called MFROM (or Mail From).

Here’s a quick example of how the communication starts and proceeds between your MTA and the recipient mail server:

  • Your MTA asks for the mail server IP address of the recipient email address domain.
  • Your MTA connects to the recipient mail server
  • Your MTA says “Hi”
  • Recipient mail server greets your MTA
  • Your MTA starts secure connection if needed (TLS) and recipient mail server acknowledges it
  • Your MTA says it has an email to be delivered sent by
  • ...

As you can see above, your MTA will say who the sender of the email is. This is done by the following SMTP command during the communication:


This MFROM email address is very important. The domain of the MFROM email address must be set properly, otherwise, you will have high chance of serious delivery issues.

The MFROM email address domain must have a few configurations in order to make it ready for sending emails on behalf of it.

The A Record

The MFROM domain doesn’t need to have a valid A record which means, it doesn’t have to be pointing to a website. But it’s always a good approach to set an A record and point it to your website or a one-page landing page explaining the purpose of the domain. This is an optional setup but highly recommended.

The MX Record

However, it must have a valid MX record(s). MX record(s) identifies the responsible mail servers for the MFROM domain. Because all DSN (Delivery Status Notification) emails such as bounce reports, auto-replies, etc. will be delivered to this MFROM domain. An missing or misconfigured MX record will lower the chance of building a long-lasting email delivery reputation.

Make sure that you have at least one valid MX record for your MFROM domain and it accepts DSN emails that are being sent to your MFROM domain.

SPF Setup

Sender Policy Framework (SPF) is the first email authentication policy implemented in 2014. The detailed technical instructions of SPF can be found in RFC 7208.

The purpose of SPF is to prevent sending emails on behalf of a sender domain through unauthorized MTA IP addresses.

This policy is defined by adding a special TXT record to the sender domain DNS zone. This TXT record identifies what IP addresses are authorized to send emails on bahelf of this sender domain.

Here’s an example SPF record: TXT "v=spf1 ip4: -all"

This SPF record authorizes the IP address to send emails on behalf of domain. It also suggests receiving mail servers to follow strict SPF policy for sender MTA IP addresses which are not authorized in this SPF record.

You can use MX Toolbox’s SPF Generator tool to generate an SPF record for your sender domains.

SPF allows senders to define which IP addresses are allowed to send email for the sender domain.

DKIM Setup

DKIM stands for DomainKeys Identified Mail. It’s a policy that allows an organization to take responsibility for sending an email by signing it in a way that recipient mail servers can verify. For more details about DKIM, you may check RFC 6376.

The purpose of DKIM is to protect email senders and recipients from spam, spoofing and phishing.

Basically, when your MTA is delivering email to the recipient mail server, your MTA adds a digital signature to the headers of the email. This digital signature is generated based on email header properties.

When the email is received by the recipient mail server, it looks up the sender’s public DKIM key in DNS. The recipient mail server uses this key to decrypt the signature and compare it against a freshly computed version. If the two values do not match, DKIM validation fails.

DKIM provides an encryption key and digital signature that verifies that an email message was not faked or altered.

For more information about DKIM, please check

DKIM private key and DNS records can be created by various methods. If you are using PowerMTA, you can create a DKIM key on the command line:

pmtakeytool newdk oct 1024

This command will create a special private key and a DNS record to be added to the sender domain DNS records. A DKIM key can be 1024-bit or 2048-bit key.

The public key must be added to the sender domain DNS records with a <selected>._domainkey host name and value of k=rsa; p=........

Please make sure that your MTA server is properly configured to use the generated private key and selector.

You can use to validate your DKIM setup.


DMARC is a special configuration on the sender domain DNS records that is used to authenticate an email by SPF and DKIM mechanisms. By having DMARC in the sender domain DNS zone, sender domain owners can prevent email compromise, phishing and spoofing.

You can tell the recipient mail server what to do when an authorized email is received with your sender domain:

  • p=none No action is taken. The email traffic is monitored.
  • p=quarantine Sends the email to the spam folder of the recipient.
  • p=reject The unauthorized email will be rejected and never gets delivered to the recipient.

DMARC is a policy that compiles SPF and/or DKIM mechanisms. In order to activate the DMARC protection, you need to add a DNS record to the sender domain.

DMARC unifies the SPF and DKIM authentication mechanisms into a common framework and allows domain owners to declare how they would like email from that domain to be handled if it fails an authorization test.

DMARC DNS record is a TXT record that tells the recipient mail server what to do when an email with a failed SPF and/or DKIM check is received. You can use MX Toolbox’s DMARC generator tool to generarte the required DNS record for your sender domains.

MX Setup

The technical specifications explained in RFC 5321 suggests having a MX server for your sender domain is optional. This means that you may have a sender domain (MFROM domain) with no MX server.

However, in today’s world, we strongly recommend you to have a working MX server that accepts incoming emails for your sender domain. Otherwise, you may have delivery issues. Your emails might be discarded or delivered to the spam folder.

RFC 2142 also explains some specific mailbox usernames to be valid and accepting email no matter what.

Having an MX server for your sender domains is highly recommended even though it’s not a required setup as explained in RFC 5321.

Please note that having an MX DNS record for your sender domain is not enough. That MX server must be accepting emails for your sender domain.

Take a look at the following example command sequence to test this. Let’s say your sender domain is and you want to test if has valid MX server setup.

First, let’s learn the MX server of

$ dig +short mx

5 has 5 MX servers. Let’s pick any of them and test if the MX server is accepting messages for

$ telnet 25

Connected to
Escape character is '^]'.
220 ESMTP p8-20020a5d59a8000000b0020c4d8bc8fcsi9520477wrr.26 - gsmtp
ehlo local at your service, []
250-SIZE 157286400
mail from: <>
250 2.1.0 OK p8-20020a5d59a8000000b0020c4d8bc8fcsi9520477wrr.26 - gsmtp
rcpt to: <>
250 2.1.5 OK p8-20020a5d59a8000000b0020c4d8bc8fcsi9520477wrr.26 - gsmtp

As you can see above, our test attempt for returned 250 SMTP code which means a success.

When sending a bulk email, most of the time, MFROM email will be a unique email address for each recipient. This is called VERP. Variable envelope return path (VERP) is a technique used by Octeth to enable automatic detection and removal of undeliverable e-mail addresses.

Therefore, make sure that your MFROM domain MX server has catch-all setting enabled that accepts all incoming emails. Otherwise, relaying denied error will be returned by your MX server and this will prevent delivery status notification emails (bounce reports) to be received.

MTA Setup

MTA stands for Mail Transfer Agent. It’s the email delivery server that receives the rendered email from Octeth, queues it and delivers it to the recipient mail server. An email will be delivered by your MTA via one IP address. Therefore, make sure that you have read IP / PTR topics earlier in this chapter and also set SPF record properly for your domains.

There are many MTA’s in the market such as Postfix, Qmail as well as PowerMTA, Green Arrow, MailerQ, MailEnable, etc. Each MTA has its own settings and feature sets. Setting your MTA for bulk email delivery requires more precise settings such as maximum number of connections that can be made for each domain, maximum message rate for each domain, backoff settings, etc.

Refer to your MTA documentation to learn more about optimum settings for bulk email delivery.

It’s very important to configure your MTA properly for bulk emailing otherwise, you can quickly burn your IP addresses and sender domains. Sending too much email or too fast can be a problem based on your email delivery reputation.

Best Practices

We have compiled very important best practices under this chapter. Following and applying these best practices will ensure that you have a long lasting and stable email delivery reputation.

Domain Alignment

Domain alignment lets you apply your domain throughout your email, starting from the MFROM email address, all the way to the links you add into the email.

Having a domain alignment in your email campaigns will ensure higher email delivery success rate as email filters love it for many reasons!

Domain alignment will ensure higher email delivery reputation for your sender domains.

You have these domains in your emails;

  • MFROM domain Example:
  • DKIM domain Example:
  • FROM domain Example:
  • Tracking domain Example:
  • Link domain Example:
  • Image domain Example:

When you have domain alignment applied to your email, it means the same domain is used across all these email parameters from MFROM to links.

Domain alignment (also called identifier alignment) is a mechanism that ensures an authenticated email domain aligns with the domain found in the 'From' header address, which represents the sender's identity.

Domain alignment starts with SPF and DKIM authentication. Therefore, make sure you have setup SPF and DKIM properly for your domains.

When you have domain alignment in your email campaigns;

  • Higher trust: Email filters love domain alignment. Your deliverability will improve.
  • Better brancing: Links inside your emails will be recognizable by recipients. You will receive less spam complaints.
  • Better sender reputation: Having your own domain will give you more control over your deliverability and sender reputation.
  • Better DMARC implementation: The side affect of domain alignment is SPF alignment. You will have better DMARC implementation.

IP & Domain Reputation

When it comes to email delivery, your email delivery history plays an important role. But, how do they check your email delivery history? They do it via your MTA IP address and domains:

  • Your MTA IP Address
  • MFROM domain
  • DKIM domain
  • FROM domain
  • Tracking domain
  • Link domain
  • Image domain

ISP’s keep a history of each one of these email components. When you send an email, they know how many complaints you have received, how many bounces you have caused, how many engagements you got from your audience. Based on these “event” metrics, they calculate a reputation score for you. Based on this score, they do one of the following;

  • They accept the email and deliver it to the recipient inbox.
  • They accept the email and delivery it to the spam folder.
  • They accept the email but do nothing. The email is discarded.
  • They accept the email, they discard it and send a DSN report (bounce report) to the sender domain
  • They reject the email during the SMTP delivery.

When you start sending from a fresh IP address or domain, you must be very careful about;

  • Number of emails you send on hourly and daily basis
  • Number of emails you send to each ISP
  • Number of bounces you receive
  • Number of complaints you receive
  • Number of opt-out requests you receive

If you start sending 1 million emails on day 1 from a fresh IP address or domain, your emails will be blocked. But instead, you can apply a warm-up process such as;

DayNumber of IP AddressesRecommended Delivery Volume
Day 1
Day 2
Day 3
Day 4
Day 5
Day 6
Day 7
Day 8
Day 9
Day 10
Day 11
Day 12
Day 13
Day 14
Day 15
Day 16
Day 17
Day 18
Day 19
Day 20
Day 21
Day 22
Day 23
Day 24
Day 25
Day 26
Day 27
Day 28
Day 29
Day 30

Once you follow a warm-up plan for your new sender IP and domain name, you will have a long lasting email delivery reputation and your IP address and/or sender domain will less likely be throttled.

In addition to events that we have listed above for negative reputation impact, we have also events that affect in a very positive way;

  • Number of email clicks and opens (different than email open detection)
  • Number of email replies
  • Number of recipients who star your emails

These events will boost your email delivery reputation.

To monitor your sender IP addresses and sender domains and get alerts when you have a blacklist issue, you can use email blacklist monitoring service.

List Hygiene

Building (and protecting) your email delivery reputation starts before sending emails: By maintaining hygiene of your subscriber lists. When you send an email campaign to a list and get a high bounce rate, it’s too late because you have already got the damage on your sender reputation.

There’s a way to avoid (or minimize) this risk. Maintaining your list hygiene. This means, scanning the subscribers in your email list and removing;

  • Invalid (hard bounced) email addresses before sending an email to them
  • Role-based email addresses (support@, sales@, etc.)
  • Risky email addresses (disposable email addresses, catch-all email addresses, etc.)
  • Unresponsive email addresses

These email addresses that listed above will ruin your email delivery reputatio when you send even one email to them. You can get hit by a spam trap and you can receive a high bounce rate. These problems will cause your sender IP address and domain to get blaclisted or flagged quickly. And once you get listed in a blacklist, it’s very difficult and challenging to remove your IP address or sender domain from the blacklist.

There are many list hygiene and email verification services in the market. Octeth has a built-in integration with email list verification and list hygiene service. You can simply activate the plugin in [Admin Area → Settings → Plug-Ins] section and connect it to your account in a few seconds.

Once the integration is completed, Octeth will display “List Verification” link on the subscrier list dashboard and you can run a bulk email list verification on the entire subscriber list or any segment of the list with a single click.

In addition to this, you can enable instant email address verification so that during the subscription process, the email address can be checked in real-time and risky ones can be eliminated even before sending a double opt-in confirmation email.


Double Opt-In Subscription Process

A new subscriber asks to be subscribed to the mailing list, but unlike unconfirmed or single opt-in, a confirmation email is sent to verify it was really them. Generally, unless the explicit step is taken to verify the end-subscriber's e-mail address, such as clicking a special web link or sending back a reply email, it is difficult to establish that the e-mail address in question indeed belongs to the person who submitted the request to receive the e-mail (wikipedia).

Unlike many European countries anti-spam laws, CAN-SPAM doesn’t require you to apply a double opt-in process, however, double opt-in keeps your email list clean and protects your sender reputation.

Make sure that you enable double opt-in subscription method for your email lists that are connected to your websites or sales funnels.

Do not forget that the only way of building and maintaining a long lasting sender reputation is keeping your email lists away from hard bounces and spam trap hits.

Audience Engagement

The only way to build and maintain a healthy (and long lasting) sender reputation is based on the engagement rate of your audience. There are many ways to engage your audience;

  • They send a reply to your email
  • They click a link inside your email
  • They click and open your email

These are three very powerful engagement activities (sorted by the priority) that your audience members can do with your emails. Each one of your emails must have a goal of triggering any of these engagement events.

Audience Segmentation

Sending the right message to the right person is very important. Creating an email campaign and sending it as a bulk email to your entire audience doesn’t work any more. People want relevant message prepared for themselves.

This can only be achieved by segmentation.

Octeth provides you many powerful segmentation features such as attribute and activity based regular segments, trailing segments and randomized segments.

Regular Segments

Regular segments will narrow down your audience into a small very targeted audience and this will boost your email campaign conversions and delivery success rate.
Regular segments will narrow down your audience into a small very targeted audience and this will boost your email campaign conversions and delivery success rate.

Some examples:

  • Anyone who [has a email address] AND [opened at least 1 email in the last 10 days] AND [Subscribed in the last 30 days]
  • Anyone who [has a email address] AND ([opened at least 1 email in the last 10 days] OR [Subscribed in the last 30 days])
  • Anyone who ([opened at least 1 email in the last 10 days] AND [has a email address]) OR ([subscribed in the last 5 days] AND [has a email address])
  • Anyone who [is from San Francisco]
  • Anyone who [has clicked link at least 1 time in one of the last 10 sent emails]

Trailing Segments

Trailing segments will give you fresh audience based on their activities and attributes every time your email campaign is triggered.
Trailing segments will give you fresh audience based on their activities and attributes every time your email campaign is triggered.


  • Anyone who have subscribed yesterday
  • Anyone who has a trial expiring in 15 days
  • Anyone who has made a purchase today

Randomized Segments

Randomized segments are very useful to pick a group of randomly selected people from your audience and to run test email campaigns.
Randomized segments are very useful to pick a group of randomly selected people from your audience and to run test email campaigns.
Once you start segmenting your audience based on their interests, attributres or activities, and start sending your email campaigns to segments, you will notice higher engagement and conversion rates.

Multiple Delivery Server Utilization

Octeth has a powerful multi-delivery server feature that gives you ability to reroute outgoing emails through different delivery servers based on;

  • the attributes and/or activities of the recipient
  • the user account sending the email campaign

Just to give you an example, you can setup SES, Mailgun, Sendloop SMTP delivery servers in your Octeth server and reroute all emails going to email address through SES, all and email address through Mailgun and all openers and clicks through Sendloop SMTP.

Email delivery is all about dealing with problems and challenges. Having multiple delivery servers will build a redundancy in your email marketing operations.



Homepage Customer Area Community Portal Contact Us

Footer Social Icons

©Copyright Octeth, Inc. All rights reserved.