Live Direct Marketing logo
Inbox Placement Test
Guide14 min read

Email deliverability in 2026: the complete guide

Every lever you can pull, in one place. Authentication, reputation, content, engagement — plus what changed in 2024 with the Gmail and Yahoo sender requirements, and what you need to have in place before your next campaign.

Deliverability is the sum of roughly forty small decisions, stacked across four categories. Most teams get two of them right, ignore the other two, and wonder why their engagement numbers are flat. This guide covers every lever that actually moves placement, in the order it matters. If you read it top to bottom and apply the checklist at the end, you'll be ahead of 90% of senders.

TL;DR

Four pillars: identity (SPF/DKIM/DMARC/BIMI), reputation (IP + domain), engagement (opens, clicks, replies, complaints) and content (structure, headers, links). Authentication plus list hygiene resolve roughly 80% of real-world deliverability problems. Everything else is polish.

What deliverability actually is

Deliverability is the practice of landing in the inbox, not just being accepted by the recipient's mail server. "Delivered" (an SMTP 250 OK) is a necessary but hugely insufficient condition. Real deliverability is measured by inbox placement rate — the percentage of sends that land in the primary inbox of a human recipient, not Spam, not Promotions, not silently discarded.

Everything in this guide is aimed at that one outcome.

The four pillars

Every deliverability decision maps to one of these:

  • Identity — can the receiver verify you are who you claim to be? (SPF, DKIM, DMARC, BIMI.)
  • Reputation — does the receiver trust your sending IP and domain based on history?
  • Engagement — do recipients actually want and interact with your mail?
  • Content — does the message itself look legitimate to automated filters?

In rough order of impact on placement: identity ≈ reputation > engagement > content. But all four have to be above threshold. Perfect content with broken DKIM lands in Spam every time.

Pillar 1 — Identity (SPF, DKIM, DMARC, BIMI)

SPF (Sender Policy Framework) is a TXT record at your domain root that lists which IPs are allowed to send mail on your behalf. Required for every sender in 2026. Watch for the ten DNS lookup limit — chaining too many include: directives silently breaks SPF. End with -all once stable.

DKIM (DomainKeys Identified Mail) is a cryptographic signature added to every outgoing message by your mail server. The receiver looks up your public key in DNS and verifies. Required. Use 2048-bit keys, not 1024 — modern providers distrust weak keys.

DMARC (Domain-based Message Authentication, Reporting & Conformance) ties SPF and DKIM together and tells receivers what to do with unauthenticated mail. p=none is for observation, p=quarantine routes failures to spam, p=reject drops them entirely. Gmail and Yahoo's 2024 rules require at least p=none with a valid rua report address for bulk senders.

BIMI (Brand Indicators for Message Identification) is optional but worth it if you already have p=quarantine or stricter. It displays your logo next to your From line in Gmail, Yahoo, Apple Mail and Fastmail. Requires a VMC certificate from DigiCert or Entrust (~$1,500/year), so pick your battle.

Pillar 2 — Reputation

ISPs maintain two rolling reputation scores: one for your sending IP and one for your sending domain. Gmail and Microsoft publish aggregate metrics through Postmaster Tools and SNDS respectively. Check both weekly.

Domain reputation follows you across IP changes and is the more important of the two in 2026. Gmail's SenderScore-like metric (Low / Medium / High) drives placement. Build it by sending consistent volume to engaged recipients over months, not weeks.

IP reputation matters more for high-volume senders. Dedicated IPs above ~50,000 sends/month let you control reputation directly. Below that volume, a reputable shared pool (Postmark, SendGrid Pro) usually outperforms a sparsely-warmed dedicated IP.

Recovering reputation takes 2–6 weeks for domain, 4–12 weeks for IP. There is no fast path — only consistent, engaged sending at reduced volume until the metric recovers.

Pillar 3 — Engagement signals

ISPs track how recipients actually interact with your mail. The positive signals: opens, clicks, replies, forwarding, starring, moving from Spam to Inbox. The negative signals: delete without read, marking as spam, unsubscribes, no engagement for 30+ days.

Opens are partially broken as a signal since Apple's Mail Privacy Protection (2021) and Outlook's pixel blocking — they inflate open rates to 80%+ without human involvement. But ISPs still use them in aggregate, combined with click and reply data. Replies carry the most weight. A 1% reply rate beats a 40% (inflated) open rate for reputation.

Keep your complaint rate below 0.1%. Gmail's 2024 threshold for bulk senders is 0.3% — hit it and you're rate-limited within hours.

Pillar 4 — Content

Content filters matter less than they did in 2015 but more than many senders think. The non-negotiables:

  • Include a plain-text part in every multipart message. HTML-only is a classic spammer pattern.
  • Keep text-to-image ratio above 60/40. Image-only messages are treated as content-hiding.
  • Add a List-Unsubscribe header and List-Unsubscribe-Post: List-Unsubscribe=One-Click for bulk sends. Required since 2024.
  • Run copy through SpamAssassin or Rspamd. A score above 5 is a red flag.
  • Avoid ALL CAPS subjects, emoji storms, and URL shorteners. Single emoji is fine; three is not.

What changed in 2024

Gmail and Yahoo rolled out joint sender requirements on 1 February 2024. For anyone sending more than 5,000 messages per day to Gmail or Yahoo users, the rules are:

  • DMARC record required at minimum p=none with a valid rua address.
  • SPF and DKIM must align with the From domain. Historical "SPF passes via Return-Path" setups no longer count.
  • One-click unsubscribe via List-Unsubscribe-Post: List-Unsubscribe=One-Clickheaders. Honour within 2 days.
  • Spam complaint rate below 0.3%, measured in Postmaster Tools. 0.1% is the practical target; 0.3% triggers throttling.
  • Valid PTR record for your sending IP.

Microsoft announced equivalent requirements in October 2024. Apple, ProtonMail and major regional providers have followed on informally. The direction of travel is clear: stricter authentication, faster consequences for non-compliance.

2026 trends

Three things reshaping deliverability this year:

  • AI email summaries. Gmail's AI summaries, Superhuman AI, Shortwave AI — all pre-read messages before the human sees them. This inflates opens further and makes subject line testing meaningless. Plan for a world where the first reader of your email is an LLM.
  • Privacy-first providers gaining share. ProtonMail, Apple iCloud+ with custom domains, Fastmail — all have stricter defaults than Gmail. If your audience skews technical or privacy-aware, test these specifically.
  • Stricter alignment enforcement. SPF passes that don't align to the From domain are increasingly treated as failures, not passes. Shared-pool ESPs that use their own domain in Return-Path will hit this harder than dedicated setups.

Your 2026 deliverability checklist

  1. SPF record published with -all.
  2. DKIM signing enabled with 2048-bit keys.
  3. DMARC at p=quarantine or p=reject with a rua report address you actually read.
  4. PTR record for every sending IP.
  5. TLS 1.2+ on outbound SMTP.
  6. List-Unsubscribe headers (mailto + HTTPS) with working one-click handler.
  7. List validation run on anything older than 6 months.
  8. Hard bounces permanently suppressed.
  9. Suppression list for addresses with no engagement in 90+ days (marketing) or 180+ days (transactional).
  10. Postmaster Tools and SNDS accounts set up and monitored weekly.
  11. Inbox placement test run before every major campaign.
  12. Complaint rate below 0.1% (measured, not assumed).
  13. Consistent sending volume — no 10x bursts.
  14. Plain text part in every multipart message.
  15. Rspamd score below 3 on your standard template.
The 80/20

Authentication plus list hygiene solves 80% of real deliverability problems. If you're short on time, do those two things properly before you touch anything else on this page.

Frequently asked questions

Do I need a dedicated IP?

Only above ~50,000 sends per month, and only if you can maintain that volume consistently. Below that, a reputable shared pool at Postmark, SendGrid or Mailgun outperforms a sparsely-warmed dedicated IP.

How long does it take to warm up a new domain?

3–4 weeks minimum. Start at 10–20 sends per day to engaged recipients, double every 2–3 days. Rushing this is the single most common cause of destroyed new-domain reputation.

Is BIMI worth the cost?

For consumer brands with strong recognition, yes — it lifts opens 5–10% at Gmail and Yahoo. For B2B and cold outreach, no. The VMC certificate cost doesn't justify the lift.

What's the single biggest deliverability mistake?

Moving to a new ESP or domain and sending full volume on day one. A brand-new sender with zero reputation cannot handle a 10,000-send campaign. Warm up or face weeks of recovery.
Related reading

Check your deliverability across 20+ providers

Gmail, Outlook, Yahoo, Mail.ru, Yandex, GMX, ProtonMail and more. Real inbox screenshots, SPF/DKIM/DMARC, spam engine verdicts. Free, no signup.

Run Free Test →

Unlimited tests · 20+ seed mailboxes · Live results · No account required