How email deliverability actually works

Deliverability is the probability that an email you send reaches the recipient's inbox — not their spam folder, and not a silent drop at the gateway. It is not a single switch; it is the sum of authentication, reputation, and content signals that mailbox providers (Gmail, Outlook, Yahoo) evaluate on every message.

The three authentication records

Every serious sending setup rests on three DNS records. MailStack generates all of them for you when you add a domain and exposes a verify endpoint so you can confirm they propagated.

• SPF (Sender Policy Framework) lists which servers are allowed to send mail for your domain. It answers: "is this server authorized?"
• DKIM (DomainKeys Identified Mail) cryptographically signs each message with a private key; the public key lives in your DNS. It answers: "was this message tampered with, and does it really come from this domain?"
• DMARC ties SPF and DKIM together with an alignment requirement and tells receivers what to do when checks fail (none, quarantine, or reject). It also unlocks aggregate reporting.

Why alignment matters more than passing

A common trap: your email "passes SPF" but still lands in spam. That's because DMARC requires the authenticated domain to align with the visible From address. MailStack uses a custom MAIL FROM subdomain and Easy DKIM so both SPF and DKIM align with your sending domain by default.

Sender reputation is earned, not bought

Mailbox providers track how recipients react to your mail — opens, replies, "this is spam" clicks, and bounces. A spike in bounces or complaints tanks your reputation fast. Two habits protect it:

• Honor suppression. Never re-send to an address that hard-bounced or complained. MailStack maintains an automatic suppression list and blocks sends to suppressed recipients before they ever leave the queue.
• Warm up gradually. Don't jump from 100 to 100,000 emails overnight on a new domain. Ramp volume over days so providers can calibrate trust.

Transactional vs. marketing reputation

Transactional mail (receipts, password resets) generally enjoys high engagement and strong reputation. Mixing low-engagement marketing blasts onto the same domain can drag transactional delivery down. Keep the streams separated — a topic we cover in transactional vs marketing email.

A checklist before you scale

• SPF, DKIM, and DMARC all verified and aligned.
• A custom MAIL FROM subdomain configured.
• Suppression enforced on every send.
• Bounce and complaint webhooks wired into your system.
• Volume ramped, not spiked.

Get these right and deliverability stops being mysterious. MailStack bakes the authentication and suppression pieces in so you can focus on the content.