Skip to content

Deliverability

You can write the most compelling email in the world, segment your list perfectly, and design a flawless template. None of it matters if your email lands in spam.

Deliverability is the foundation that everything else sits on. And in 2026, it’s more complex, more engagement-driven, and more consequential than ever before. This chapter is the most detailed in the book because deliverability problems are the silent killer of email programmes. You often don’t know you have a problem until revenue has already dropped.

Email authentication is table stakes. Without proper authentication, inbox providers have no way to verify that you are who you claim to be, and they will treat your emails accordingly.

There are three core authentication protocols. All three are required.

SPF: Sender Policy Framework

SPF tells receiving mail servers which servers are authorised to send email on behalf of your domain. It works by publishing a DNS TXT record that lists your authorised sending IPs and includes statements for your ESP.

The critical technical detail most people miss: SPF has a 10 DNS lookup limit. Every include: statement counts as a lookup, and each of those includes can contain nested lookups of their own. If you’re using multiple ESPs (your marketing platform, your transactional email service, your CRM, your helpdesk), you can easily exceed this limit. When you do, SPF fails entirely.

Use ip4: directives for your own dedicated sending IPs and include: for ESP authorisation. For example: v=spf1 ip4:192.0.2.1 include:_spf.google.com include:sendgrid.net -all

Always end your SPF record with -all (hard fail), not ~all (soft fail). Hard fail tells receiving servers to reject email from unauthorised sources. Soft fail suggests they mark it as suspicious but still deliver it. With DMARC in place (covered below), hard fail is the correct choice.

SPF flattening is a technique for complex setups where you’re hitting the 10-lookup limit. It resolves all the include statements into their underlying IP addresses and lists them directly in your SPF record. Tools like AutoSPF and SPF Wizard can automate this, but be aware that the flattened record needs updating whenever your ESPs change their sending IPs.

DKIM: DomainKeys Identified Mail

DKIM adds a digital signature to every email you send. The receiving server checks this signature against a public key published in your DNS. If the signature matches, the email hasn’t been tampered with in transit.

The current standard is 2048-bit RSA keys. Some older setups still use 1024-bit, which is increasingly insufficient. Rotate your DKIM keys annually. This limits the exposure window if a key is somehow compromised.

The d= signing domain must align with your From address domain for DMARC to pass. If your From address is hello@yourbrand.com, your DKIM signature should use d=yourbrand.com (or a subdomain of it, under relaxed alignment).

Use c=relaxed/relaxed for your canonicalisation settings. This allows minor, harmless modifications during mail transport (like whitespace changes) without breaking the signature.

DMARC: Domain-based Message Authentication, Reporting, and Conformance

DMARC ties SPF and DKIM together and tells receiving servers what to do when authentication fails. It’s the policy layer.

Only 34% of the largest 5,000 companies have implemented DMARC. Of those that have, 75 to 80% face challenges achieving enforcement (p=quarantine or p=reject). This means the majority of large organisations either lack DMARC entirely or have it set to monitoring mode with no enforcement.

Implement DMARC in stages:

Start with p=none (monitoring only). This sends you reports about authentication failures without affecting delivery. Leave it in monitoring mode for at least 2 to 4 weeks, analysing the reports to identify any legitimate sending sources that aren’t properly authenticated.

Move to p=quarantine (failed emails go to spam). This is your first enforcement step. Monitor for any unexpected quarantining of legitimate emails.

Finally, move to p=reject (failed emails are outright rejected). This is full enforcement and your end goal.

DMARC alignment can be relaxed or strict. Relaxed alignment requires that the organisational domain matches. So mail.yourbrand.com and yourbrand.com would both pass. Strict alignment requires an exact domain match. Most setups need relaxed alignment for multi-ESP compatibility, and that’s where you should start unless you have a specific reason for strict alignment.

Matthew Vernhout has been one of the strongest advocates for DMARC adoption, and his guidance on phased implementation is worth following.

BIMI: Brand Indicators for Message Identification

BIMI is the newest authentication standard, and it’s the one your marketing team will actually get excited about. BIMI displays your brand logo directly in the inbox next to your sender name. It’s visual brand recognition at the point of open.

BIMI is the under-used trust lever, and it’s worth knowing exactly who it’s for. There are three hard requirements, in this order: DMARC at enforcement (p=quarantine or p=reject, so you can’t shortcut to it), a registered trademark on your logo, and a Verified Mark Certificate (VMC) that ties the two together, costing roughly $1,500 per year from DigiCert or Entrust. The trademark requirement is the one most people trip on: no registered mark, no VMC, no logo in the inbox.

BIMI is currently supported by Gmail, Yahoo, and Apple Mail, which covers a substantial portion of consumer inboxes. The DNS record format is default._bimi.yourdomain.com with a TXT record pointing to your logo SVG and VMC certificate.

This is a top-tier-sender lever, not a starter one. It’s worth the spend if you already have DMARC at enforcement, a trademarked logo, and enough volume in crowded consumer inboxes that a verified logo next to your sender name lifts recognition and open intent. For a small sender without a registered trademark, skip it and spend the effort on list hygiene and engagement instead.

ARC: Authenticated Received Chain

ARC preserves authentication results when emails pass through intermediary servers, like mailing lists or forwarding services. Without ARC, forwarded emails often fail DMARC because the intermediary server isn’t in the original sender’s SPF record.

ARC is handled at the mail server level and isn’t something most marketers need to configure directly. But if you’re seeing DMARC failures from forwarded emails, ARC support on your sending infrastructure is the solution.

MTA-STS: MTA Strict Transport Security

MTA-STS forces TLS encryption for email in transit, preventing downgrade attacks where a bad actor forces an unencrypted connection to intercept email content. Implementation requires a DNS record and a hosted policy file. It’s a security enhancement worth implementing, particularly if you send sensitive information via email (order confirmations, account details, financial data).

The authentication implementation sequence matters. If you’re setting up authentication from scratch, follow this order: SPF first (it’s the simplest, one DNS record), then DKIM (slightly more complex, your ESP will provide the records), then DMARC at p=none (start monitoring), then advance DMARC to enforcement over 4 to 8 weeks. BIMI comes last, only after DMARC is at p=quarantine or p=reject.

For multi-ESP setups, authentication gets complicated fast. If you’re using Klaviyo for marketing, SendGrid for transactional, Intercom for product emails, and Google Workspace for internal email, all four need to be covered by your SPF record and all four need DKIM configured with proper domain alignment. This is where the SPF 10-lookup limit becomes a real problem, and where SPF flattening or restructuring your setup becomes necessary.

Audit your full authentication setup quarterly. ESPs change their sending infrastructure, domains expire, and new sending sources get added without updating DNS. A quick check of your SPF, DKIM, and DMARC records takes 15 minutes and can prevent deliverability problems before they start. Use dmarcian.com or postmarkapp.com/dmarc for easy DMARC monitoring and reporting.

Your sender reputation determines whether inbox providers trust you enough to put your emails in the inbox. In 2026, the rules have shifted.

The mental model that matters: deliverability isn’t a one-time technical setup you flip on and forget. The inbox is earned, send by send. You don’t fix it after a campaign tanks. You fix it before the send, and every send either builds or burns your reputation. Treat reputation as a balance you’re constantly topping up or drawing down, never a switch.

Domain reputation now matters more than IP reputation for Gmail. Google retired its legacy IP/Domain Reputation dashboards in September 2025, replacing them with Compliance Status and Spam Rate dashboards. This signals a broader move toward domain-level evaluation. Your domain’s reputation follows you regardless of which IPs you send from.

Gmail uses approximately a 120-day reputation window. That means a serious reputation hit takes up to 4 months to fully recover from. Prevention is far less painful than cure.

Key metrics inbox providers track:

Bounce rates should stay below 1%. Spam complaints should stay below 0.1% (that’s 1 complaint per 1,000 emails). Engagement rates (opens, clicks, replies) factor heavily into Gmail’s filtering decisions. Sending patterns matter. A sudden spike from 10,000 to 100,000 emails looks like a spammer who just bought a list. Ramp up gradually.

Use a dedicated IP when sending over 1 million emails per month. Below that volume, shared IPs from reputable ESPs are fine and often preferable, because the ESP’s overall reputation benefits your sending. Above that volume, a dedicated IP gives you full control over (and full responsibility for) your reputation.

Troy Ericson’s “Email Paramedic” approach to reputation recovery follows a clear sequence: fix authentication first, then clean the list, then rebuild engagement with the healthiest segments. Trying to fix engagement before authentication is like mopping the floor while the pipe is still leaking.

List hygiene and its effect on reputation: Remove hard bounces immediately (your ESP should do this automatically). Suppress or remove subscribers who haven’t engaged in 12 months. Run your list through a verification service (ZeroBounce, NeverBounce, BriteVerify) at least twice a year to catch addresses that have become invalid, converted to spam traps, or been recycled. Pristine spam traps (addresses that were never used by a real person, planted by ISPs to catch spammers) are the most damaging. They signal that you’re using a purchased or scraped list. Recycled spam traps (old valid addresses that were abandoned and then repurposed) are less damaging individually but signal that you’re not maintaining list hygiene.

Engagement-based suppression is the most underused reputation tool. Most marketers know they should remove hard bounces. Fewer realise that continuing to send to genuinely disengaged subscribers is actively harming their reputation. If someone hasn’t opened or clicked any of your emails in 6 months, they’re hurting your engagement rates, which hurts your Gmail reputation, which hurts your inbox placement for everyone. I’d suggest a quarterly review where you either re-engage or suppress subscribers who’ve been inactive for 120+ days.

These are two different metrics, and confusing them is a common and costly mistake.

Delivery rate measures the percentage of emails accepted by the receiving mail server. A 95%+ delivery rate is good. But “accepted by the server” doesn’t mean “placed in the inbox.” It means the server didn’t outright reject it.

Inbox placement rate measures the percentage of delivered emails that actually land in the inbox rather than spam, junk, or the Promotions tab. An inbox placement rate of 85 to 94% is considered good.

You can have a 98% delivery rate and a 50% inbox placement rate. In that scenario, half your emails are technically “delivered” but sitting in spam where no one will ever see them. Industry data from 2025 shows that despite improving global authentication scores, only about 60% of “delivered” emails actually reach a visible inbox location. Roughly 36% are filtered to spam after being accepted at the SMTP level.

Monitor both. Your ESP reports delivery rate. For inbox placement, you need tools like GlockApps, Validity’s Everest, or seed testing via mail-tester.com.

The Promotions tab factor. For Gmail users, the Promotions tab is a grey area between inbox and spam. Your email is technically “delivered to the inbox,” but it’s in a tab most users check less frequently (or never). Whether you count Promotions tab placement as successful inbox placement depends on your business. For ecommerce brands, the Promotions tab can actually work in your favour since users browse it when they’re in a shopping mindset. For B2B and relationship-driven businesses, Primary tab placement matters significantly more. Google’s filtering is based heavily on engagement patterns, so consistently high engagement is your best path to the Primary tab.

Gmail’s filtering system is the most sophisticated of any inbox provider, and understanding how it works is essential for any serious email marketer.

Gmail seeds your initial send to a sample of recipients. When you send a campaign, Gmail doesn’t deliver all of your emails simultaneously. It sends a batch to a subset of recipients first and observes what happens.

Gmail watches engagement signals on this initial batch. Opens, clicks, replies, moving the email from Promotions to Primary, deleting without opening, and, most critically, marking as spam. Based on these engagement signals, Gmail makes filtering decisions for the remaining delivery.

This is why sending to your most engaged subscribers first matters. If your initial batch goes to disengaged subscribers who delete without opening or mark as spam, Gmail concludes that your email isn’t wanted and filters the rest more aggressively. If your initial batch goes to engaged subscribers who open and click, Gmail concludes that your email is valuable and delivers the rest more favourably.

Implement engagement-based tiering for your sends. You don’t need five tiers and a stopwatch. Three tiers carry almost all the benefit:

Tier 1 (your warm-up batch): subscribers who clicked in the last 30 days. Send to this group first and let the positive signals land before the rest goes out. Tier 2: subscribers who opened or clicked in the last 90 days. Send 1 to 3 hours after Tier 1. Tier 3: subscribers with no engagement in 90+ days (and especially the 365+ day cohort). Don’t fold these into a normal campaign. Route them to a dedicated re-engagement sequence, then suppress the ones who stay silent.

Not every ESP supports staggered sending by engagement tier. Klaviyo’s Smart Sending and some enterprise platforms do. AI-native, MCP-first platforms can stagger by tier automatically because the agent already holds the engagement data. If yours does none of this, at minimum send campaigns only to subscribers who’ve engaged in the last 90 to 120 days and handle older subscribers separately.

When you set up a new sending domain or dedicated IP, inbox providers have no reputation data for it. you’re starting from zero. Warming is the process of gradually building a positive reputation by starting small and scaling up.

Start with your most engaged subscribers. Your first sends should go to people who opened or clicked an email from you in the last 7 days. These subscribers are most likely to engage positively, sending the right signals to inbox providers.

Follow a structured warming schedule:

PhaseDaily Volume
Days 1-350-100
Days 4-7200-500
Week 2500-1,000
Week 31,000-5,000
Week 45,000-10,000
Week 5+Scale to full volume

Ramp up by 20 to 50% per day or week, depending on how the warming is going. If you see bounce rates climb above 2% or spam complaints above 0.1%, slow down. If engagement is strong, push the pace.

Monitor bounce rates, spam complaints, and inbox placement throughout the warming period. Use Google Postmaster Tools (requires DNS verification and a minimum of 200 to 500 messages per day to generate data) to track your Gmail reputation specifically.

Your welcome sequence is a natural warming mechanism. New subscribers are highly engaged (they just signed up), so welcome emails naturally generate positive signals. If you’re setting up a new domain, launching with a strong welcome flow and a growing list is an ideal way to warm organically.

Common warming mistakes:

Sending to your full list on day one. This is the most common and most damaging mistake. Inbox providers see a new domain suddenly sending 50,000 emails and immediately flag it.

Using a purchased or rented list for warming. The entire point of warming is to build positive engagement signals. Purchased lists have terrible engagement rates and often contain spam traps. You’re poisoning your reputation from the start.

Ignoring negative signals during warming. If your bounce rate spikes on day 4, don’t push ahead to the day 5 volume. Pause, investigate, clean, and restart. warming is not a rigid schedule. It’s a feedback loop.

Warming only with transactional emails. Transactional emails (order confirmations, shipping notifications) get high engagement, which makes them tempting for warming. But inbox providers treat transactional and marketing emails differently. Warm with the type of email you’ll actually be sending at scale.

Warming a new IP vs warming a new domain: The process is similar, but domain warming is more forgiving because domain reputation is shared across IPs. If you’re moving ESPs (and therefore IPs) but keeping your domain, your existing domain reputation carries over. You’ll still want to ramp up gradually, but the warming period is typically shorter because you’re not starting from zero.

Switching ESPs without nuking your reputation. This is the warm-up case most people get wrong, because they treat a platform migration as a flip-the-switch event and send their full list from the new infrastructure on day one. Do it in order instead. First, verify the list (NeverBounce or ZeroBounce, around $50 per few thousand addresses) so you’re not dragging dead weight onto the new IPs. Then warm by sending to your most-engaged segment first, in chunks, and only widen as the signals hold. For contacts dormant 6+ months, re-opt-in rather than assuming consent carries cleanly across the move. Keep the old sender warm and live until the new one has proven itself, so you’ve always got a fallback that delivers.

One trap worth stating flatly: a low bounce rate does not mean you’re safe to send. Engagement and consent signals now outweigh raw bounce numbers. I’ve seen an account suspended at a 0.1% bounce rate because the engagement and consent picture behind it was poor. Clean bounces are necessary, not sufficient. Watch your engagement trend and complaint rate just as closely.

The whole warm-up method is one idea repeated: stagger your larger sends over your normal sending window, most-engaged first. That ordering is what signals to a new IP or domain that real people want your mail, and it’s exactly the kind of staggered, engagement-ordered ramp an AI-native ESP can now run for you automatically against live engagement data, rather than you babysitting a spreadsheet schedule.

In 2026, content-based spam filtering is far less important than reputation-based filtering. Modern spam filters use machine learning models that consider the full picture: sender reputation, recipient engagement history, message fingerprint similarity to known spam, and overall sending patterns.

That said, content still matters at the margins, and there are specific triggers you should be aware of.

High-impact content triggers:

URL reputation is the single most important content factor. If your email contains a link to a domain that’s been associated with spam, phishing, or malware, your email is going to have problems regardless of your sender reputation. Audit every link in your emails.

URL shorteners (bit.ly, tinyurl, etc.) are penalised because spammers use them to hide malicious destinations. Always use full, direct URLs. If you need tracking, use your ESP’s built-in link tracking, which uses your own domain.

Image-only emails (no text, just images) are flagged because they’re a classic spam tactic to evade text-based content filters. Always include a meaningful amount of text alongside your images.

Mismatched link text and URLs (where the visible text says one URL but the link goes somewhere else) are a phishing indicator. If your link text says “www.yoursite.com” but the href goes to a tracking redirect, some filters will flag it. Use descriptive link text rather than raw URLs.

Medium-impact triggers:

All caps, excessive punctuation (!!!), and spam-associated phrases (when combined with poor reputation) can contribute to filtering. These matter most for senders who already have borderline reputation.

Low-impact triggers (commonly overstated):

Individual ‘spam words’ like “free,” “discount,” or “limited time” have negligible impact when you have good sender reputation. This is one of the most persistent myths in email marketing. In the early days of spam filtering, keyword-based filters were common and these words did matter. Modern ML-based filters are far more sophisticated. A well-reputed sender using the word “free” in a relevant context will not be filtered for it.

The List-Unsubscribe header is worth calling out specifically. Gmail, Yahoo, and Microsoft all require a functioning List-Unsubscribe header for bulk senders, and crucially, a working one-click unsubscribe via List-Unsubscribe-Post (the RFC 8058 HTTPS POST endpoint), with opt-outs honoured within 48 hours. Gmail and Yahoo rolled this out in early 2024 for senders of 5,000+ messages per day. Microsoft followed for high-volume senders to Outlook.com, Hotmail, and Live.com, requiring SPF, DKIM, and DMARC for domains sending 5,000+ messages per day, with two teeth worth knowing: non-compliant mail is rejected outright (permanent 550 5.7.515 errors, not just filtered), and Microsoft no longer accepts DMARC p=none. You need at least p=quarantine to send to Microsoft inboxes at volume. Enforcement of partial setups in 2026 is unforgiving: both headers, a working POST endpoint, and a real From/Reply-To, or you don’t get in. Most major ESPs add the List-Unsubscribe header automatically, but verify it’s present by checking your email headers, and verify your DMARC policy is at enforcement before any large send.

The enforcement escalation has been real. Gmail moved from temporary 421 errors (February 2024) to partial rejections (April 2024) to permanent 550 rejections (November 2025). The soft enforcement window is over. Non-compliant bulk senders are now hard-bounced, not just deferred.

The text-to-image ratio myth deserves clarification. You’ll find old advice saying you need a 60:40 or 80:20 text-to-image ratio. There’s no specific ratio that spam filters enforce. What matters is that your email contains meaningful text content. An email that’s 100% images with no text is a problem. An email that’s 70% images with well-written text in between is usually fine, provided your reputation is healthy.

How you structure your sending identity affects both deliverability and subscriber perception.

Separate marketing from transactional email so a hit to your marketing reputation can’t drag down order confirmations and password resets. The full subdomain structure, and the volume threshold at which it’s worth the overhead, is covered once below under “Subdomain strategy.”

From name has a significant impact on open rates. Personal names get 3.81% more opens than brand names on average.

“George from SmartrMail” tends to outperform “SmartrMail” which tends to outperform “SmartrMail Team.” The most effective format depends on context:

Personal name (just “George”) works best for creator businesses, personal brands, and newsletters where the individual is the brand.

Brand name works best for established, widely recognisable brands where the individual behind the email doesn’t matter to the subscriber.

“Person at Brand” format often works best for mid-size brands and SaaS, where subscribers benefit from both the personal connection and the brand context.

Consistency in your From name matters more than which format you choose. Don’t change your From name constantly. Subscribers learn to recognise your sender name, and changing it means they have to re-learn who you are. Every change carries a risk of lower opens as subscribers fail to recognise you.

Testing your sender name is one of the highest-value tests you can run because the results compound across every email you send.

Always set a monitored reply-to address. This is the single most important engagement point in the chapter, so I’ll state it once, plainly, and cross-reference it everywhere it’s relevant: a reply is the strongest positive signal you can earn. When a subscriber hits reply, it tells Gmail, Outlook, and the rest that there’s a real human relationship here, and it pulls your future emails toward the Primary tab for that person. An email that earns even a 2 to 3% reply rate gets better inbox treatment than one with a 40% open rate and zero replies. no-reply@ addresses kill this signal entirely. Everything else in this section (encouraging replies, monitoring the inbox, prompting “hit reply and tell me…”) is in service of that one fact.

Why no-reply@ is actively harmful: It’s a negative signal for ISP filtering algorithms. It eliminates reply engagement, one of your strongest deliverability signals. It frustrates customers who want to respond. And it violates the fundamental spirit of email as a two-way communication medium.

Set up a branded sending domain instead of using your ESP’s default. When you send through your ESP’s shared domain, you’re sharing reputation with every other sender on that domain. You have no control over their practices, and their mistakes affect your deliverability. You also can’t enforce DMARC on a domain you don’t own, and your emails lack brand recognition in the sender details.

Set up a branded sending domain once your database exceeds 5,000 profiles. Below that, the shared domain is acceptable. Above it, the investment in a branded domain pays for itself in improved deliverability and brand recognition.

The reply-to strategy in practice: Set your reply-to to an email address that’s actively monitored. This can be a shared inbox (support@yourbrand.com), a personal address (george@yourbrand.com), or a dedicated address (hello@yourbrand.com). The key is that someone reads and responds to replies. When subscribers hit reply and get a bounce-back or silence, you lose the engagement signal and the trust.

Actively encourage replies. “Hit reply and tell me your biggest challenge with email marketing” in a welcome email serves double duty: it collects customer insight and it generates the reply signals that improve deliverability. I know several newsletter operators who attribute their consistently strong inbox placement partly to the volume of replies they receive.

Subdomain strategy (the one canonical version):

The threshold is volume. Below roughly 40,000 to 50,000 emails per month, don’t split at all. The operational overhead of managing multiple sending setups isn’t justified by the marginal protection, and a single well-authenticated subdomain is fine.

Above that, use the minimum useful split: mail.yourbrand.com for marketing, transact.yourbrand.com for transactional (order confirmations, password resets, shipping notifications). Authenticate both independently. If your marketing reputation takes a hit, your critical transactional mail stays insulated.

At significant scale (100,000+ per month), extend it:

  • mail.yourbrand.com for marketing campaigns
  • news.yourbrand.com for newsletters
  • transact.yourbrand.com for transactional emails
  • auto.yourbrand.com for automated flows (welcome, abandoned cart)

Each subdomain builds its own reputation, so a problem with marketing campaigns doesn’t bleed into transactional or automated sending. This level of separation is overkill for most small and mid-size businesses but essential for larger operations.

Feedback loops (FBLs) are mechanisms that inbox providers use to notify you when a recipient marks your email as spam.

Yahoo/AOL FBL sends you ARF (Abuse Reporting Format) reports whenever a recipient clicks “Report Spam” on your email. Register for this at the Yahoo/AOL sender hub.

Microsoft JMRP (Junk Mail Reporting Programme) provides the same for Outlook.com, Hotmail, and other Microsoft consumer email addresses.

Gmail does not offer a traditional FBL. Instead, Gmail uses the Feedback-ID header (which your ESP typically sets automatically) combined with aggregate spam rate data in Google Postmaster Tools. You won’t get individual complaint reports from Gmail, only aggregate percentages.

The critical process: immediately suppress any email address that generates a spam complaint. Don’t wait. Don’t send them one more email. Don’t add them to a “re-engagement” sequence. Remove them from all future sends. Continuing to email someone who has reported you as spam is the fastest way to damage your reputation.

When you send too much email too fast to a single inbox provider, they may throttle your delivery. Understanding the response codes is essential.

4xx response codes are temporary rejections. They mean “slow down, try again later.” Common 4xx codes include 421 (too many connections), 450 (mailbox unavailable, try later), and 452 (too many recipients). The correct response is to implement exponential backoff: wait, then retry, doubling the wait time with each retry.

5xx response codes are permanent rejections. They mean “stop, this isn’t going to work.” Common 5xx codes include 550 (mailbox doesn’t exist), 551 (user not local), 552 (message too large), and 553 (invalid address). The correct response is to remove the address or fix the underlying issue.

Don’t open more than 10 to 20 simultaneous connections to a single ISP. Opening too many connections looks like a spam attack and will trigger throttling or blocking.

Most modern ESPs handle throttling automatically, adjusting sending speed based on ISP responses. But if you’re managing your own mail infrastructure, or if you’re troubleshooting deliverability issues, understanding these response codes matters.

Common ISP-specific throttling patterns:

Gmail tends to throttle with 421 errors during warming periods and will defer delivery for hours or even days if it detects a pattern it doesn’t like. The fix is always the same: slow down and improve engagement quality.

Microsoft (Outlook.com, Hotmail) uses a tiered throttling system. You might send successfully to most recipients but see blocks for a subset. Microsoft also uses its own Smart Network Data Services portal where you can check your sending IP’s reputation and apply for mitigation if you’ve been blocked.

Yahoo/AOL tend to be more aggressive about rate limiting during warming. They’re also more sensitive to burst sending (sending a large volume in a very short window). Spread your sends over a longer period when targeting Yahoo/AOL-heavy segments.

You can’t fix what you can’t see. Here are the tools worth using for monitoring your sending reputation.

Google Postmaster Tools is free and essential. It requires DNS verification to set up and needs a minimum of 200 to 500 messages per day to Gmail recipients to generate usable data. It shows your domain reputation status, spam rate, authentication success rates, and encryption percentage.

Microsoft SNDS (Smart Network Data Services) provides IP-level reputation data for Outlook.com and related Microsoft email properties. Less granular than Google Postmaster but important if you have significant Outlook audience.

Cisco Talos Intelligence checks your IP and domain reputation against Cisco’s threat database. Cisco powers filtering for a large number of corporate email gateways.

Barracuda Reputation System shows your status on Barracuda’s widely-used spam filter. Many businesses use Barracuda appliances or cloud services for email security.

MXToolbox checks your domain against over 100 blocklists simultaneously. It’s the quickest way to identify if you’ve been listed on any major blocklist.

Sender Score by Validity assigns your sending IP a score from 0 to 100. Above 80 is good. Below 70 indicates problems. It’s a useful at-a-glance metric, though it’s IP-based rather than domain-based.

Step-by-Step Deliverability Diagnosis Framework

Section titled “Step-by-Step Deliverability Diagnosis Framework”

When your emails stop reaching the inbox, work through this framework systematically. Skipping steps almost always leads to wasted effort.

Step 1: Identify the symptom. What exactly is happening? Lower inbox placement? Higher bounce rates? Throttling from specific providers? Is the problem affecting all inbox providers or just one (usually Gmail)? Getting specific about the symptom directs your investigation.

Step 2: Check authentication. Are SPF, DKIM, and DMARC all passing? Check your recent DMARC reports. Verify with an authentication testing tool (mail-tester.com, MXToolbox). Also check your PTR (reverse DNS) record, which validates that your sending IP resolves back to your domain. Authentication failures are the most common and most easily fixable cause of deliverability problems.

Step 3: Check blocklists. Search your sending IPs and domain across major blocklists: Spamhaus (the most influential), Barracuda, SpamCop, and SURBL (which checks URLs within emails, not just sender IPs). If you’re listed, you need to fix the root cause before requesting delisting.

Step 4: Check reputation. Use Google Postmaster Tools, Microsoft SNDS, Cisco Talos, and Sender Score to assess your current reputation. If reputation has dropped, identify when it started declining and correlate with your sending activity.

Step 5: Analyse bounce logs. Export your bounce data and categorise by type (hard bounce, soft bounce, block) and by ISP. Patterns will emerge. If all your bounces are from Gmail, that’s a Gmail-specific problem. If they’re across all providers, the issue is more fundamental.

Step 6: Review sending patterns. Did you recently spike volume? Send to an old, un-engaged segment? Change your email template significantly? Import a new list? Any of these can trigger filtering.

Step 7: Check content. Is there a bad URL in your emails? A link to a domain with poor reputation? URL shorteners? An image-only email? A missing List-Unsubscribe header? Content issues are less common than reputation issues in 2026, but they still matter at the margins.

Step 8: Test and validate. Use seed list testing (GlockApps, InboxReady) to measure actual inbox placement across providers. Use mail-tester.com to score your email and identify specific issues. These tools tell you where you’re landing and why.

Step 9: Remediate. Fix the root cause before doing anything else. If you’re on a blocklist because of a spam trap hit, clean your list before requesting delisting. If your reputation dropped because of a high-volume send to disengaged subscribers, restrict your sending to engaged subscribers before trying to rebuild.

Step 10: Monitor recovery. Reputation recovery takes time. Expect 2 to 4 weeks for noticeable improvement in most cases. Full Gmail reputation recovery can take up to 120 days due to their extended reputation window. Be patient, continue sending to engaged subscribers, and track your Postmaster Tools data weekly.

When to call in a specialist. If you’ve worked through this entire framework and your deliverability hasn’t improved after 4 weeks, it may be time to engage a deliverability consultant. Specialists like Troy Ericson, Laura Atkins (Word to the Wise), and the teams at Validity and Kickbox have deep relationships with ISPs and can escalate issues that self-service approaches can’t resolve. deliverability consulting typically runs $2,000 to $10,000 depending on the complexity of the issue, but the revenue impact of poor deliverability usually dwarfs that cost.

Proactive deliverability monitoring should be part of your weekly routine. Set aside 15 minutes every Monday to check: Google Postmaster Tools spam rate and compliance status, bounce rates from your last week of sends, any new blocklist appearances via MXToolbox, and your overall engagement trends (open rate, click rate, unsubscribe rate). Catching a problem in week one, before it becomes a crisis, is far easier than trying to recover after a month of declining reputation.

The Promotions tab is a grey area. Your email is “in the inbox” but it’s in a tab most users check less frequently. For ecommerce brands, the Promotions tab can actually work well, because users browse it when they’re in shopping mode. For B2B, newsletters, and relationship-driven businesses, Primary tab placement makes a real difference.

What determines tab placement. Gmail uses machine learning to classify emails. The model considers sender reputation, engagement history, email content, sending patterns, and individual user behaviour. No single factor controls it. Gmail’s classification is per-user: the same email might land in Primary for one subscriber and Promotions for another, based on how each person has interacted with your emails previously.

White-hat strategies that improve Primary tab placement:

Encourage replies. As covered under Sending Identity above, replies are the single strongest signal you can earn, and Gmail reclassifies your future emails as Primary-worthy for anyone who replies. “Hit reply and tell me your biggest challenge” is a deliverability tactic, not just a feedback tactic.

Ask subscribers to move your email to Primary. A simple line in your welcome email: “Drag this from Promotions to Primary (if it landed there).” When a user manually moves your email, Gmail learns this sender belongs in Primary. Some brands include a GIF showing how. It feels basic, but it works.

Send from a personal name, not a brand name. “George from SmartrMail” is more likely to land in Primary than “SmartrMail Newsletter.”

Keep your emails conversational and reduce image-to-text ratio. The Promotions classifier picks up on marketing design elements: large hero images, multiple CTA buttons, heavy HTML styling, product grids. Emails that look like messages from a person get classified as personal. Your most important emails (welcome, weekly newsletter, re-engagement) benefit from a simpler, more personal format.

Is Primary tab placement worth pursuing? Honestly, it depends. Open rates in Primary are 2-3x higher than Promotions. But the effort to consistently land in Primary (simpler templates, constant reply-prompting, personal sender names) may not be worth it for every brand. Ecommerce brands that rely on product imagery and promotional design are better off optimising their Promotions tab performance than trying to force their way into Primary. Newsletter operators and B2B senders should absolutely pursue Primary placement because their emails are genuinely conversational and the engagement lift is significant.

Three developments are reshaping how emails are filtered and consumed.

Gmail Promotions tab now ranks by relevance, not recency. Since September 2025, the Promotions tab sorts emails by engagement relevance by default. High-engagement senders appear at the top; low-engagement senders are buried. Users can switch to “Most Recent” but most won’t. This means Promotions placement is no longer just “less visible”. It’s ranked, and poor engagement means invisibility even within Promotions.

Gmail’s Gemini AI integration changes how subscribers consume emails. Gmail now summarises emails, prioritises messages, and filters content with AI, and the inbox re-ranks by relevance over chronology. The short version: opens have inflated and clicks have dropped, because subscribers read the AI summary instead of clicking through. This is consequential enough that it gets its own treatment below in “AI and Deliverability,” covering what it does to your metrics and how to write emails that survive summarisation.

Apple Mail Categories (iOS 18.2). Apple now sorts emails into four categories: Primary, Transactions, Updates, and Promotions. The key difference from Gmail: newsletters land in “Updates,” not “Promotions”, which means better visibility for content publishers. Apple uses AI-generated summaries instead of preheaders, so subject lines need to be crystal clear on their own. Users can reclassify or disable the tabs. Early data shows no significant deliverability impact for authenticated, engaged senders.

Not all emails face the same deliverability challenges. Your newsletters, automated flows, and transactional emails each have different sending patterns, engagement profiles, and inbox provider treatment.

Newsletter deliverability. The key risk is list fatigue and declining engagement over time. Newsletters that maintain consistent schedules and segment by engagement typically maintain 90%+ inbox placement. Those that blast the full list regardless of engagement see gradual deterioration.

Newsletter-specific practices: consistent schedule (same day, same time), engagement-based segmentation (Chapter 3), and 120-day suppression for zero-engagement subscribers. A critical metric: if your complaint rate exceeds 0.05% on any single send, investigate immediately. Newsletters should aim well below 0.1% because they’re sent repeatedly to the same audience.

Automated flow deliverability. Flows (welcome series, abandoned cart, post-purchase) generally have excellent deliverability because they’re triggered by subscriber actions, which means the recipient is inherently engaged. The main risk is volume concentration: if you have a viral signup moment or a large batch import, your flows can suddenly send thousands of emails in a short window, which looks like a volume spike to inbox providers.

Safeguards for flow deliverability: implement rate limiting on your flows so they don’t send more than a few hundred emails per hour during volume spikes. Use suppression conditions (don’t send an abandoned cart email to someone who’s already received three marketing emails today). Make sure your flow emails are on the same authenticated sending domain as your campaigns so they benefit from your established reputation.

Transactional email deliverability. Transactional emails (order confirmations, password resets, shipping notifications) have the highest engagement rates of any email type and therefore typically enjoy excellent deliverability. The main risk is contamination: if you send transactional and marketing emails from the same domain and your marketing reputation tanks, your transactional emails suffer too.

The non-negotiable rule, per the subdomain strategy above: send transactional from its own authenticated subdomain (transact.yourbrand.com), separate from marketing. For brands over 50,000 emails per month, consider a dedicated transactional provider (Postmark, Amazon SES, or your ESP’s transactional API) with its own infrastructure entirely.

Monitor transactional delivery speed separately from marketing. Password resets that take 5 minutes to arrive feel broken. Order confirmations that arrive 2 hours after purchase feel unreliable. Set up monitoring that alerts you if transactional delivery latency exceeds 30 seconds.

The inbox is now AI-mediated, and that changes deliverability more than any single filter update of the last decade. The fundamentals in this chapter haven’t been replaced. They carry more weight, not less. But two things are genuinely different: how your performance is measured, and what your email has to survive on the way to being read.

Open rate is now noise. Gmail auto-opens your email to generate its AI summary. Apple’s Mail Privacy Protection pre-loads the tracking pixel whether or not a human ever looks at the message, and Apple Mail accounts for roughly half of all opens. The result is machine-triggered and AI-triggered opens that have nothing to do with a person reading anything. After Gmail’s AI summaries rolled out, one publisher data set showed opens rising to around 45.6% while click-through rate fell from 4.35% to 3.93%, because readers extract the answer from the summary and never click. An email can pass every authentication check, reach the inbox, and still go completely unread. Stop steering by open rate. Judge sends on clicks, replies, conversions, and revenue per recipient, and move any open-based flow triggers you still have onto click or reply triggers. (Cross-tool caveat: different ESPs count opens differently, some count proxy fetches and some don’t, so open-rate comparisons between platforms are meaningless. Anchor on clicks and conversions.)

Behavioural reputation, not content scoring, is what filters you now. Modern filtering watches the pattern of opens, clicks, replies, and forwards across your audience, and a lack of engagement is treated as a signal as serious as a spam complaint. A smaller engaged list out-delivers a large passive one, every time. This is the deliverability case for the engagement-based suppression and tiering already covered above. Google’s machine-learning detection lifted spam catch rates sharply, so the days of gaming a content score with the right words are over.

Write to survive AI summarisation. Gemini, Apple Intelligence, and Copilot now decide the preview line your recipient sees, which means the preheader text marketers leaned on for a decade is partly out of your hands. These systems weight the first ~150 to 200 characters of live text most heavily. Apple Intelligence reads live text only and ignores images and alt text entirely. So:

  • Front-load your actual purpose in the first 150 to 200 characters of real, visible text. Don’t bury the point under a greeting and a preamble.
  • Use semantic HTML: real heading and paragraph tags, not a soup of styled divs. The summariser, like a screen reader, leans on structure.
  • Never send an image-only email. If the meaning lives in a picture, Apple Intelligence sees nothing.
  • For Gmail specifically, layer JSON-LD Promotions annotations so structured fields carry your offer rather than relying on the AI to infer it. Treat it like SEO for the inbox: explicit structured data beats implied meaning.

AI doesn’t hide your cracks. It exposes them. This is the line to remember before you point any agent at your list. Bad data and weak segmentation don’t get smoothed over by AI; they get scaled. Generative tools also industrialised phishing (a large majority of detected phishing now shows AI-generation signs), so providers tightened filters on everyone, which makes clean authentication and a consistent sender identity a survival baseline rather than a best-practice nicety. The order is not negotiable: clean data, engagement-window segmentation, and SPF/DKIM/DMARC (plus BIMI where it’s worth it) come first. They are the prerequisite to agentic sending, not an optional polish you add later.

The AI-mediated inbox is, on balance, a consumer win. For senders it’s a warning. When the inbox shifts from something you scan to something you query, being delivered stops being enough. Deliverability is becoming desirability: you have to be the email the AI surfaces and the reader chooses to query, not merely the one that cleared the SMTP handshake.

Google’s gen-AI spam filter (February 2026). Google’s filters now actively penalise raw, un-personalised AI text. Bulk mail that reads as generic machine output, no real personalisation, no distinctive voice, is filtered at roughly 2.4 times the rate of human-edited or genuinely personalised mail. This is the deliverability teeth behind the anti-slop argument made elsewhere in this guide: generic AI copy is no longer only a brand problem. It’s now a placement problem too. The fix is the same fix: AI gets you a structural draft, a human gives it voice, and you personalise from real behaviour rather than shipping the model’s first generic pass.

Deliverability in the Age of Autonomous Sending

Section titled “Deliverability in the Age of Autonomous Sending”

Everything above assumes a human is composing and pressing send. Increasingly, an agent is doing both, or close to it. That doesn’t change the deliverability rules. It changes how easy it is to break them at speed, and it makes guardrails a deliverability concern, not just a safety one.

Let me give you the cautionary worked example, because I lived it. An agent connected to a live ESP, looking for the endpoint that approves a scheduled campaign, instead hit the immediate-send endpoint and fired a campaign to roughly 24,657 subscribers on the spot, bypassing the schedule entirely. No human said go. The infrastructure offered a send button with no gate in front of it, and the agent pressed it. Nothing was wrong with the authentication, the list, or the content. The failure was purely the absence of a guardrail. A single ungated send to the wrong segment, at the wrong time, in the wrong volume, can do real reputation damage in minutes that takes Gmail’s 120-day window months to forgive.

So the rules for letting an agent anywhere near sending:

  • A blast never sends without an explicit human “send it.” This is the one non-negotiable. An agent can draft the campaign, build the segment, compose the email, and queue it. It does not send to more than one recipient without a human confirming in plain words. Stage the draft, review, then a person presses send. Autonomous send remains rare even where it’s technically available, and for good reason.
  • Hard volume caps on AI-triggered flows. Automated flows triggered by subscriber actions are usually safe because the recipient is engaged, but a viral signup moment or a large import can make a flow fire thousands of emails in a short window, which reads to inbox providers as a volume spike. Cap AI-triggered flows at a few hundred emails per hour, with a hard daily ceiling, so a surge can’t quietly turn into a reputation event.
  • Engagement-tier targeting stays mandatory even when an agent composes. The agent writing the email does not exempt the send from the engagement rules. The agent must target the engaged segment first and respect the same tiering and suppression a human would. An agent given the full list and no engagement filter will scale your worst sending habit.
  • The ESP should surface reputation and spam rate to the agent before it sends, not after. This is where an MCP-first, AI-native platform earns its place. The right pattern gives the agent read access to deliverability signals (current spam rate, domain reputation, whether DMARC is at enforcement, list health) as a precondition of sending, so a pre-send preflight can hold or warn on a risky send the same way a human would check Postmaster Tools first. Give the agent analytics access before you give it send authority. An agent that can see its own spam rate is an agent that can refuse to make it worse.

The teams getting this right treat deliverability as the technical foundation and the message second. Automating the copy doesn’t fix weak authentication or a poor sender reputation; faster output just means you reach the spam folder faster.

The deeper governance model for running an agentic email programme (the autonomy dial, approve-recommendations workflows, the pre-send preflight, one-click undo) lives in Chapter 16. For deliverability specifically, the rule is simple: an agent inherits every one of your reputation obligations and none of your instinct to slow down. Build the brakes in.

Beyond the manual warming schedule covered earlier in this chapter, several dedicated warming tools can accelerate and automate the process. These are particularly useful for cold email infrastructure (see Chapter 13) but also valuable when setting up new marketing sending domains.

ToolApproachBest ForPrice Range
MailreachPeer-to-peer warmup networkMarketing + cold emailFrom $25/mo
WarmboxAutomated inbox interactionCold email domainsFrom $15/mo
LemwarmPart of Lemlist ecosystemLemlist usersIncluded with Lemlist
WarmyAI-driven, 15K+ inboxesScale warmingFrom $49/mo
Instantly warmupLargest network (1M+ users)High-volume cold emailIncluded with Instantly

How they work: they send emails between your inbox and other inboxes in the warming network, generating positive engagement signals (opens, replies, moving from spam to inbox). This simulates legitimate sender behaviour and builds reputation with inbox providers.

Important caveats. Warming tools establish a baseline reputation, but they cannot sustain it. Once you start sending real emails, actual engagement determines your ongoing reputation. Never rely on warming tools as a substitute for good sending practices.

Continue warming alongside live campaigns for the first few months of a new domain. The warmup activity provides a buffer of positive signals while real sending ramps up. Gradually reduce warming volume as real engagement data accumulates.


A beautiful email that lands in spam earns nothing. The rest of this chapter covers the plumbing in depth, but a few mechanics belong in one place, because they decide whether your mail reaches the inbox at all, and that matters more than any design trend. Since February 2024 the two largest consumer mailbox providers have enforced a shared set of bulk-sender rules, and Apple and corporate security scanners have quietly rewired the measurement layer under open and click tracking. None of it is optional. It is the floor you build design on top of.

Gmail and Yahoo bulk-sender rules are enforced, not aspirational

Section titled “Gmail and Yahoo bulk-sender rules are enforced, not aspirational”

Google calls you a bulk sender once you send more than 5,000 messages a day to Gmail accounts, and from 1 February 2024 those senders must authenticate, keep complaints down, and support one-click unsubscribe. Yahoo published a matching set the same season. The 5,000-a-day count is cumulative across a domain, and Google’s position is that once you cross it you stay classified as a bulk sender, so a quiet week does not reset the clock. Send marketing email at any real scale and you are inside these rules, read or not.

Four obligations are worth stating plainly.

SPF, DKIM and DMARC, with From alignment. You need SPF and DKIM configured plus a published DMARC record. The detail people miss is alignment: the domain in your visible From header must align with either the SPF domain or the DKIM signing domain. Authentication that passes on a different domain to the one your reader sees does not satisfy the requirement. Yahoo asks for the same, with a DMARC policy of at least p=none that passes. p=none clears the bar for delivery but enforces nothing, so treat it as the starting line, not the finish.

One-click list-unsubscribe (RFC 8058). Marketing and subscribed messages must carry both the List-Unsubscribe header and the List-Unsubscribe-Post: List-Unsubscribe=One-Click header, alongside a visible unsubscribe link in the body. A plain mailto: or a body URL alone does not satisfy the one-click requirement. Both providers require you to process an unsubscribe within 48 hours (two days) to satisfy Yahoo and preserve Gmail mitigation eligibility. Most mature ESPs add these headers automatically. Verify they are present in your sent headers rather than assuming it.

Spam complaint rate under 0.10%, never reaching 0.30%. This is the obligation people underestimate. Google’s guidance is to keep the spam rate reported in Postmaster Tools under 0.10% as your working target, and to never reach 0.30%. Yahoo states the same 0.30% ceiling. The rate is the proportion of recipients who hit “report spam”, not bounces and not unsubscribes, and for Gmail you can only see it by registering your domain in Google Postmaster Tools. One point matters more than the number. 0.30% is not a clean switch that flips delivery off. At or above 0.30% you lose mitigation eligibility and delivery impact worsens. Below it you have protective slack. Above it you lose that slack, and the damage accrues rather than triggering all at once. On a 50,000 send, 0.30% is 150 complaints, which a single bad segment or a misfired re-engagement campaign clears without much effort.

Apple Mail Privacy Protection has broken the open rate

Section titled “Apple Mail Privacy Protection has broken the open rate”

When a reader turns on Protect Mail Activity, Apple routes the message through its own proxy, hides the reader’s IP, and privately loads all remote content, including your tracking pixel. Apple preloads that content at times of its own choosing whether or not the person ever opens the email, so the pixel fires regardless of human behaviour. Mail Privacy Protection shipped with iOS 15 in 2021, and Apple Mail is the dominant client, so for Apple Mail-heavy lists the result is an inflated, machine-generated open count.

You cannot trust an aggregate open rate that mixes Apple-proxied opens with real ones. Use opens for coarse trend lines only, and segment on clicks, replies and conversions instead. One trap matters for anyone building automations, including an agent reading this skill: a “didn’t open, resend” rule is meaningless on Apple traffic. The proxied false opens register as opens, so genuine non-openers hide inside the “opened” bucket, and the rule silently stops re-engaging the very people who never saw the email. If you still run open-triggered resends, exclude Apple-proxied opens or move the trigger to clicks.

Bot clicks from security scanners poison click data

Section titled “Bot clicks from security scanners poison click data”

Clicks are more trustworthy than opens, but not clean either. Corporate mail security, including Microsoft Defender Safe Links, Proofpoint, Mimecast and Barracuda, pre-fetches and detonates every link in an inbound email before the human sees it. That produces clicks, sometimes on the unsubscribe link, milliseconds after delivery, from datacentre IP ranges, often hitting every URL in the message at once. Left in your data, these phantom clicks overstate engagement, and a scanner clicking the unsubscribe link can auto-remove a live, engaged contact.

Filter them by signature: clicks within a second or two of send, many links from one recipient fired together, and known scanner user agents and IP ranges. Most mature ESPs now strip a portion automatically, but the filtering is imperfect, so check it against your own data. With B2B segments behind heavy corporate filtering, expect your raw click numbers to run meaningfully high until you account for it.

Seed-test inboxes tell you almost nothing about real placement

Section titled “Seed-test inboxes tell you almost nothing about real placement”

Send a campaign to a panel of seed addresses, whether your own Gmail, Outlook and Yahoo test accounts or a vendor’s seed list, and you see where that mail landed for those specific mailboxes, not where it lands for your actual subscribers. Gmail and Yahoo weight reputation per recipient and per engagement history, and seed accounts have no engagement history with you, so they are exactly the recipients whose placement tells you the least. Treat a seed test as a smoke test for catastrophic failures, a broken authentication record or a blocklisted IP, and lean on Postmaster Tools, your complaint rate and real engagement cohorts for the truth about where you are landing.

BIMI displays your logo next to the sender name in supporting clients, and it is worth doing, but it is gated on authentication rather than design, and the order matters. Your DMARC policy must be at enforcement, p=quarantine or p=reject at 100%, with SPF and DKIM aligned and passing. p=none, or a pct under 100, is explicitly rejected. BIMI is a reward you collect after your authentication is sound, not a shortcut to looking trusted.

On top of enforcement, the logo certificate splits two ways. A Verified Mark Certificate (VMC) requires a registered trademark on your logo. It is the only option that triggers Gmail’s blue verified checkmark, and it is still the type Apple Mail requires. A Common Mark Certificate (CMC), which Gmail added in 2025, drops the trademark requirement but needs proof that the logo has been publicly displayed on your domain for around twelve months, and it shows the logo without the checkmark. As of late 2025, VMC trademark validation recognises 17 IP offices, including IP Australia, the USPTO, the EUIPO and the UK IPO, so a mark registered in Australia qualifies. The short version: get DMARC to enforcement first, then work out whether the trademark and certificate spend is worth a logo in crowded consumer inboxes for your brand.

The AI-summarised inbox raises the stakes on the opening text

Section titled “The AI-summarised inbox raises the stakes on the opening text”

Gemini summaries, Apple Intelligence and Copilot increasingly shape the preview or summary your reader sees, for the users who have them switched on, which makes the first lines of real, visible text carry more weight than the preheader ever did. These systems lean on the opening text and on proper structure, and Apple Intelligence reads live text only, ignoring images and alt text entirely. Front-load your actual purpose in the first 150 to 200 characters of visible copy, use real heading and paragraph tags rather than a soup of styled divs, and never ship an image-only email, because to the summariser it says nothing at all. The design chapter covers how this shapes layout, image-to-text balance and template structure in detail. The deliverability point here is narrower: clearing the authentication and complaint-rate bar gets you into the inbox, but once you are there, the opening real text is what an AI surfaces to the reader, so the mechanics in this section and the writing choices in the design chapter now pull in the same direction.