Email infrastructure and spam issues

We send 800k+ emails a month, and I have spent the last 2 years understanding every reason for emails landing in spam. Today, I am sharing all the good resources I found during this journey! Most emails don’t get blocked because you’re a spammer. They get blocked because you missed one tiny config buried in a 20-year-old spec. Email delivery feels a little like a black box! Old docs, conflicting advice, and invisible rules. So sharing the list I wish I had when we started. 1. LearnDMARC (learndmarc.com) - An interactive visualizer that makes SPF, DKIM, and DMARC simple and easy to understand. 2. Postmark’s “Why Emails Go to Spam.” - The clearest explanation of sender reputation, content filters, and engagement signals. 3. MXToolbox - Debug SPF/DKIM/DNS issues 4. Mail-tester.com - Send a test email, get a deliverability score. My go-to before every big template change. 5. Google Postmaster Tools - Gmail’s own dashboard for domain reputation. No more guessing. 6. RFC 5321 (SMTP spec) - Yes, this feels intimidating. But even skimming it gave me massive clarity on how email really works. 7. Spamhaus blog: Word to the Wise - Insights on sender reputation straight from the people who run the biggest blocklists. This is one of the best blogs I have found on the internet! Email isn't glamorous. But it’s critical infrastructure. And most of the knowledge is scattered across forums and old blog posts. If you’re building anything that sends email, save this! It’ll save you a loooot of time debugging!

Your email deliverability didn’t drop… it flatlined. And most founders are still sending emails like it’s 2019. Last quarter I watched a $42M brand lose 38% of their Black Friday revenue overnight. Not because ads got expensive. Not because Shopify broke. Because Google + Microsoft quietly changed their filters. 61% of their emails went to Updates or straight to Spam. They had “perfect” setup: ✓ Great reputation ✓ Perfect DKIM ✓ 6-year warm IP Didn’t matter. The new AI filters crushed them anyway. When they called me freaking out, I asked one question: “When’s the last time you checked your email intelligence?” Blank stares. They’d never heard of it. The simple truth (screenshot this): Email in 2025 isn’t “send a blast and pray.” It’s AI-managed reputation. Google, Microsoft, and Apple judge every sender in real time. The winners = brands that send smart signals The losers = brands that keep sending like nothing changed. Old rules (RIP): • Keep complaints low • Warm up your IP • Use a big ESP and you’re fine These don’t work anymore. New rules (2026+): • Every subscriber acts like a “reputation sensor” • One bad segment can poison your whole domain • AI predicts spam complaints before a user opens • Inconsistent sending kills reputation fast • List hygiene must be daily, not quarterly Real examples happening right now: • Brand with 1.4M list: Inbox rate dropped 94% → 41% after adding one bad list • Fintech: Lost Apple Mail deliverability because 0.7% of their list was role accounts • DTC brand: Gmail inbox fell 98% → 27% overnight after sending old data The 2025 Email Intelligence Checklist (Do these or expect pain) 1) Remove traps/roles within hours 2) Check reputation every day 3) Segment by engagement + risk 4) Use separate domains for transactional/marketing 5) Avoid random “bursts” — plan volume 6) Create positive signals (polls, clicks, replies) 7) Lock down your infrastructure (BIMI, MTA-STS, etc.) Do all 7 = 99% inbox. Miss even one = random spam placement forever. This is the biggest gap since 2003. Most founders think deliverability is “set it and forget it.” They won’t realize the game changed until revenue drops. If you want my 47-point audit that fixes this in under 30 days, comment “INTEL.” Most won’t. The ones who do will own the inbox while everyone else screams into spam. The new email game already started. You’re either building intelligence… or you’re the signal someone else exploits.

Your inbox warm-up is training providers to distrust you. (I'm talking about warming up new sending domains / inboxes for cold or outbound email — not newsletters.) Agency owners tell me this weekly: → "We warmed it up for 3 weeks" → "Open rates still tanked" → "Outlook keeps flagging us" Their warm-up did exactly what it was designed to do. The problem? It was designed without real deliverability infrastructure. This is where tools like Warmy.io - Email channel. Reliable. come in — not as a growth hack, but as the control layer between your domains and inbox providers. Reality #1: Volume ramp ≠ reputation engineering → Day 1: Send 10 → Day 7: Send 25 → Day 14: Send 50 → Day 21: Still flagged That's not warm-up. That's guessing with your domain. Reality #2: Generic warm-up creates generic signals Most inbox warm-up fails because it produces: → Shallow engagement patterns providers learn to discount → Repetitive behavior that looks automated at scale → No provider-specific logic (Gmail ≠ Outlook ≠ Yahoo) → No monitoring. No alerts. No guardrails. Inbox providers don't reward activity. They reward believable, consistent behavior over time. Reality #3: Authentication ≠ inbox placement I've audited sending domains with: → SPF / DKIM / DMARC valid ✓ → Domain health marked "high" ✓ → Inbox placement above 90% ✓ Still landing in spam. The difference between inboxes that recover and inboxes that burn? Controls. Monitoring. Observability. Not copy. Not timing. Not subject lines. What real inbox warm-up infrastructure looks like (how I use Warmy): → Provider-weighted logic (Gmail tolerance ≠ Outlook tolerance) → Continuous domain + inbox reputation monitoring (catches drift before damage) → Inbox placement testing by provider (not averages) → Dynamic warm-up control (auto slow-down when signals dip) → Real-time alerts (before domains get burned) → Seed lists designed for realistic engagement Cold email doesn't fail at send time. It fails weeks earlier — during warm-up. The fix isn't "write better emails." The fix is treating deliverability like infrastructure. 🔗 Try it yourself 👉 Explore Warmy here: https://lnkd.in/gGZzMhv6 Free 7-day trial — see inbox placement by provider before you scale outbound.

 “Just send an email.” It looks like a one-liner: await sendEmail(to, subject, body); But in production, that line explodes into a full subsystem. Here’s what you actually end up building 👇 1. Reliability - never send inline Sending directly inside a request works… until latency spikes or the provider times out. You decouple it using a queue (Kafka, SQS, or RabbitMQ) -> a background worker processes sends. Each message gets a unique message_id for idempotency, retries use exponential backoff, and you persist status = pending/sent/failed. 2. Deliverability - “sent” != “delivered” Your API logs “200 OK,” but user didn't get it. You need webhooks from SES/SendGrid to capture delivered, bounced, or spam events. Those callbacks update your DB, mark bad addresses inactive, and feed a delivery analytics dashboard so you actually know what happened. 3 Spam filters & domain reputation You can write the best emails, and still end up in spam if you skip the basics: Set up SPF, DKIM, and DMARC. Warm up new domains gradually (start with low send volume). Use a dedicated sending domain (e.g., mailer.myapp.com) and separate IPs for transactional vs marketing. Without this, your whole app’s communication pipeline can get blacklisted overnight. 4 Personalization at scale You’re not just sending static HTML. Each email has dynamic placeholders ({{user.name}}, {{order.id}}), localized text, and sometimes attachments. You pre-render templates (Liquid/MJML), cache HTML in Redis, and bulk fetch user data to avoid DB thrash. At high volume, even template rendering becomes a performance bottleneck. 5 Observability & throttling At scale, email providers rate-limit you. You’ll need token-bucket throttling, multiple provider fallbacks, and metrics (Prometheus/Grafana) for latency and bounce trends. When one region hits its SES quota, your system should automatically failover to another provider without losing events. That “forgot password” email that lands in 2 seconds? It’s backed by queues, workers, webhooks, templates, cryptographic signatures, and deliverability tuning.

“Marketo and some other ESPs send all your emails to spam.” Don't they? Your ESP does impact deliverability; but not in the way most marketers think. Inbox providers don’t hate Marketo. They distrust bad senders. Marketo, HubSpot, Mailchimp, Klaviyo, all host thousands of senders. If you’re on a shared IP with shady neighbors, inbox providers might punish you too. Let’s be honest: some ESPs are just plain bad. 1. They let anyone send, no vetting, no compliance, no limits. 2. Their IP ranges show up repeatedly on blocklists. 3. Their support shrugs off your inboxing issues with generic answers. Red flag: If your ESP doesn't care who sends what, you’re sharing reputation with spammers. Dedicated IPs help, but they’re not magic. A dedicated IP in a “bad neighborhood” still inherits risk. Without proper warmup, domain alignment, and consistent volume, you're still a stranger to mailbox providers. Think of it like buying a premium car but driving through a toxic zone, you're not protected. The real issue isn’t always the platform, it’s the sending. Switching ESPs won’t fix your deliverability if your: 1. Domain reputation is weak 2. Lists are stale or purchased 3. Content is clickbait 4. Engagement is low These follow you wherever you go. That said, some ESPs are stuck in the past. If your platform doesn’t offer: 1. Custom Return-Path 2. ARC header support 3. Reliable bounce categorization 4. Fast IP warm-up tools 5. Responsive deliverability support Then yes, that’s a reason to leave. So what does drive inbox placement? Focus on these fundamentals: 1. Domain-level reputation and alignment (SPF, DKIM, DMARC) 2. Strong engagement signals (opens, clicks, replies) 3. Clean, opt-in-only lists 4. Consistent volume and sending patterns 5. Fast bounce/suppression handling 6. Relevant, non-spammy content Blaming your ESP is easy. But sometimes, they do deserve it. If your setup is right, but inboxing still fails, ask: 1. Who else is sending from this subnet? 2. Is the ESP proactive with abuse management? 3. Are they helping or just blaming Gmail? If your ESP doesn’t protect your reputation, you need to protect yourself, by leaving. Bottom line: The ESP is your infrastructure. Your deliverability is your responsibility, but if the infrastructure is broken, no amount of sender best practices can fix it. Have you dealt with shady ESPs or deliverability disasters? Let’s talk. #emailmarketing #deliverability #ESP #marketo #inboxstrategy #emailtruths #email

Let’s talk about Extended Message Trace. A few years ago, I posted a WhatsApp status that said, 'I don’t believe in anything but EMTs only.' Looking back, I still stand by it. EMTs are essentially the DNA of an email system. They track an email’s journey from the moment it's sent to its final destination, offering unmatched transparency and control. In this post, I’ll break down what EMTs are and why they’re a game-changer for anyone managing email systems. While a traditional message trace solves most issues, sometimes we need to dig deeper—and that’s where EMTs comes to the rescue. Let’s be honest, reviewing an EMT can be quite the adventure at work. It’s like trying to find a needle in a haystack—but there’s a unique satisfaction when you finally uncover the insights you’re looking for. Inside an EMT, you’ll find: Sender and recipient information: Who sent the email and who received it. Email routing: The exact path the email took across servers. Timestamps: When the email was sent, received, and processed at every step. Delivery status: Whether the email was delivered, delayed, or failed—and why. Actions applied: Any rules, filters, or policies (e.g., spam checks) that acted on the email. One of the most important pieces of information in an EMT is the custom_data field. Here, you'll find the transport rules processed on the email, anti-spam policies, and any content filtering applied. Key components in the custom_data field: Transport Rule Agent (TRA): ETRP: Transport rule processed but not applied. ETR: Transport rule applied. Details: Includes rule ID, last modified date, conditions, actions, and execution time. Content Filtering Agent (CFA) - AntiSpam Agent (AS): Spam Details: Spam verdict (sfv), risk level (rsk), spam confidence level (scl), bulk confidence level (bcl), phishing confidence level (pcl), and internal spam rules matched (sfs). Actions: di=sd: Email deleted. di=sq: Email quarantined. IP Analysis: CIP: Connecting IP address. IPV Verdicts: NLI: IP not on a reputation list. CAL: IP in the connection filter allow list. Advanced Spam Filtering (ASF): Indicates whether advanced filtering was applied. This structured logging provides detailed insights into email processing, including applied rules, labels, spam filters, and decisions made at various stages. Fun Fact: Not many people know this—an EMT should only be initiated at least four hours after an email is sent or received. If you run an EMT before the four-hour mark, it will return a "No message found" result. And yes, EMTs can take anywhere from 2 hours to 24 hours or more to generate results, depending on the complexity and size of the data being traced. PS: This is just the tip of the iceberg when it comes to EMTs—there’s so much more to explore. Feel free to drop any questions you might have in the comments. I’m happy to answer. #ExchangeOnline #MSFTAdvocate #Microsoft365

I burned through $15K perfecting cold email copy. Here's what I learned when I focused on deliverability instead. While I was obsessing over subject lines and CTAs, most of my emails were landing in spam folders. I had killer copy that nobody ever saw. But here's what happened when I fixed the infrastructure piece first… I went from ignored emails to 800,000+ monthly sends at ColdIQ. If your cold emails aren't working, deliverability beats copy every single time. WHY DELIVERABILITY IS EVERYTHING: 1. Perfect copy means nothing in spam. You can have killer targeting, perfect messaging, incredible offers... but if your email lands in spam? Game over. 2. It compounds everything else. Once your domain reputation is down, even your transactional emails start getting flagged and won't get delivered anymore. So how do you make your email in the primary? 1. Protect your main domain. Never send cold emails from your primary domain. We use 70+ secondary domains to keep our brand safe and our main inbox clean. 2. Distribute volume across multiple mailboxes. Set up 140+ mailboxes across those domains. Keep it under 50 sends per day per domain. High volume too early = instant red flag. 3. Get your technical foundation bulletproof. Set up SPF, DKIM, and DMARC authentication. Without proper technical set-up, you're flagged as suspicious by default. 4. Warm up. Send nothing for 2 weeks. Use premium warm-up tools to build trust gradually with ESPs. Ramp slowly to avoid triggering their spam filters. Patience here pays dividends later. 5. Natural variation. Use Spintax or tools like Twain to introduce variations in your messaging. Even small variations help you avoid the repetition triggers that scream "mass email blast" to spam filters. Remember, list quality plus message still matter most. Even with perfect infrastructure, if your list is off and your message is weak, you'll still land in spam. Deliverability gets you to the inbox, but the relevance keeps you there. Monitor everything rigorously. Use tools to track your sender reputation across all ESPs. We check deliverability rates daily (it's that critical). Infrastructure gets you to the inbox, but your targeting plus messaging determines what happens next. I've put together a 7-day GTM crash course that includes our exact setup, authentication templates, and the monitoring systems we use to protect the campaigns of our 70 clients. Reply with "SETUP" if you want access before your next campaign goes live.

Most senders jump straight to “fixing” email issues without figuring out what broke in the first place. That’s a mistake… one that slows your resolution time and can drag in people who don’t need to be involved (yet, anyway). The reality in most cases is that deliverability issues can be a cocktail of causes. So before you fire off your re-engagement campaigns or start rewriting all your copy, stop and ask yourself: 💌 When did this start? Trace it back to the actual drop, not when you noticed it. In some cases, you step off a cliff. Other times, it’s a slow decline that actually started months ago. Get your goggles out and trace the timeline. 💌 Where is it happening?  Are all mailbox providers affected, or just one? Scope matters. For example, Gmail is very heavily focused on user engagement, so if your open rates are 2% at Gmail while they’re +30% at other top destinations you send to, you’ve likely hit the spam folder. You can now turn your attention toward recipient reactions (spam complaints, opens, clicks, unsubscribes). But if Microsoft is bouncing everything in sight, you’ll want to look more closely at authentication, blocklists, and IP reputation. 💌 What changed upstream? Sure, it could be your ESP or the mailbox provider. But 9 times out of 10, that call is coming from inside the house. So, take a good look around to see if anything (and I mean anything) may have changed on your side. Did you: - Launch a new campaign that got a different reaction? - Add a new segment or acquisition source? - Did you change frequency?  - Switch platforms or mess with DNS? You can’t fix what you don’t understand, and even a small change can ripple downstream. So put down the duct tape. and diagnose first! I break down the full diagnostic process on my Send It Right blog. Check it out if you want to turn a crisis into a blip (or need to convince your boss you’re not just guessing). If this already sounds painful and you want help troubleshooting, hit me up. Sometimes a 20-minute chat beats a 5,000-word rabbit hole (even though I looooove a good deliverability rabbit hole). 💌

The Cold Email Deliverability Diaries: Had a customer w/ 0% deliverability (yikes!) They were doing all the right things. Spun up a subdomain. Set all the DNS properties correctly. Warmed the emails. But, something was going horribly wrong. It's an 0365 feature, not a bug. They were hosting both domains within the same infrastructure. Microsoft, 0365, doesn't guarantee IP matching for subdomains. (this is bad for you, but it's a safeguard to keep non-enterprise customers from sending high volumes of cold email) So every inbox they hit "thought" the email was spoofed. (spoofed = someone pretending to be them) Instantly going to spam jail. Easy fix. Spin up a separate instance to host the domain. Redirect the site traffic back to your (separately hosted) primary domain. Warm the emails again. Back to sending. You'll have to maintain the new instance. You'll have to buy 0365 seats for the new email addresses. But, a small price to pay to land in the primary inbox.

our spam problem isn't about what you write — it's about how you send. Most teams obsess over subject lines and personalization. Meanwhile, spam filters are judging something else entirely: your sending infrastructure. If you're sending cold email from standard Gmail/Outlook setups, here's what happens behind the scenes: • Too much volume per mailbox → reputation drops • Shared IP pools → you inherit others' bad behavior • No rotation → burned senders keep sending • Weak authentication → trust signals fail • Manual setup → errors compound over time So even strong messaging gets buried in spam. Maildoso was built to remove these failure points from the system. → Mailboxes and domains created + authenticated automatically → Volume distributed safely across large sender pools → Reputation tracked continuously → Burned mailboxes rotated out and replaced (self-healing) The shift is simple: Stop treating cold email like regular email infrastructure. When your sending layer is purpose-built, deliverability stops being a daily battle and starts being predictable.