Email deliverability checklist

22 checks across authentication, infrastructure, list hygiene, and content. Most small businesses starting from scratch fail 8–12 of these — which is normal, and fixable. Your progress saves automatically.

Part of our complete guide to B2B cold email.

Most businesses starting from scratch fail at least half of these

That’s not a criticism — deliverability infrastructure is genuinely non-trivial. The authentication section alone requires DNS access, an understanding of how SPF, DKIM, and DMARC interact, and ongoing monitoring that most small teams don’t have bandwidth for. The list hygiene section requires tooling most people haven’t bought. The monitoring section requires weekly attention to dashboards most founders have never heard of.

If you work through this checklist and find yourself looking at 12 unchecked items, that’s useful information: you now know exactly what’s standing between you and inbox placement. Whether you address those gaps yourself or hand them to someone else to run is a separate question — but the gaps are real, and ignoring them means your best copy goes unread.

0 / 22
Not started

1. Authentication

Non-negotiable.

If your sending domain doesn’t authenticate properly, nothing else matters — Google and Microsoft throw you straight to spam. This section is non-negotiable.

SPF record published and valid

Why

SPF tells receiving servers which IPs are allowed to send mail on your domain’s behalf. No SPF = high spam probability.

How to check

Run your domain through MXToolbox SPF Check. Record should return “Pass” and include every sending service you use (Google Workspace, your sequencer, etc.). Max 10 DNS lookups.

DKIM signing enabled on every sending domain

Why

DKIM cryptographically signs your messages so the receiver can verify they weren’t tampered with. Required for DMARC alignment.

How to check

Send yourself an email and view the raw headers — look for dkim=pass. Or use MXToolbox DKIM lookup.

DMARC record published (at least p=none)

Why

As of 2024, Google and Yahoo require DMARC for bulk senders. No DMARC = straight to spam for most recipients. Start with p=none to monitor before enforcing.

How to check

MXToolbox DMARC lookup. A minimal valid record: v=DMARC1; p=none; rua=mailto:dmarc@yourdomain.com.

MX records set correctly and domain can receive mail

Why

Sending from a domain that can’t receive replies is a classic spam signal. Every sending domain must have valid MX records.

How to check

Send a test from another account to your cold-sending address. It should land in an inbox you can actually read.

Reverse DNS (PTR) matches sending IP (shared senders can skip)

Why

Mail servers do a reverse lookup on your sending IP. If it doesn’t resolve to a legitimate hostname, you look like a bot.

How to check

If you use Google Workspace or a reputable sequencer’s shared pool, this is handled for you. Only matters if you’re sending via your own SMTP server.

2. Infrastructure & domain setup

Sending architecture.

How you structure your domains and mailboxes determines how much you can send without burning your primary domain.

Cold email sent from a separate domain (not your main one)

Why

Cold outreach always damages sender reputation over time. Protect your primary domain by sending from a separate lookalike (e.g. try-yourbrand.com, not yourbrand.com).

How to check

If your cold sends and your transactional mail share the same root domain, create a dedicated outreach domain and migrate over a 4–6 week window.

Sending domain is at least 30 days old before first cold send

Why

Brand-new domains sending cold are a massive spam signal. Buy the domain a month before you need it, set up DNS immediately, let it age.

Every mailbox warmed for 2+ weeks before cold sends

Why

New mailboxes with no history look like throwaway spam accounts. Warmup services simulate normal email behaviour to build reputation.

How to check

Use any warmup tool (Instantly, Smartlead, Warmy). Run for a minimum of 14 days, ideally 4 weeks, before turning on real outreach.

Per-mailbox daily send cap ≤ 40 new contacts

Why

Mailbox providers flag unusual volume. 30–40 first-touches per mailbox per day is the safe ceiling. Need more volume? Add more mailboxes, not more per-mailbox sends.

Sending spaced over business hours, not in a batch

Why

Firing 40 emails in 2 minutes looks automated. Spread them across 8–10 business hours with random 60–120 second gaps.

Volume split across multiple mailboxes/domains if sending >40/day

Why

Scaling pipeline means scaling infrastructure, not cranking up per-mailbox volume. 200 emails/day = 5+ mailboxes across 2+ domains.

3. List hygiene

The biggest deliverability killer.

Bounces and spam complaints damage sender reputation faster than anything else. A clean list is non-negotiable.

Every email verified before first send (≤2% bounce)

Why

Bounce rate over 3% tanks your reputation within days. Verify with MillionVerifier, NeverBounce, or similar before uploading to any sequencer.

Catch-all / risky addresses removed or throttled

Why

Catch-all domains return “valid” for any email, so bounce data is unreliable. Send to these in tiny volumes or exclude entirely.

No role-based emails (info@, sales@, contact@)

Why

Role emails get disproportionately marked as spam and have near-zero reply rates. Strip them from every list.

Global suppression list applied (past contacts, unsubscribes, customers)

Why

Emailing someone who opted out is illegal (UK PECR) and an instant spam complaint. Maintain one master suppression list across every campaign.

List deduplicated across all active campaigns

Why

Hitting the same prospect from two campaigns simultaneously is the single fastest way to get reported.

4. Content

What’s in the email.

Spam filters score the content of every message. These are the highest-ROI content fixes — for copy that’s already been tested, see our cold email templates guide.

≤1 link in the first email (zero is better)

Why

Multiple links in a first-touch cold email is a strong spam signal. Save the link-heavy pitch for after they reply.

No images, no tracking pixels in the first email

Why

Tracking pixels trigger filters and skew your open-rate data. Plain text emails outperform image-heavy ones in cold outreach consistently.

Plain text, not HTML templates

Why

Fancy HTML looks like marketing. Cold emails should look exactly like a 1:1 email — plain text, simple signature, no hero images.

Clear opt-out language in the email (or List-Unsubscribe header)

Why

UK PECR (soft opt-out / legitimate interest) requires a working opt-out path in every commercial email. One line — “reply ‘remove’ and I’ll take you off the list” — is enough for low-volume outreach. See our GDPR guide for detail.

No classic spam trigger words (FREE, GUARANTEED, CLICK HERE, all caps)

Why

Modern filters are less keyword-driven than they used to be, but the obvious triggers still score. Write like a human, not like a 2005 affiliate marketer.

Every email varies in content (no pure mail-merge)

Why

Filters cluster identical messages. Real personalisation — a unique opener per prospect — breaks that clustering and boosts inbox rates.

Email body under 125 words

Why

Short emails reply-rate better and trigger fewer content filters. If you can’t explain it in 125 words, the email isn’t the right place.

5. Monitoring

Know before you sink the domain.

Deliverability isn’t set-and-forget. Monitor continuously or you’ll find out your domain’s burnt only after it’s too late.

Inbox placement tested weekly (GlockApps or seed list)

Why

Open rates don’t tell you about spam placement. Run a seed-list test weekly to see where you’re actually landing across Gmail, Outlook, Apple Mail.

Google Postmaster Tools set up and monitored

Why

The only direct window into how Gmail sees your sending domain. Free. Flags reputation drops before they become a full burn.

How to check

postmaster.google.com — add each sending domain. Check weekly.

Spam complaint rate kept below 0.1%

Why

Above 0.3% and Gmail throttles you. Above 0.1% and it’s a warning sign — tighten targeting or soften messaging immediately.

Sending IPs and domains not on major blacklists

Why

Being on Spamhaus, Barracuda or SORBS kills you. Check weekly — delist processes exist but take time.

How to check

MXToolbox blacklist check.

Keep reading

Don’t want to think about any of this?

PrawnMail runs the full deliverability stack for you — authentication, warmup, monitoring, rotation. You just get replies.

Let us handle your deliverability setup