Skip to Content
Knowledge BaseDeliverability

Deliverability

Sending email isn’t enough. Inboxing is.

Mailbox providers (Gmail, Outlook, Yahoo, Apple Mail, etc.) decide whether your message lands in inbox, junk, or gets refused based on a stack of signals — domain authentication, sender reputation, content patterns, recipient engagement.

This page is the field guide.

The 90% rule

Most deliverability problems come from one of three causes:

  1. Authentication is broken — SPF/DKIM/DMARC misconfigured → provider can’t verify the sender → marks as spam.
  2. List quality is bad — too many bounces (sending to dead addresses) or too many complaints (recipients didn’t expect the email).
  3. Content tripped a spam filter — links in the body to blocklisted domains, misleading subject lines, missing plaintext alternative.

Get authentication right + send to opt-in lists + don’t write spammy copy and you’ll inbox.

SPF / DKIM / DMARC

The three DNS-level authentication mechanisms every modern inbox provider expects.

SPF (Sender Policy Framework)

A TXT record on your domain that lists IPs / providers authorized to send mail “from” your domain. We give you:

TXT  yourcompany.com  "v=spf1 include:_spf.mail.splashifypro.com ~all"

The include: mechanism delegates SPF lookup to our published record, so when our IPs change you don’t have to update yours.

DKIM (DomainKeys Identified Mail)

A cryptographic signature in the email header that lets the receiver verify the message wasn’t tampered with in transit. We publish the public key under our domain and you publish a CNAME that points at it:

CNAME  splashify._domainkey.yourcompany.com  splashify._domainkey.mail.splashifypro.com

This way you don’t manage private keys + we can rotate the key periodically without coordinating with every customer.

DMARC (Domain-based Message Authentication, Reporting & Conformance)

DMARC sits on top of SPF + DKIM. It tells the receiver what to do with unauthenticated mail claiming to be from your domain:

TXT  _dmarc.yourcompany.com  "v=DMARC1; p=quarantine; rua=mailto:dmarc@splashifypro.com"
PolicyBehaviour
p=noneMonitor only — receivers report but don’t act
p=quarantineSend to spam (recommended)
p=rejectRefuse outright (strongest, but risky if any legitimate sender isn’t authenticated)

The rua= address receives aggregate reports. We provide a public endpoint at dmarc@splashifypro.com so you don’t need to set up your own.

Verify all three pass

curl https://apis.splashifypro.com/api/v1/partner/email/identities/DOMAIN/yourcompany.com \
  -H "Authorization: Bearer $SPLASHIFY_API_KEY"

Response includes per-record pass: true/false:

{
  "dns_records": {
    "spf":   { "pass": true,  "found": "v=spf1 include:_spf.mail.splashifypro.com ~all" },
    "dkim":  { "pass": true,  "found": "CNAME splashify._domainkey.mail.splashifypro.com" },
    "dmarc": { "pass": true,  "found": "v=DMARC1; p=quarantine; rua=mailto:..." }
  }
}

List hygiene

Bounces and complaints are the #2 cause of deliverability decline.

Acquire opt-in addresses only

Single opt-in (email entered on a form, no confirmation step) is the minimum. Double opt-in (form + confirmation email + click the link) is the gold standard — drops bounce rates ~10x.

Don’t:

  • Buy lists
  • Scrape websites
  • Import a list of “all my contacts” from a co-founder’s old job
  • Email people who gave you their card at a conference (without saying “we’ll add you to our newsletter”)

Bounce + complaint handling

Both are auto-managed by the suppression list. Hard bounces and complaints get added immediately, and we never attempt to send to suppressed addresses.

Sync to your application:

  • Bounce webhook event → mark user email_bounced=true in your DB
  • Complaint webhook event → mark user email_complained=true in your DB

Skip these users from any future outbound — your suppression list is mirrored at our level, but having it locally lets you also skip them from marketing campaigns + product onboarding flows.

Engagement-based pruning

Mailbox providers weight engagement heavily. If a recipient hasn’t opened or clicked any of your emails in 6 months, sending to them hurts your reputation. Drop them from active campaigns until they re-engage (e.g. via a “we miss you” prompt).

Content best practices

DoDon’t
Plain From: (hello@yourcompany.com)Display-name-only fakery (Hello <pretend@gmail.com>)
Clear subject (no RE: / FWD: if not actually a reply)All-caps, all-emojis, money symbols
Both HTML + plaintext bodyHTML only — spam filters penalize
Unsubscribe link in marketing emailMarketing email without unsubscribe (illegal in most jurisdictions)
Image alt textImage-only emails (heavy spam signal)
Concise body50% link / 50% text ratio

We auto-generate plaintext alternative from your HTML if you don’t provide one. We also auto-inject the unsubscribe link if your template doesn’t include one (CAN-SPAM compliance).

Sender reputation

We track reputation at the account level. Bounce rate + complaint rate over rolling 14 days. Above-threshold rates trigger automatic warnings + eventual auto-pause.

The platform’s sending infrastructure is well-warmed and has good standing across major mailbox providers. You inherit that reputation when you start sending — but bad behaviour from your account hurts the broader platform reputation, which is why we’re strict about list quality.

Subdomain strategy

For organisations sending high volume of mixed mail types, use subdomains to isolate reputation:

DomainUse
mail.acme.comTransactional (signup, receipts, password reset)
news.acme.comMarketing campaigns / newsletters
notify.acme.comApp notifications (high frequency, low engagement)

Each gets its own verified identity. Bounces / complaints on news.acme.com don’t drag down mail.acme.com’s reputation.

Read more

Sandbox vs ProductionPricing