What deliverability is
Email deliverability is whether your email reaches the inbox, as opposed to the spam folder or nowhere at all. The catch most people miss: "delivered" does not mean "inboxed."
It helps to separate two terms that sound alike. Your delivery rate only tells you the receiving server accepted the message and it did not bounce. Deliverability, sometimes called inbox placement, is what happens next: of the mail that was accepted, how much actually reached the inbox versus being filtered into spam. An email can be accepted, counted as delivered in your dashboard, and still be quietly dropped into junk where no one looks. There are really three outcomes for any send: it inboxes, it gets spam-foldered, or it bounces and is rejected outright.
This gap is bigger than most senders realize. According to Validity's 2025 benchmark, only around 83% of email reaches the inbox worldwide, which means roughly one in six messages is filtered or lost even when it technically delivered. That missing sixth is invisible in a normal "delivered" report, which is exactly why deliverability is worth understanding rather than assuming. The good news is that almost all of it comes down to a handful of fixable factors, and this guide walks through each one.
Why emails land in spam
Emails land in spam mostly because of who is sending them, not what they say. The single biggest factor is sender reputation, the running score that mailbox providers keep on your sending domain and IP based on how you behave over time. Almost everything else either feeds that reputation or acts as a hard gate in front of it. Here are the main causes, roughly in order of impact:
Notice what is not at the top of that list: spam-trigger words. The idea that certain words drop you in the junk folder is mostly a myth carried over from an older era of filtering. Modern systems are driven by reputation and engagement, so a trustworthy sender can use the word "free" and inbox fine, while a sender with a bad reputation will be filtered no matter how careful the wording. Content still matters a little, covered below, but it is not where the real risk lives.
SPF, DKIM, and DMARC explained
These three are email authentication, and they exist to prove an email is really from who it claims to be. All three are DNS records you publish on your sending domain, which is how mailbox providers verify you and how they tell you apart from someone spoofing your name. They are the price of entry now, so it is worth understanding what each one does.
| Standard | What it is | What it proves |
|---|---|---|
| SPF | A DNS record listing which mail servers are allowed to send email for your domain. | That the message came from a server you authorized, not a random one. |
| DKIM | A cryptographic signature added as the email leaves your server, with the matching key published in DNS. | That the email genuinely came from your domain and was not altered in transit. |
| DMARC | A policy, built on SPF and DKIM, that you publish in DNS. | What a receiver should do when checks fail, and that the visible From address lines up with the authenticated domain. |
A little more on each. SPF (Sender Policy Framework) is a public list of approved senders for your domain; a receiver checks whether the server that delivered the message is on it. DKIM (DomainKeys Identified Mail) signs the message with a private key as it leaves, and the receiver uses a public key in your DNS to confirm the signature, which proves both the origin and that nothing was tampered with along the way.
DMARC ties the two together and adds a decision. Its policy can be set to "none" (just monitor and report), "quarantine" (treat failures as suspicious, usually routing them to spam), or "reject" (refuse them outright). DMARC also requires alignment, which simply means the domain in the visible From address has to match the domain that passed SPF or DKIM. That is the part that actually stops spoofing: a scammer can pass authentication on their own domain, but they cannot make it align with yours. A common, safe path is to start DMARC at "none" to watch the reports, then tighten to quarantine or reject once you are sure your real mail is passing.
The Gmail and Yahoo rules
In February 2024, Gmail and Yahoo rolled out shared requirements that turned authentication from a best practice into a requirement. If you send in any volume, these are the rules that decide whether you even get considered for the inbox.
Google defines a bulk sender as anyone sending more than 5,000 messages a day to Gmail accounts, and bulk senders must do three things. First, authenticate with SPF, DKIM, and DMARC, where the DMARC policy is allowed to start at "none." Second, offer a working one-click unsubscribe and a visible unsubscribe link, and honor opt-outs within two days. Third, keep the spam complaint rate low: Google says stay under 0.1% and never reach 0.3%, and Yahoo uses the same 0.3% ceiling. To feel how strict that is, 0.3% is just three complaints per thousand emails.
Even if you are well under the bulk threshold, do not treat these as optional. All senders, at any volume, are expected to have at least SPF or DKIM, valid DNS records, and accurate headers, or risk being rejected or spam-foldered. And the bulk bar is lower than it sounds: a single campaign to a modest list can cross 5,000 Gmail addresses in one send. The simplest reading is to just meet the full bulk requirements from the start, because they are good practice for everyone.
List hygiene and engagement
A clean list is one of the strongest deliverability assets you have, and it starts with permission. Email only people who explicitly opted in, and never buy or scrape addresses, because non-consenting recipients drive complaints and land you on spam traps. Building the list the right way is its own topic, covered in the build an email list guide.
Handle bounces and traps
Bounces come in two kinds. A hard bounce is a permanent failure, like an address that does not exist, and you should remove and suppress it immediately so you never send to it again. A soft bounce is temporary, like a full mailbox, and can be retried, but repeated soft bounces should be treated as hard and dropped. Spam traps are the bigger danger: addresses that exist only to catch senders with poor hygiene. Some are old abandoned addresses recycled into traps, which is exactly why mailing people who went silent years ago is risky. You cannot reliably scrub traps out; you avoid them by only mailing people who opted in and by cleaning your list.
Use a sunset policy
Engagement is now a primary signal, so continuing to email people who never open quietly drags down your reputation for everyone, including the subscribers who do want to hear from you. A sunset policy fixes this: reduce how often you mail someone after a month of no engagement, reduce again after a few months, send one last re-engagement campaign around the six-month mark, and remove anyone who still does not respond. It feels counterintuitive to delete subscribers you worked to get, but a smaller engaged list reaches the inbox far more reliably than a large indifferent one.
Content and warm-up
Two smaller factors round out the picture. Content matters less than reputation, but a few things still hurt, and a brand-new sender has one extra hurdle to clear.
Content that filters notice
The content traps worth avoiding are not really about words. A misleading subject line that does not match the email is both a filtering signal and, in the United States, illegal under the CAN-SPAM Act, which requires the subject and headers to be accurate. Beyond that, watch the basics: an email that is one big image with almost no text reads as spammy, so keep a healthy balance of real text; link to your own authenticated domain rather than bare link shorteners; avoid attachments in bulk mail and link instead; and keep your HTML clean. None of this outweighs reputation, but sloppy content gives a borderline message the final nudge into junk. For the specific case of subject lines, see the email subject lines guide.
Warming up a new sender
Mailbox providers treat a brand-new domain or IP with no reputation almost as warily as one with a bad reputation, so you cannot go from zero to thousands of emails overnight. Warm-up means ramping volume gradually over a few weeks, starting with your most engaged contacts to generate positive signals, and slowing down if complaints or bounces rise. Most small senders never deal with this directly, because they use their email provider's shared sending infrastructure, which already has an established reputation. A dedicated IP, which only makes sense at high volume, must be warmed up by hand, and even a new sending domain on shared infrastructure benefits from a gentle ramp.
How to improve deliverability in 7 steps
Pull it all together into a checklist. Work through these in order and you cover the factors that decide inbox placement.
-
Authenticate your domain with SPF, DKIM, and DMARC
Publish all three DNS records on your sending domain so providers can verify your mail, starting DMARC at "none" to monitor before you tighten it. Gmail and Yahoo now require all three for bulk senders, so this is step zero, not a nice-to-have.
-
Email only people who opted in
Build your list with explicit permission, and never buy or scrape addresses. Permission is the foundation of low complaints and trap avoidance, which are the two fastest ways to wreck a sender reputation.
-
Add one-click unsubscribe and honor it fast
Include a working one-click unsubscribe and a visible unsubscribe link in every marketing email, and process opt-outs within two days. Making it easy to leave keeps complaint rates down, which matters more than holding onto a reluctant subscriber.
-
Keep your list clean
Remove hard bounces immediately, suppress repeat soft bounces, and apply a sunset policy that drops chronically unengaged subscribers. Mailing dead addresses and old traps is one of the quickest routes to the spam folder.
-
Send content people actually engage with
Segment and target so opens, clicks, and replies stay high, because engagement is now a primary deliverability signal. Relevant email to a willing audience protects the inbox placement of your whole list.
-
Warm up new domains and ramp volume gradually
Do not blast a brand-new domain with thousands of emails at once. Start small with your most engaged contacts and raise volume steadily over a few weeks, so providers have time to build trust in you.
-
Monitor your reputation and complaints
Watch Google Postmaster Tools for your spam rate, reputation, and authentication, track your bounce rate, and check whether you have landed on any blocklists. Catch a slipping metric early, while it is still cheap to fix.
Common mistakes to avoid
Deliverability tends to collapse for the same handful of reasons. Check your sending against this list.
Buying or scraping lists. It guarantees recipients who never opted in, which means complaints and pristine spam-trap hits that can get you blocklisted fast.
No authentication. Missing or failing SPF, DKIM, or DMARC is now an outright gate at Gmail and Yahoo for bulk senders, not just a soft penalty.
Ignoring the complaint rate. Letting spam complaints drift toward 0.3% throttles delivery for your whole list. Watch it and act early.
Mailing unengaged subscribers forever. No sunset policy means you keep sending to people who never open, which signals low quality and pulls down everyone's placement.
Sudden volume spikes. Blasting a cold domain or new IP with a huge send, with no warm-up, looks exactly like spammer behavior to providers.
Flying blind. No Postmaster Tools, no reputation or blocklist checks, so a problem stays invisible until your delivery has already collapsed.
Reach the inbox with systeme.io
Sending built to reach the inbox
systeme.io sends your email from shared infrastructure that already has an established reputation, includes an unsubscribe link in every email, and lets you connect and authenticate your own domain by adding the records it gives you. The deliverability work is built in or guided, on the free plan.
Deliverability is one part of email that works together with the rest: see the email marketing guide, and how to build an email list the permission-based way that keeps you out of spam.
Frequently asked questions
Email deliverability is whether your email actually reaches the inbox rather than the spam folder or nowhere at all. It is different from your delivery rate, which only tells you the email was accepted by the receiving server and did not bounce. An email can be accepted, and counted as delivered, yet be quietly filtered into spam, so delivered does not mean inboxed. Across the industry only around 83% of email reaches the inbox, according to Validity's 2025 benchmark, which means roughly one in six messages is filtered or lost even when it technically delivered.
Usually because of your sender reputation, not your wording. The biggest factors are a poor or unproven reputation on your sending domain and IP, missing or failing authentication (SPF, DKIM, DMARC), a high spam-complaint rate, a low-quality list with bounces and spam traps, and low engagement from sending to people who never open. Mailing addresses that never opted in, and sudden spikes in volume from a cold domain, also hurt. Spam-trigger words matter far less than most people think. Modern filters are driven by reputation and engagement, not keyword lists.
They are three email authentication standards, all set up as DNS records on your sending domain. SPF (Sender Policy Framework) is a record listing which servers are allowed to send email for your domain. DKIM (DomainKeys Identified Mail) adds a cryptographic signature as the email leaves your server, proving the message came from your domain and was not altered in transit. DMARC builds on both: it tells receiving servers what to do when SPF and DKIM fail, either nothing, quarantine, or reject, and checks that the visible From address lines up with the authenticated domain. Together they prove your email is really from you.
In February 2024 Gmail and Yahoo introduced shared requirements for bulk senders, which Google defines as anyone sending more than 5,000 messages a day to Gmail accounts. Bulk senders must authenticate with SPF, DKIM, and DMARC (the DMARC policy can start at none), must offer a working one-click unsubscribe and honor opt-outs within two days, and must keep their spam complaint rate low. All senders, at any volume, also need at least SPF or DKIM, valid DNS records, and accurate headers. These rules made authentication mandatory rather than optional.
Keep it below 0.1% as your target, and never let it reach 0.3%. Those are Google's stated thresholds in its sender guidelines, measured in Google Postmaster Tools, and Yahoo uses the same 0.3% ceiling. To put that in perspective, a 0.3% rate is just three complaints per thousand emails, so it does not take many annoyed recipients to cross the line. The way to stay under it is to email only people who opted in, make unsubscribing easy, and stop mailing people who have gone quiet, rather than hoping they re-engage.
Yes, because they are DNS records on the domain you send from, and only you control your domain's DNS. Your email provider supplies the exact values to publish, the SPF entry, the DKIM key, and a DMARC record, but you add them at your domain registrar or DNS host. This is a one-time setup. If you send from a provider's shared infrastructure without your own custom domain, some of this is handled for you, but the moment you send from your own domain, authenticating it is your responsibility and well worth the half hour it takes.
A sunset policy is a rule for gradually reducing and then stopping email to subscribers who have not engaged in a long time. A typical version sends less often after a month of no opens or clicks, less again after three months, then runs a final re-engagement campaign around six months, and removes anyone who still does not respond. The point is that mailing chronically unengaged people signals low quality to mailbox providers and drags down your reputation for everyone, so cutting them protects the inbox placement of the subscribers who do want to hear from you.
Only if you are on a new dedicated IP or a brand-new sending domain. Most small senders use the shared sending infrastructure of their email provider, which already has an established reputation and needs no individual warm-up. If you do get a dedicated IP, which generally only makes sense at high volume, you must ramp up gradually over a few weeks rather than blasting it at full volume, because providers treat a sender with no reputation almost as suspiciously as one with a bad reputation. A new domain benefits from a gentle volume ramp too.