The exact framework I use on every new engagement — authentication, sender reputation, content signals, sending patterns, and the infrastructure blind spots most guides quietly skip.
It used to be simple: avoid a handful of "spam trigger words," don't write in all caps, and you'd reach the inbox. That era is over. Today, deliverability is a continuous negotiation with a web of automated systems — authentication protocols, reputation scoring, machine-learning engagement models, content fingerprinting, and infrastructure signals — that decide, message by message, whether you land in the inbox, in Promotions, in spam, or nowhere at all.
Gmail alone runs models most senders will never see the inside of. The rules change without announcement. Your reputation drifts whether you're watching or not. That complexity is exactly why I built Mailflow Authority — because "just write better subject lines" stopped being an answer a long time ago.
Since Apple's Mail Privacy Protection started pre-loading images in 2021, a huge share of "opens" are machines, not humans. Your open rate is inflated and, frankly, unreliable. But here's the part that actually costs you money: a message that lands in spam still counts as "delivered" in your ESP.
So your dashboard says 99% delivered, 38% open — and meanwhile a third of your list never physically saw the email. The gap between delivered and inboxed is invisible, and it leaks revenue every single day you don't measure it. Clicks, replies, and conversions are the only signals that tell you the truth.
Before you touch a single setting, understand which game you're playing — because mixing them is the single most common way I see good domains get torched.
Receipts, password resets, confirmations. Expected, high-engagement, time-sensitive. Send from isolated infrastructure so nothing else can drag it down.
Newsletters, promos, broadcasts. Permission-based and sent in bulk, which means it lives or dies by sender reputation and the bulk-sender rules.
Outbound to people who never opted in. A different infrastructure problem entirely. One bad campaign can poison a domain — never run it where your real mail lives.
Rule of thumb: these three should never share a sending domain or IP. Most of the disasters I'm called in to fix start with someone blending two of them.
Tick each item as you go — the meter at the top tracks how exposed you are. Anything you can't honestly check is a place you're leaving inbox placement, and revenue, on the table.
SPF, DKIM, and DMARC are how a mailbox provider proves you are who you claim to be. These live in your DNS — the internet's address book. Get them wrong and you're flagged before a single word of your content is read. This is the foundation; everything below it is built on sand until this passes.
You don't need a tool for the first look. Send a test email to your own Gmail, open it, click the three-dot menu (⋮) → "Show original." Gmail tells you, in plain English, whether each protocol passed. (For the quick version, click the little dropdown caret next to the sender to see "mailed-by" and "signed-by.")
Mailbox providers score you on engagement. Blast everything to everyone and you teach Gmail to treat you as bulk noise. Segmentation is how you hand the algorithm proof that real humans want your mail — by leading with the people most likely to engage.
7-day clickers are your hottest audience. A click is real intent — far more meaningful than an open. Mail them most, and when your reputation is fragile, lead with this segment exclusively to rebuild trust.
Top-of-funnel entrants just joined. Their interest will never be higher than it is right now, so onboard them in a distinct stream, set expectations, and earn that first click fast before they go cold.
30-day openers vs. everyone older is your engagement line. Your 30-day-engaged group is your healthy core and should be your default broadcast audience. Once someone is past ~30 days with zero engagement, every send to them actively degrades your reputation with the provider.
A subscriber who won't even open isn't an asset sitting in reserve. They're a liability dragging your sender reputation down with every send. You don't win deliverability by hoarding dead contacts and hoping. Mail your engaged segment confidently, sell them or lose them, and let the disengaged self-select out. A smaller, engaged list beats a bloated, silent one in every metric that pays you.
Before you change anything, find out where you actually land. A seed-list test sends to a panel of real inboxes across Gmail, Outlook, Yahoo, and more, then shows you inbox vs. Promotions vs. spam vs. missing — broken out per provider, not as one comforting global number. I use GlockApps for this. It's your baseline today and your scoreboard for every change you make after.
Reputation is earned through positive signals over time — opens, replies, messages dragged from spam into the inbox, conversations marked as important. Automated warming manufactures those signals safely and consistently. I use WarmupInbox; if email is a strong revenue driver for you, warming is genuinely the single best thing you can do for your sending systems.
One caveat people miss: warming isn't a one-time setup. It's ongoing maintenance — keep it running in the background, and lean on it hard whenever you add infrastructure, ramp volume, or recover from a reputation hit.
Gmail is the dominant mailbox on the internet, which makes Google Postmaster Tools your single source of truth. Connect it. It reports your domain and IP reputation, spam complaint rate, authentication success, and delivery errors — straight from Google, no guessing.
Watch the spam complaint rate above all else. Keep it below 0.10%. At 0.30%, Google begins actively filtering you — that is the line you do not cross. When reputation reads High or Medium and complaints are low, you have room to ramp; grow in roughly 20–30% increments and let reputation confirm before the next step. Never double your volume overnight.
When reputation starts dipping, complaints climb, or errors rise, cut volume immediately. Pull all the way back to your most-engaged segment only, let the signals stabilize, then rebuild. The senders who get into real trouble are the ones who keep pushing volume while the dashboard turns red.
This is where the difference between "I read a blog post" and "I do this every day across dozens of senders" shows up. Each of these has silently killed inbox placement for senders who did everything else right.
The domains inside your links carry their own reputation. Shared link shorteners and recycled redirect domains are a silent killer — your mail can be clean while your tracking domain drags you to spam.
Marketing, transactional, and cold each belong on their own subdomain. A promo-reputation problem should never be able to block a customer's password reset.
p=none gives you visibility with zero protection — and almost nobody reads the aggregate (rua) reports it generates. Read them, then move to enforcement.
Where did these addresses actually come from? Purchased, scraped, or "we had them somewhere" lists are how genuinely good domains die overnight.
A dedicated IP only helps above consistent high volume. Below that threshold you can't keep it warm, and you're better off on a well-managed shared pool. Most people choose wrong.
Here's the uncomfortable truth running underneath this entire checklist: none of it is set-and-forget. Gmail and Yahoo rewrote the bulk-sender rules in 2024, and they'll do it again. Your reputation drifts. Your list ages. A configuration that inboxed perfectly last quarter quietly starts landing in spam — and your "delivered" dashboard will never tell you it happened.
A full-time deliverability engineer runs well north of $150k, and for almost every business that's overkill — you simply don't have the volume to keep one busy. But the flip side is the real trap: the person watching only their own domain is staring at a single patch of weather. They have no idea what's normal, what's a provider-wide shift, or what fix is already working three accounts over.
Breadth of pattern recognition is the entire game in deliverability — and you only get it from someone in the trenches across many senders, every single day.
That's exactly what I built Mailflow Authority to be: fractional access to a deliverability engineer who spotted your issue on someone else's domain last Tuesday and already knows the fix — without the cost or overkill of a full-time hire. If your dashboard says everything's fine, that's precisely when a second set of eyes pays for itself.
Book a deliverability audit →