Email Deliverability

Audit and improve email deliverability for ecommerce marketing. This skill provides a systematic framework for diagnosing why emails land in spam, identifying authentication gaps, cleaning subscriber lists, and repairing sending reputation to maximize inbox placement rates.

Quick Reference

Use this table to rapidly assess the current state of any deliverability dimension.

Solves

This skill addresses the following ecommerce email marketing problems:

1. Emails landing in spam or promotions tabs -- Campaigns reach spam folders at Gmail, Outlook, or Yahoo despite legitimate content, reducing revenue from email marketing by 50-80%.

2. Declining open and click-through rates -- Engagement metrics drop over time as sender reputation degrades, list quality decays, or content triggers spam filters.

3. Authentication failures and spoofing vulnerability -- Missing or misconfigured SPF, DKIM, or DMARC records cause delivery failures and leave the domain open to phishing impersonation.

4. High bounce rates damaging sender reputation -- Accumulated invalid addresses, typo domains, and abandoned mailboxes generate hard bounces that erode IP and domain reputation with mailbox providers.

5. Blacklisting and IP reputation damage -- Sending IP or domain appears on one or more DNS-based blacklists (Spamhaus, Barracuda, SORBS), causing widespread delivery failures.

6. Subscriber list decay and disengagement -- Lists degrade at 25-30% per year through abandoned addresses, role accounts, and spam traps, dragging down overall deliverability.

7. Inconsistent sending patterns triggering throttling -- Irregular send volumes (e.g., nothing for weeks then a massive blast) cause mailbox providers to throttle or defer messages.

Workflow

Step 1: Baseline Deliverability Assessment

Establish the current state by gathering quantitative data across all relevant dimensions.

Inputs needed:

• Access to ESP dashboard (Klaviyo, Mailchimp, Omnisend, etc.)
• Domain and sending IP addresses
• Last 90 days of campaign performance data

Actions:

1. Pull inbox placement rates by provider (Gmail, Outlook, Yahoo, Apple Mail) using seed-list testing tools (GlockApps, Inbox Monster, or Everest).
2. Record aggregate open rate, click rate, bounce rate, unsubscribe rate, and spam complaint rate for last 90 days.
3. Check Google Postmaster Tools for domain and IP reputation status.
4. Run IP addresses against major blacklists: Spamhaus (SBL, XBL, PBL), Barracuda, SORBS, SpamCop, URIBL.
5. Document sending volume patterns over the last 90 days (daily/weekly volume graph).

Output: A baseline scorecard with numeric values for each Quick Reference dimension.

Step 2: Authentication Audit

Verify that all email authentication protocols are correctly configured and aligned.

Actions:

1. Query DNS for SPF record on the sending domain. Validate syntax, check for >10 DNS lookups, confirm the ESP's include is present.
2. Verify DKIM signing by sending a test email and inspecting headers. Confirm key length is 1024-bit or higher (2048-bit preferred). Verify alignment with the From domain.
3. Check DMARC record. Assess policy level (none/quarantine/reject), alignment mode (relaxed/strict), and reporting configuration (rua/ruf).
4. If applicable, check BIMI record and VMC certificate status.
5. Verify return-path/envelope-from alignment for SPF.
6. Test with MXToolbox, dmarcian, or mail-tester.com to get a composite authentication score.

Output: Authentication status matrix. See references/authentication-setup-guide.md for remediation steps.

Step 3: List Health Analysis

Assess the quality, composition, and engagement profile of the subscriber list.

Actions:

1. Export list with engagement data: last open date, last click date, total opens/clicks in 90 days, acquisition source, subscription date.
2. Segment the list into engagement tiers:
   • Active: Opened or clicked in last 30 days
   • Lapsing: Last engagement 31-90 days ago
   • Inactive: Last engagement 91-180 days ago
   • Dead: No engagement in 180+ days or never engaged
3. Identify risky address patterns: role accounts (info@, sales@, support@), disposable domains (guerrillamail, tempmail), known spam trap providers.
4. Run the list through a verification service (ZeroBounce, NeverBounce, BriteVerify) to flag invalid, catch-all, and risky addresses.
5. Calculate list decay rate and project forward 6 months.

Output: List health report with segment sizes, risk flags, and recommended removals. See references/list-hygiene-guide.md.

Step 4: Content and Technical Scan

Evaluate email content for spam filter triggers and technical issues.

Actions:

1. Analyze the last 10 campaigns for spam trigger patterns:
   • Subject line: ALL CAPS, excessive punctuation, urgency words ("Act now!", "Limited time!")
   • Body: image-to-text ratio (target >60% text), spam trigger word density, URL shorteners, excessive links
   • HTML: broken tags, excessive inline CSS, missing alt text on images, non-standard fonts
2. Check email weight (target <100KB total) and image hosting (external CDN vs. embedded).
3. Verify unsubscribe mechanism: one-click List-Unsubscribe header, visible footer link, functional processing.
4. Test rendering across top 10 email clients using Litmus or Email on Acid.
5. Verify plain-text MIME part exists alongside HTML.
6. Check for proper use of preheader text.

Output: Content audit findings with specific fix recommendations per campaign template.

Step 5: Sending Infrastructure Review

Evaluate the technical sending setup and its impact on deliverability.

Actions:

1. Determine IP type: dedicated vs. shared. If dedicated, assess warm-up status and age.
2. Review sending subdomain configuration (e.g., mail.store.com vs. store.com). Verify DNS records point correctly.
3. Analyze volume patterns: look for spikes >2x normal volume, gaps in sending, day-of-week distribution.
4. Check ESP configuration: throttling settings, retry logic, feedback loop enrollment with major providers.
5. Verify TLS encryption is enforced for transmission.
6. Review bounce handling: automatic suppression of hard bounces, soft bounce retry policy.

Output: Infrastructure assessment with configuration recommendations.

Step 6: Remediation Plan

Prioritize and sequence fixes based on impact and effort.

Priority framework:

1. Critical (fix immediately): Blacklist removal, authentication failures, >2% bounce rate
2. High (fix within 1 week): DMARC policy upgrade, list cleaning, bounce processing fixes
3. Medium (fix within 2 weeks): Content optimization, sunset policy implementation, sending pattern normalization
4. Low (fix within 1 month): BIMI setup, advanced segmentation, A/B testing framework

Actions:

1. Create a sequenced action list using the priority framework.
2. For blacklist removal: identify the listing, follow the specific delisting process, document the cause and prevention measure.
3. For authentication: implement fixes per references/authentication-setup-guide.md.
4. For list hygiene: execute cleaning per references/list-hygiene-guide.md.
5. Establish sending calendar with consistent volume ramp.

Output: Prioritized remediation plan with owners, timelines, and success criteria.

Step 7: Monitoring and Continuous Improvement

Set up ongoing monitoring to maintain deliverability gains.

Actions:

1. Configure Google Postmaster Tools alerts for reputation changes.
2. Set up automated seed-list testing on a weekly cadence.
3. Implement real-time bounce and complaint monitoring with threshold alerts:
   • Bounce rate alert: >1.5% per campaign
   • Complaint rate alert: >0.05% per campaign
4. Schedule quarterly list hygiene reviews.
5. Create a monthly deliverability dashboard tracking all Quick Reference dimensions.
6. Document a runbook for common deliverability incidents (blacklisting, sudden reputation drop, provider-specific blocking).

Output: Monitoring configuration and deliverability dashboard template. See assets/quality-checklist.md for ongoing audit use.

Worked Examples

Example 1: Fashion Ecommerce Brand with Gmail Spam Problem

Situation: An online fashion retailer (250K subscriber list) using Klaviyo sees their Gmail open rates drop from 22% to 9% over 8 weeks. Their Black Friday campaign drove 40% of annual email revenue last year, and the holiday season is 10 weeks away.

Step 1 -- Baseline Assessment:

Google Postmaster Tools shows domain reputation as "Low" and IP reputation as "Medium."

Step 2 -- Authentication Audit:

• SPF: Present but includes 11 DNS lookups (exceeds 10-lookup limit). Fails intermittently.
• DKIM: 1024-bit key, aligned. Functional but should upgrade to 2048-bit.
• DMARC: v=DMARC1; p=none; -- No enforcement, no reporting configured.
• Return-path: Misaligned (using Klaviyo default, not custom bounce domain).

Step 3 -- List Health Analysis:

Verification service results: 8,400 invalid addresses (3.4%), 2,100 spam traps identified (0.84%), 4,200 role accounts (1.7%).

Step 4 -- Content Scan:

• Image-to-text ratio: 85% images, 15% text (too image-heavy)
• Subject lines frequently use ALL CAPS and multiple exclamation marks
• No plain-text MIME part in any campaign
• List-Unsubscribe header missing; only a small footer link present
• Average email size: 340KB (3.4x recommended maximum)

Step 5 -- Infrastructure Review:

• Shared IP through Klaviyo (acceptable)
• Sending pattern: 2-3 campaigns per week, but skipped 3 weeks in August, then sent 5 campaigns in one week
• Custom sending domain configured but bounce domain not set up

Step 6 -- Remediation Plan:

Step 7 -- Results after 6 weeks:

Example 2: Supplement Brand Blacklisted After Migration

Situation: A health supplements DTC brand (80K subscribers) migrated from Mailchimp to Omnisend. Two weeks after migration, delivery rates collapse. Customer service reports customers are not receiving order confirmations.

Step 1 -- Baseline Assessment:

Step 2 -- Authentication Audit:

• SPF: Old Mailchimp include still present, Omnisend include added. Record is valid but contains stale data.
• DKIM: Mailchimp DKIM key still in DNS. Omnisend DKIM not yet configured -- emails are unsigned.
• DMARC: v=DMARC1; p=quarantine; -- Emails failing DKIM are being quarantined by receiving servers. This is the primary cause of the delivery collapse.
• Custom bounce domain: Not configured in Omnisend.

Step 3 -- List Health Analysis: During migration, the full list was imported without suppression lists. Result:

• 3,200 previously hard-bounced addresses reimported and mailed
• 1,800 previously unsubscribed contacts reimported (CAN-SPAM violation risk)
• 12,400 addresses inactive for 1+ year reimported and mailed in the first blast

The initial Omnisend campaign was sent to all 80K contacts at once -- no warm-up on the new sending infrastructure.

Step 4 -- Content Scan:

• Transactional emails (order confirmations, shipping) are sending from the same domain and IP as marketing -- reputation damage is affecting transactional delivery.
• Health supplement content includes terms frequently flagged by spam filters: "miracle," "guaranteed results," "doctor recommended," "free trial."

Step 5 -- Infrastructure Review:

• Omnisend shared IP pool: The brand's sending behavior has not yet been isolated, but volume spike triggered provider-level throttling.
• IP check reveals listings on Spamhaus SBL and Barracuda BRBL.
• No dedicated sending subdomain -- marketing and transactional both send from supplements-brand.com.

Step 6 -- Remediation Plan:

Results after 4 weeks:

• Delivery rate recovered to 96.2%
• Delisted from both Spamhaus and Barracuda within 5 days of request
• Transactional email delivery rate: 99.4% (isolated subdomain)
• Open rate: 21.7% (approaching pre-migration levels)
• Warm-up completed successfully, sending to 45K engaged subscribers

Common Mistakes

1. Sending to the entire list without segmentation. Mailing 180-day-inactive subscribers alongside active ones drags down engagement ratios and trains mailbox providers to deprioritize your messages. Always segment by engagement recency and adjust frequency accordingly.

2. Ignoring Google Postmaster Tools data. Google processes ~30% of all email. If your domain reputation shows "Low" in Postmaster Tools, you have a Gmail problem regardless of what your ESP dashboard says. Check Postmaster Tools weekly at minimum.

3. Flattening SPF records incorrectly. When SPF exceeds 10 DNS lookups, some senders hardcode IP addresses to flatten it. This breaks when the ESP changes IPs. Use an SPF flattening service that auto-updates, or restructure includes to stay under the limit natively.

4. Setting DMARC to p=reject before monitoring. Jumping straight to a reject policy without first collecting aggregate reports at p=none will cause legitimate email from third-party senders (review request tools, loyalty platforms) to be silently rejected. Always start at p=none with rua reporting, then move to quarantine, then reject.

5. Not migrating suppression lists during ESP changes. When switching ESPs, the suppression list (hard bounces, unsubscribes, spam complaints) must transfer. Failing to do so means remailing people who already opted out or bounced, which causes immediate reputation damage and potential legal liability.

6. Buying or renting email lists. Purchased lists contain spam traps, invalid addresses, and unengaged recipients. Even a small purchased list segment (5-10% of total) can poison domain reputation for months. There is no legitimate shortcut to list building.

7. Sending high-volume campaigns on inconsistent schedules. Going from 0 sends in a week to 500K in a day triggers volume-based throttling at every major provider. Maintain consistent sending cadence and increase volume gradually (no more than 2x per week during ramp-up).

8. Using URL shorteners in email body. Bit.ly, TinyURL, and similar shorteners are heavily abused by spammers. Spam filters penalize their presence. Always use full, branded URLs or your own redirect domain.

9. Neglecting the plain-text version. Sending HTML-only emails without a plain-text MIME alternative raises spam scores. Every email should include a well-formatted plain-text part that mirrors the HTML content.

10. Treating deliverability as a one-time fix. Deliverability is an ongoing discipline. Lists decay at 25-30% per year, mailbox provider algorithms change, and sending patterns shift. Quarterly audits using the full workflow are essential to maintaining inbox placement.

Resources

• Google Postmaster Tools -- https://postmaster.google.com -- Free domain and IP reputation monitoring for Gmail delivery.
• MXToolbox -- https://mxtoolbox.com -- DNS lookup, blacklist checking, SPF/DKIM/DMARC validation.
• dmarcian -- https://dmarcian.com -- DMARC deployment and reporting platform.
• mail-tester.com -- https://www.mail-tester.com -- Send a test email and receive a deliverability score with specific improvement recommendations.
• Spamhaus -- https://www.spamhaus.org -- Check and request delisting from the most widely used DNS blacklist.
• GlockApps / Inbox Monster -- Seed-list based inbox placement testing across major providers.
• ZeroBounce / NeverBounce / BriteVerify -- Email list verification services for identifying invalid, risky, and spam-trap addresses.
• Litmus / Email on Acid -- Email rendering testing across clients and devices.
• RFC 7489 (DMARC) -- https://datatracker.ietf.org/doc/html/rfc7489 -- The DMARC specification.
• M3AAWG Best Practices -- https://www.m3aawg.org/published-documents -- Industry best practices for messaging anti-abuse.