The Complete Email Deliverability Guide: Authentication, Reputation, and Getting to the Inbox

The Complete Email Deliverability Guide: Authentication, Reputation, and Getting to the Inbox

On May 3, 1978, a marketing manager named Gary Thuerk sat down at his terminal and did something no one had ever done before. He sent a single email to 393 people on ARPANET — the predecessor to the internet — promoting Digital Equipment Corporation's new VAX computers. It was the world's first unsolicited bulk commercial email. The first spam.

Recipients were furious. ARPANET administrators reprimanded DEC. The message violated the network's acceptable use policy. But here's the thing: it worked. The campaign reportedly generated millions of dollars in computer sales.

That tension — between the sender's desire to reach everyone and the recipient's desire to receive only what matters — has defined email ever since. Forty-seven years later, it's no longer just a social contract. It's enforced by algorithms, authentication protocols, and mailbox providers that actively block senders who get it wrong.

Deliverability is how you win that tension. This guide covers everything: what it is, how it works, what breaks it, and how to fix it — with specific guidance on how Customer.io helps you manage it at scale.


What Is Email Deliverability?

Email deliverability is your ability to get emails into your recipients' primary inbox — not spam, not promotions, not junk. It's different from delivery rate. Delivery rate measures whether the server accepted your email. Deliverability measures whether a real person actually sees it.

An email can be "delivered" to a spam folder. Deliverability asks: did it reach the inbox?

The numbers matter. According to Validity's 2025 Email Deliverability Benchmark Report, global inbox placement dropped in 2024, with spam folder placement nearly doubling from Q1 to Q4 in some segments. One in six marketing emails never reaches the inbox. And 91% of US marketers say poor deliverability directly kills revenue.

Deliverability is not an IT problem. It's a revenue problem.


What Determines Whether Your Email Reaches the Inbox?

Mailbox providers — Gmail, Outlook, Yahoo — use three categories of signals to decide where your email lands:

  1. Authentication — Is this email legitimately from who it claims to be from?
  2. Sender reputation — Does this sender have a history of sending wanted mail?
  3. Content and engagement — Do recipients actually want this email?

Fail on any one of these and your emails get filtered. Let's go through each.


Domain Authentication: SPF, DKIM, and DMARC Explained

Authentication is the technical foundation of deliverability. Without it, nothing else matters.

In February 2024, Google and Yahoo made authentication mandatory for bulk senders (anyone sending 5,000+ emails per day). They now require SPF, DKIM, and a DMARC record — or your emails get rejected or filtered to spam. This affects transactional emails too: all sends count toward the 5,000-per-day threshold.

What Is SPF?

SPF (Sender Policy Framework) is a DNS record that lists which mail servers are authorised to send email from your domain. When a receiving server gets a message claiming to be from yourcompany.com, it checks your SPF record to confirm the sending server is on the approved list.

A basic SPF record looks like this:

v=spf1 include:_spf.customer.io include:_spf.google.com ~all

The 10-lookup trap: SPF has a hard limit of 10 DNS lookups. Every include: counts as one, and nested includes count too. If you use multiple email services (Customer.io, Google Workspace, a ticketing tool, a sales tool), you'll hit this limit fast. The result is an SPF "permerror" — your emails look unauthenticated. Use an SPF flattening tool to convert includes into IP addresses if you're approaching the limit.

~all vs -all: ~all is a softfail — flag suspicious senders but don't reject. -all is a hardfail — reject anything not on the list. Start with ~all until you're confident every legitimate sending source is listed, then move to -all.

What Is DKIM?

DKIM (DomainKeys Identified Mail) attaches a cryptographic signature to every outgoing email. The receiving server uses your public key (published in DNS) to verify the signature. If the email was tampered with in transit, the signature won't match — and the email fails.

DKIM does two things:

  • Proves the email came from an authorised sender
  • Proves the email wasn't modified after it left your server

In Customer.io, you set up DKIM by adding a CNAME record to your DNS that points to Customer.io's signing infrastructure. Once verified, every email Customer.io sends on your behalf carries a valid DKIM signature automatically.

What Is DMARC?

DMARC (Domain-based Message Authentication, Reporting & Conformance) is the policy that ties SPF and DKIM together. It tells receiving servers what to do when an email fails authentication — and sends you reports about what's happening with your domain.

A DMARC record has three policy options:

  • p=none — Monitor only. Take no action on failures. Use this to start.
  • p=quarantine — Move failing emails to spam.
  • p=reject — Block failing emails entirely.

A basic DMARC record:

v=DMARC1; p=none; rua=mailto:[email protected]; ruf=mailto:[email protected]; pct=100

The rua and ruf addresses receive aggregate and forensic DMARC reports. These reports are invaluable: they show you every server sending email that claims to be from your domain — including services you forgot about or attackers spoofing you.

The progression: Start at p=none, monitor reports for 2-4 weeks, fix any legitimate sources that are failing, then move to p=quarantine, then p=reject. Only 7.6% of domains enforce DMARC at reject — which means most domains are still leaving the door open to spoofing and spam filtering.

How SPF, DKIM, and DMARC Work Together

For DMARC to pass, your email needs to pass either SPF or DKIM — and the domain in those records must "align" with the domain in your From address. This is called DMARC alignment.

Protocol What It Checks What It Proves
SPF Sending server IP Authorised to send from this domain
DKIM Cryptographic signature Email was not tampered with in transit
DMARC SPF/DKIM alignment Both checks match the From domain

All three records are DNS TXT records. They cost nothing. They take under an hour to implement correctly. And without them in 2025, you're fighting deliverability with both hands tied behind your back.

What Is BIMI?

BIMI (Brand Indicators for Message Identification) is the next layer. Once DMARC is at p=quarantine or p=reject, you can publish a BIMI record that displays your brand logo directly in supported inboxes (Gmail, Yahoo, Apple Mail). It's a trust signal — and a brand visibility upgrade. BIMI requires a Verified Mark Certificate (VMC) for Gmail support.


What Is Sender Reputation and How Do You Build It?

Sender reputation is a score that mailbox providers assign to your sending domain and IP address. It reflects your sending history — and it determines where your emails land before anyone even reads them.

Think of it like a credit score for email. High reputation: emails go to the inbox. Low reputation: emails go to spam. Very low reputation: emails get rejected entirely.

Mailbox providers calculate reputation based on:

  • Spam complaint rate — The percentage of recipients who mark your email as spam. Google requires this below 0.1%, with a hard cap at 0.3%. Above that threshold, expect domain-level blocking.
  • Bounce rate — Hard bounces (non-existent addresses) and soft bounces (full inbox, temporary failure). Hard bounces above 2% signal a dirty list.
  • Engagement signals — Opens, clicks, replies, and forwards tell providers your emails are wanted. Deletes-without-reading and spam complaints tell them the opposite.
  • List age and sending consistency — Sudden volume spikes from new domains look like spam. Consistent, gradual sending from an established domain looks like a legitimate sender.
  • Unsubscribe rate — High unsubscribes aren't ideal, but they're better than spam complaints. Make unsubscribing easy.

Domain Reputation vs IP Reputation

Mailbox providers track reputation at two levels:

Domain reputation is tied to your sending domain (mail.yourcompany.com). It follows you if you change email providers. Protect it as your most valuable sending asset.

IP reputation is tied to the IP address your email is sent from. On a shared IP (the default in Customer.io), your reputation is pooled with other senders. On a dedicated IP, your reputation is entirely your own.


Shared IPs vs Dedicated IPs: Which Should You Use?

Customer.io offers both options, and the right choice depends on your sending volume.

Shared IP Pools

By default, Customer.io sends your emails through its managed shared IP pools. Customer.io actively monitors these pools and removes domains that perform poorly — protecting the reputation of everyone on the pool.

Customer.io also maintains a separate transactional IP pool with stricter thresholds, specifically for transactional emails like receipts, password resets, and billing alerts. If you have a dedicated sending domain for transactional messages, you can request to be added to this pool. Transactional emails sent through this pool achieve the highest possible deliverability.

Who shared IPs work best for: Senders below 100,000 emails per month, or teams that don't have the volume to maintain a dedicated IP's reputation independently.

Dedicated IPs

Available on Customer.io's Premium and Enterprise plans, a dedicated IP means your sending reputation is entirely yours. No other Customer.io sender can affect your inbox placement.

The key requirement: You need enough consistent volume to "warm" and maintain a dedicated IP. Customer.io's documentation specifies a minimum volume threshold. Below that, a dedicated IP can actually hurt deliverability — there isn't enough sending activity for mailbox providers to build a reliable reputation signal.

Who dedicated IPs work best for: High-volume senders (typically 100,000+ emails per month) with consistent sending patterns and the operational discipline to manage reputation carefully.

The tradeoff is simple: shared IPs are managed for you; dedicated IPs give you control — but require you to use that control well.


What Is IP Warming and Why Does It Matter?

IP warming (and domain warming) is the process of gradually increasing your sending volume to build reputation with mailbox providers before reaching full capacity.

A brand-new domain or IP address has zero reputation. Sending 50,000 emails on day one looks exactly like a spam operation. Mailbox providers respond by blocking or filtering your emails — and once your reputation is damaged, it can take weeks to recover.

Customer.io's domain warming documentation provides specific day-by-day schedules:

For established domains (with some sending history):

Day Daily Volume Hourly Limit
1 1,000 100
3 5,000 600
7 14,000 2,000
14 175,000 25,000
15 250,000 50,000

For brand new domains:

Day Daily Volume
1 100
3 350
7 1,500
13 25,000

The rule Customer.io emphasises: never send more than double the previous day's volume. A sudden volume spike — even after a successful warm-up — can trigger filtering. Consistency is more important than volume.

Who should warm up?

  • Anyone sending from a new domain
  • Anyone who hasn't sent email in 30+ days
  • Anyone switching to a new dedicated IP
  • Anyone migrating to a new email service provider

Research on warmed vs unwarmed domains shows properly warmed domains achieve 94% inbox placement on average, versus 62% for domains that skip warm-up. That 32-percentage-point gap is the difference between a healthy programme and one that's invisible.


What Is List Hygiene and How Often Should You Clean Your List?

List hygiene is the practice of regularly removing invalid, inactive, and disengaged contacts from your email list. It's the single most direct action you can take to protect deliverability.

HubSpot research puts average annual email database decay at 22.5%. People change jobs, abandon email addresses, and simply stop caring. Every invalid or disengaged address you keep sending to is either a bounce waiting to happen or a spam complaint accumulating.

According to Sinch Mailgun's State of Email Deliverability report, 39% of senders rarely or never conduct list hygiene. That's nearly half of all senders absorbing completely preventable deliverability risk.

Hard Bounces vs Soft Bounces

Hard bounces are permanent failures: the address doesn't exist, the domain doesn't exist, or the server permanently rejected delivery. Remove hard bounces immediately and permanently. Customer.io automatically suppresses hard bounced addresses.

Soft bounces are temporary failures: full inbox, server temporarily unavailable. Customer.io handles soft bounces automatically, retrying delivery and suppressing the address after repeated failures.

What Are Spam Traps?

Spam traps are email addresses set up specifically to catch senders with poor list hygiene practices. There are two types:

  • Pristine spam traps — Addresses that have never been used by a real person, seeded into data brokers' lists. If you're emailing one, you bought or scraped a list you shouldn't have.
  • Recycled spam traps — Old, abandoned addresses that ISPs have repurposed. If you're emailing one, you haven't cleaned your list in years.

Hitting a spam trap won't just hurt one campaign. It will damage your sending domain's reputation with the provider managing that trap — and can result in blacklisting.

The List Hygiene Schedule

A practical hygiene cadence for most senders:

  • Real-time: Validate email addresses at the point of signup using a real-time verification API
  • Monthly: Suppress hard bounces and spam complainers (Customer.io does this automatically)
  • Quarterly: Run a re-engagement campaign for contacts who haven't opened in 90 days. Remove non-responders.
  • Annually: Do a full list audit. Remove anyone inactive for 12+ months.

Double Opt-In: The Cleaner List from Day One

Double opt-in (confirming each signup via a verification email) eliminates invalid addresses, spam traps, and low-intent signups before they enter your list. It produces a smaller list that performs significantly better — with higher open rates, lower bounce rates, and cleaner sender reputation.

This connects directly to building a subscription centre in Customer.io — which gives existing subscribers control over what they receive, reducing the chance they'll mark your emails as spam when the content doesn't match their interests.


Email Content Best Practices for Deliverability

Authentication and reputation are the foundation, but content is what triggers spam filters on individual emails after your domain reputation is established.

The Text-to-Image Ratio Rule

Spam filters flag image-heavy emails because spammers historically used all-image emails to bypass keyword detection. The widely accepted guideline is 60% text, 40% images. An email that's mostly one big promotional banner with a small unsubscribe link at the bottom looks like spam — because that's what spam looks like.

Practical rules:

  • Use HTML text for your main message, not text embedded in images
  • Add alt text to every image
  • Never use an image-only call to action
  • Keep images compressed and responsive for mobile

Spam Trigger Words

Modern spam filters are more sophisticated than simple keyword matching, but certain phrases still reliably trigger suspicion: "FREE!!!", "Act now", "Click here", "You've been selected", "Guaranteed", "No obligation", excessive punctuation, all-caps subject lines. These aren't absolute rules — context matters — but they add up. Use natural language.

Subject Line and Preheader

Your subject line determines whether the email gets opened — which affects your engagement score — but it also gets scanned by filters. Keep it honest and specific. The subject should match the email content. Misleading subject lines violate CAN-SPAM, damage trust, and inflate spam complaints.

The preheader (the preview text that appears after the subject line in inbox listings) is valuable real estate. Use it to extend the subject line's message, not repeat it.

Plain Text Version

Always include a plain-text version of every HTML email. This is a trust signal for spam filters. Emails with no plain-text alternative look automated and lazy — which often correlates with spam. Customer.io lets you set a plain-text version for every message.

Sending Frequency and Consistency

Sudden changes in sending frequency confuse spam filters. If you normally send weekly and suddenly send daily for a month, expect a temporary dip in deliverability. Consistency — both in volume and in timing — builds the kind of predictable sending pattern that mailbox providers trust.

For a deep dive on this, our guide to behaviour-triggered journeys vs time-based drips explains why triggered, relevant sends achieve better engagement — and better deliverability — than broadcast blasts.

One-Click Unsubscribe (RFC 8058)

Google and Yahoo now require RFC 8058 one-click unsubscribe for bulk senders. This means unsubscribing must be a single action — no confirmation pages, no extra steps. Customer.io's {% unsubscribe %} Liquid tag generates RFC 8058-compliant unsubscribe links automatically.


How Customer.io Manages Deliverability for You

Customer.io has built deliverability management directly into its infrastructure. Here's what that means in practice:

Managed shared IP pools: Customer.io maintains multiple IP pools, actively monitors their health, and removes domains that perform poorly. Your default sending benefits from this ongoing management without any configuration on your part.

Dedicated transactional IP pool: For transactional emails — receipts, alerts, password resets — Customer.io maintains a separate, stricter pool with higher deliverability standards. Request access from your email settings if you use a dedicated transactional sending domain.

Dedicated IPs (Premium/Enterprise): For high-volume senders who need full reputation control, dedicated IPs isolate your sending reputation entirely. Customer.io provides a domain warming schedule and guidance for setting up dedicated IPs safely.

Domain warming documentation: Customer.io publishes specific, tested warm-up schedules for both new and established domains — so you can migrate or launch without tanking your reputation.

Automatic bounce suppression: Customer.io automatically removes hard bounced addresses from your sending lists and tracks soft bounces. No manual list management required for basic bounce handling.

DKIM setup: Customer.io provides the DNAME/CNAME records you need to enable DKIM signing for your domain. Once your DNS records are verified, every email is DKIM-signed.

Feedback loops: Customer.io's sending infrastructure maintains feedback loop registrations with major mailbox providers, so spam complaints are processed and suppressed automatically.

At NerveCentral, as a Customer.io Certified Partner, we help businesses configure all of this correctly — including authentication records, IP strategy, and list hygiene workflows — so deliverability isn't something you have to think about after the fact.


How Does Deliverability Connect to Your Broader Email Strategy?

Deliverability isn't a standalone configuration task. It's the foundation that every other email strategy depends on.

Your lifecycle marketing programme only works if emails reach the inbox. Your onboarding sequences only activate new users if they're seen. Your retention campaigns only reduce churn if they're delivered before the customer decides to leave.

Every tactic in your omnichannel messaging strategy depends on email reaching its target. And every lifecycle marketing report you produce is measuring the output of emails that only reached a fraction of their intended audience if deliverability is broken.

Fix deliverability first. Everything else builds on it.


The Deliverability Audit Checklist

Run through this checklist to assess and improve your current deliverability standing.

Authentication

  • [ ] SPF record published in DNS and verified
  • [ ] SPF record has fewer than 10 DNS lookups (check with MXToolbox SPF checker)
  • [ ] DKIM set up and signing correctly for your sending domain
  • [ ] DMARC record published — at minimum p=none with a report address
  • [ ] DMARC reports being received and reviewed
  • [ ] DMARC policy progressing toward p=quarantine or p=reject
  • [ ] All sending services (Customer.io, Google Workspace, transactional tools) included in SPF
  • [ ] DKIM keys are at least 1024-bit (2048-bit recommended)

Sender Reputation

  • [ ] Spam complaint rate below 0.1% (check Google Postmaster Tools)
  • [ ] Hard bounce rate below 2%
  • [ ] Sending from a domain you own — not @gmail.com or @yahoo.com
  • [ ] Domain is at least 30 days old before heavy sending
  • [ ] Dedicated transactional sending domain (separate from marketing domain)
  • [ ] One-click unsubscribe (RFC 8058) enabled and tested
  • [ ] Spam complaints automatically suppressed

IP and Domain Warming

  • [ ] New domains/IPs following a documented warm-up schedule
  • [ ] Volume increases never more than 2x the previous day
  • [ ] Warm-up sends targeted to your most engaged subscribers first
  • [ ] No volume spikes after periods of inactivity

List Hygiene

  • [ ] Hard bounces suppressed and removed automatically
  • [ ] Soft bounces monitored and removed after repeated failures
  • [ ] Email address validated at point of signup (real-time verification)
  • [ ] Re-engagement campaign running for contacts inactive 90+ days
  • [ ] Contacts inactive for 12+ months removed or further suppressed
  • [ ] No purchased or scraped lists in use
  • [ ] Double opt-in used for new subscribers (or single opt-in with clear consent)
  • [ ] Unsubscribes processed within 10 business days (CAN-SPAM) — ideally immediately

Content

  • [ ] Plain-text version included with every HTML email
  • [ ] Text-to-image ratio at or above 60:40
  • [ ] Alt text on all images
  • [ ] No misleading subject lines
  • [ ] No spam trigger words in subject lines or body
  • [ ] CTA is HTML text/button, not an image
  • [ ] Unsubscribe link visible in every email footer
  • [ ] Physical mailing address in footer (CAN-SPAM requirement)

Monitoring

  • [ ] Google Postmaster Tools set up and tracking domain reputation
  • [ ] Microsoft SNDS (Smart Network Data Services) enrolled
  • [ ] Blacklist monitoring active (MXToolbox, Spamhaus)
  • [ ] Bounce rates reviewed after every campaign
  • [ ] Spam complaint rates reviewed weekly
  • [ ] DMARC report analysis scheduled monthly

Frequently Asked Questions

What is email deliverability and why does it matter?

Email deliverability is your ability to get emails into the primary inbox — not spam, not promotions, not junk. It differs from delivery rate (which only measures whether the receiving server accepted the email). According to Validity's 2025 Benchmark Report, global inbox placement dropped in 2024, with 1 in 6 marketing emails never reaching the inbox. For email-dependent businesses, poor deliverability directly cuts open rates, click rates, and revenue — often without any obvious warning signs.

What is SPF and how do I set it up?

SPF (Sender Policy Framework) is a DNS TXT record that lists which mail servers are authorised to send email from your domain. When a receiving server gets an email claiming to be from your domain, it checks the SPF record. If the sending server's IP isn't on the list, the email fails SPF. To set it up: log into your DNS provider, create a TXT record for your domain, and add the appropriate include: entries for every service you send email from. For Customer.io, add include:_spf.customer.io. Keep your total DNS lookups below 10.

What is DKIM and how does it work?

DKIM (DomainKeys Identified Mail) adds a cryptographic signature to every outgoing email. Your sending server signs the email with a private key. The receiving server retrieves your public key from DNS and verifies the signature. If it matches, the email hasn't been tampered with and comes from an authorised sender. In Customer.io, DKIM setup involves adding CNAME records to your DNS. Once verified, Customer.io signs every outgoing email automatically.

What is DMARC and what policy should I start with?

DMARC (Domain-based Message Authentication, Reporting & Conformance) is the policy layer that ties SPF and DKIM together. It tells receiving servers what to do when authentication fails — and sends you reports about authentication results. Start with p=none (monitor only, no email blocked). Review DMARC reports for 2-4 weeks to identify all legitimate sending sources. Fix any failures. Then move to p=quarantine, and eventually p=reject for maximum protection and deliverability signalling.

How do I check my sender reputation?

The two most important tools are Google Postmaster Tools (free, available at postmaster.google.com) and Microsoft SNDS (Smart Network Data Services). Google Postmaster Tools shows your domain reputation and spam rate for Gmail specifically — the most important inbox provider. Set it up, verify your sending domain, and monitor it weekly. For blacklist monitoring, MXToolbox and Spamhaus provide free lookup tools to check whether your domain or IPs appear on known blocklists.

What is IP warming and how long does it take?

IP warming is the process of gradually increasing email volume from a new IP address or domain to build sender reputation with mailbox providers. For established domains, Customer.io's warming schedule takes 15 days to reach 250,000 daily sends. For brand-new domains, the schedule is slower — starting at 100 emails per day and taking several weeks to reach high volumes. The core rule: never send more than double the previous day's volume. Domains that skip warming achieve only 62% inbox placement on average vs 94% for properly warmed domains.

What causes a high spam complaint rate?

The most common causes: sending to people who didn't explicitly opt in, sending irrelevant content to unengaged subscribers, making it hard to unsubscribe (so recipients complain instead), not honouring unsubscribe requests promptly, and sending too frequently. Google requires your spam complaint rate to stay below 0.1%, with a hard cap at 0.3%. Above 0.3% risks domain-level blocking. Use a subscription centre to let subscribers manage preferences instead of hitting the spam button.

What is a hard bounce vs a soft bounce?

A hard bounce is a permanent delivery failure — the address doesn't exist, the domain doesn't exist, or the receiving server has permanently rejected your email. Remove hard bounced addresses immediately. Customer.io suppresses them automatically. A soft bounce is a temporary failure — the recipient's inbox is full, the server is temporarily unavailable. Customer.io retries soft bounces automatically and suppresses the address after repeated failures. Hard bounce rates above 2% signal serious list hygiene problems.

What are spam traps and how do I avoid them?

Spam traps are email addresses set up specifically to catch senders with poor practices. Pristine traps have never been used by real people — hitting one means you acquired addresses improperly (bought lists, scraped data). Recycled traps are old, abandoned addresses repurposed by ISPs — hitting one means you haven't cleaned your list in years. Avoid them by: never buying or scraping email lists, validating addresses at signup, running regular re-engagement campaigns, and removing contacts who've been inactive for 12+ months.

Does Customer.io handle email authentication automatically?

Partly. Customer.io handles DKIM signing once you add the required CNAME records to your DNS. It also manages SPF for its sending servers, but you need to add Customer.io's SPF include to your domain's SPF record. DMARC is entirely your responsibility — Customer.io doesn't set up DMARC for you. You also need to ensure all other services you send email from (Google Workspace, Zendesk, Intercom, etc.) are included in your SPF and DKIM records. Customer.io provides step-by-step DNS record instructions in your email settings.

What is the difference between delivery rate and deliverability rate?

Delivery rate measures whether the receiving mail server accepted your email (i.e., didn't bounce or reject it). Deliverability rate measures whether your email reached the primary inbox — as opposed to spam, promotions, or junk. A message can have 99% delivery rate and 40% deliverability (because 59% landed in spam). Most email platforms report delivery rate because it's easier to measure. True deliverability requires inbox placement monitoring tools like GlockApps, Postmaster Tools, or third-party seed testing.

How does list hygiene affect deliverability?

Directly and significantly. A list with many invalid addresses generates hard bounces that damage your sender reputation. Disengaged subscribers who don't open or click your emails produce low engagement signals — which tell mailbox providers your emails aren't wanted. Disengaged subscribers who don't bother unsubscribing but mark your emails as spam are the most dangerous: each spam complaint directly harms your complaint rate. A smaller, engaged list outperforms a large, dirty list on every deliverability metric. HubSpot research estimates email databases decay by 22.5% annually — regular cleaning is non-negotiable.

Do I need a dedicated IP address with Customer.io?

Not necessarily. Customer.io's managed shared IP pools provide good deliverability for most senders, and the active monitoring removes poor performers. Dedicated IPs make sense when you're sending consistently high volumes (typically 100,000+ emails per month), need complete isolation of your sending reputation, or have specific deliverability requirements that shared pools can't meet. Below that volume, a dedicated IP can actually hurt deliverability because there isn't enough sending to build a reliable reputation signal. Customer.io's Premium and Enterprise plans include dedicated IP options.

What is the 2024 Google and Yahoo bulk sender requirement and does it affect me?

From February 2024, Google and Yahoo require any sender sending 5,000+ emails per day to authenticate with SPF, DKIM, and DMARC (at minimum p=none), support one-click unsubscribe (RFC 8058), and maintain spam complaint rates below 0.1%. All emails count toward the 5,000 threshold — transactional and marketing combined. Non-compliant senders face rejection or spam filtering. Even if you're below 5,000 per day, implementing all three authentication protocols is a best practice that directly improves deliverability regardless of provider.

How do I monitor my email deliverability?

Use a combination of tools: Google Postmaster Tools for Gmail domain reputation and spam rates (free, essential). Microsoft SNDS for Outlook/Hotmail reputation. GlockApps for inbox placement testing across multiple providers. MXToolbox and Spamhaus for blacklist monitoring. In Customer.io, monitor bounce rates and complaint rates per campaign in your sending analytics. Set a weekly habit: check Postmaster Tools, review bounce rates, and scan for blacklist appearances. Catch problems early — reputation recovery takes time.


The Bottom Line

Gary Thuerk's 1978 spam email generated sales — but also generated the framework of rules, filters, and reputation systems that every email marketer navigates today. The lesson isn't that bulk email is bad. It's that unwanted email is punished, and wanted email is rewarded.

Deliverability is the technical manifestation of that principle. Set up your authentication (SPF, DKIM, DMARC). Build your sending reputation carefully. Warm up new domains and IPs. Keep your list clean. Write content that passes filters and earns engagement. And use a platform like Customer.io — with its managed IP infrastructure, automatic bounce handling, and domain warming guidance — to handle the complexity at scale.

NerveCentral is a Customer.io Certified Partner and we help businesses configure, audit, and continuously improve their deliverability. If you've got campaigns that aren't performing the way they should, the problem is usually somewhere in this guide.

Let's find it.


Sources

  1. Validity — 2025 Email Deliverability Benchmark Report — Global inbox placement data, spam placement trends, and industry benchmarks.
  2. InboxAlly — 2024 Gmail and Yahoo Bulk Sender Requirements — Full documentation of the 2024 authentication mandates.
  3. Customer.io Docs — Domain Warming — Official warm-up schedules for new and established sending domains.
  4. Customer.io Docs — IP Addresses: Shared vs Dedicated — Customer.io's IP architecture and dedicated IP requirements.
  5. The Digital Bloom — B2B Email Deliverability 2025 Benchmarks — Data on DMARC enforcement rates and inbox placement benchmarks.
  6. InboxAlly — Email List Hygiene Best Practices — Annual database decay rates and hygiene frequency guidance.
  7. HowToWarmUpEmail — Email Warm-Up Step by Step (2026) — 94% vs 62% inbox placement data for warmed vs unwarmed domains.
  8. EmailConsul — Text-to-Image Ratio in Email Deliverability (2025) — Text-to-image ratio best practices and spam filter behaviour.
  9. EDN — The First Spam Email, May 3, 1978 — Historical record of Gary Thuerk's first bulk commercial email.
  10. Mediusware — Email List Management 2025 — Revenue impact of poor deliverability statistics.
David Crowther
Book a free consultation →

On our call, you'll be speaking with David Crowther, founder of NerveCentral.

Our initial consultation is not a sales call—you'll talk, I'll listen and ask questions—then I'll come back to you within 48 hours with our best ideas on how to grow your business.