Live Direct Marketing logo
Inbox Placement Test
Industries10 min read

Financial advisors, portfolio reports, and compliance-safe deliverability

A wealth management firm sends quarterly reports to 840 client households. The reports contain account values. Compliance requires archival. SEC rules require specific disclosures. Spam filters see financial language, PDF attachments, and performance numbers in the subject. The message that satisfies the regulators is the same message the filters distrust.

Financial advisors — RIAs, wealth managers, broker-dealers, independent planners — run email under constraints unique to their industry: SEC and FINRA rules on communication, firm-specific compliance reviews on every outbound message, third-party archival for e-discovery (Global Relay, Smarsh, Proofpoint Archive), and client bases skewed toward older demographics with less filter-fluent email habits. Deliverability gets little attention because compliance gets all of it. But the compliance-safe message still has to land.

TL;DR

Route all client communication through the firm's compliance-archived channel, then separate sending identities by purpose: reports, client, news. Replace PDF attachments with authenticated portal views. Send from a warmed subdomain not shared with marketing. Seed-test quarterly statements and compliance-sensitive disclosures before distribution. Treat DMARC enforcement as part of fiduciary duty, because client impersonation risk is real.

The compliance-and-deliverability architecture

Every outbound email from an advisor at a registered firm has to pass through the compliance and archival system. Most firms use Global Relay, Smarsh, Proofpoint Archive, or a similar tool. That archival layer sits in the sending path and can affect deliverability depending on how it's configured.

Configurations that show up in the field:

  • Journaling-only. Mail sends through the normal path (Microsoft 365, Google Workspace) and the archival system captures a copy. Deliverability unaffected; this is the cleanest pattern.
  • Outbound gateway. Mail flows through the archival system as a relay. If the gateway signs with its own DKIM, DMARC alignment can break at receivers. Needs careful DNS configuration.
  • Portal-only. Advisors compose inside the compliance tool, which sends from its own infrastructure. The sender is technically the firm but the sending path is third-party. Reputation is shared across many firms.

Firms on the outbound-gateway or portal-only models often see lower inbox placement than those on journaling-only. Switching to journaling (or at minimum ensuring the gateway is configured to maintain DKIM alignment on the firm's domain) is usually the single highest-leverage change.

Quarterly statements and the attachment problem

Quarterly performance statements are the highest-volume advisor email. At quarter-end (January, April, July, October) each advisor sends statements to every household. A 200-household book produces 200 statement emails inside of 2–3 days. Each historically has included a 10–40 page PDF statement attached.

Problems that compound:

  • PDF statements from multiple advisors at the same firm arriving within days — pattern match.
  • Subject lines with performance numbers ("Your Q4 2026 portfolio: +12.4%") read like promotional finance spam.
  • Statement PDFs often include embedded charts, watermarks, compliance footers — all of which add to file size and trigger inbound scanning.
  • Clients who don't open the PDF (most older clients read the summary in the email body and never download) train their filter against the sender.

Portfolio-report template that lands

  1. Subject: "Your Q4 2026 portfolio summary is available". Informational, no performance number.
  2. Body: brief summary in text — market commentary (3–4 sentences), household-level summary (account balance, time-weighted return, allocation). No inline performance graphs.
  3. One primary CTA: portal login to view the full statement. No attachment.
  4. Disclosure footer as required, kept succinct.
  5. Send from reports.firmname.com subdomain, warmed to quarterly volume.

Advisors who resist dropping the PDF attachment often cite client preference. The real test is a split: send a control group the PDF version and a test group the portal version. Both get seed-tested through Inbox Check first. The portal version almost always has higher inbox placement, and actual client engagement (portal logins) matches or exceeds PDF opens.

Seed-test the quarterly template two weeks before quarter-end

Quarterly statement windows are predictable and compressed. Seed-testing the new quarter's template through Inbox Check two weeks before you begin sending catches subject-line and body changes that move placement. Re-test if compliance requires a wording change mid-cycle.

Ongoing client communication

Beyond quarterly statements, advisors send ad-hoc client communication: market updates during volatility, rebalancing notifications, RMD reminders, beneficiary-review prompts, annual-review scheduling. Each has a different deliverability profile.

  • Volatility market updates. Sent during drawdowns or geopolitical events. High open rate, but filter suspicion rises when language is reactive ("urgent", "today's move", "action required"). Keep tone calm and informational.
  • Rebalancing notifications. Often include trade details, tax-lot information. Should route to portal view, not inline.
  • RMD and tax-year-end reminders. Cluster in October-December. Benefit from being scheduled rather than bulk-sent; smaller batches over multiple days outperform one large batch.
  • Annual-review scheduling. Should come from a scheduler (Calendly or the firm's scheduling tool) with branded sending configured.

DMARC as part of fiduciary duty

Financial advisors handle client money. Impersonation attacks target exactly this relationship: a spoofed "wire instructions updated" email from an advisor to a client can redirect transfers to attacker accounts. The dollar amounts make advisors high-value phishing targets year-round.

DMARC enforcement (p=reject) blocks unauthenticated mail claiming to be from the firm's domain before it reaches clients. Without it, attackers can send convincing impersonation mail and clients have no technical signal to distinguish it. From a fiduciary standpoint, leaving DMARC at p=none when the technical fix is straightforward is hard to justify.

Implementation path:

  1. Inventory all legitimate senders from the firm's domain (the advisor's email platform, the CRM, the portfolio-management system, the scheduler, the newsletter tool).
  2. Bring each under SPF and DKIM alignment on the firm's domain.
  3. Start at p=none with DMARC reports going to a monitoring service for 2 weeks.
  4. Move to p=quarantine; pct=10, ramp up over 4–6 weeks, then to p=reject.

Subject-line rules under SEC/FINRA

FINRA Rule 2210 and SEC Advertising Rule govern advertising and communication content, including subject lines. In practice that means:

  • Performance numbers in subject lines generally require specific disclosure context; safest to omit them.
  • "Guaranteed" or similar absolute claims are not allowed.
  • Forward-looking statements ("market will") need disclosure framing.
  • Client-specific content in subject lines is generally fine if factual ("your Q4 statement").

The compliance rules and the deliverability rules happen to align well: subject lines that avoid performance claims, urgency language, and forward-looking assertions both satisfy compliance and score low on spam filters. The problem comes when marketing/BD teams push for more dramatic subject lines that clear compliance but raise filter scores.

Advisor newsletters and prospect cultivation

Many advisors maintain monthly newsletters for clients and prospects — market commentary, tax-law updates, estate-planning pieces. These run through marketing platforms (MailChimp, Constant Contact, or specialist tools like FMG Suite, Snappy Kraken, AdvisorStream). Key deliverability patterns:

  • Newsletter sending should be on a separate subdomain (news.firmname.com or insights.firmname.com) from client-communication mail.
  • Prospects added through website forms need double opt-in (for both deliverability and CAN-SPAM compliance). Advisor newsletters on single opt-in lists often see complaint rates above 0.1%.
  • Market-commentary content risks overlap with financial-scam content in filter classifiers. Keep tone measured, avoid hype language, ground in data.

FAQ

Our compliance tool (Smarsh, Global Relay) rewrites some headers. Does that affect deliverability?

It can. Ask the vendor how their outbound relay interacts with DKIM alignment on your firm's domain. The answer should be "DKIM is preserved" — if it's not, discuss a configuration change or consider switching to journaling-only capture.

Can we still email a PDF statement to an older client who prefers it?

Yes — client preference can be honored. But set the default to portal-link for the book as a whole, with PDF as an exception managed per-household. Don't default the whole firm to PDFs to accommodate 5% of clients.

What's the right domain setup for a multi-advisor firm?

Main firm domain for the firm. Subdomains for purpose-based sending (reports.firmname.com, client.firmname.com, news.firmname.com). Individual advisors use sarah.chen@firmname.com, not their own personal domains. DMARC at p=reject on all of it.

How do we handle RIA mergers when email domains change?

Warm the new domain for 4–6 weeks before any client communication migration. Send a notification from both old and new domains ("our firm is now named X, future communications from @newdomain") during the transition. Keep MX records on the old domain for at least 12 months to catch replies.
Related reading

Check your deliverability across 20+ providers

Gmail, Outlook, Yahoo, Mail.ru, Yandex, GMX, ProtonMail and more. Real inbox screenshots, SPF/DKIM/DMARC, spam engine verdicts. Free, no signup.

Run Free Test →

Unlimited tests · 20+ seed mailboxes · Live results · No account required