Email Deliverability: What Actually Lands in the Inbox

You can write the best newsletter in the world and none of it matters if your emails land in spam. Email deliverability — the percentage of your sends that reach the actual inbox, not the junk folder, not the promotions tab, not the void — is the infrastructure problem that sits underneath every publishing platform discussed in this series. It is unglamorous, it is technical, and it is the difference between an audience that sees your work and an audience that doesn't know you published.

What It Actually Does

"Deliverability" is not one thing. It's the outcome of a chain of systems, each evaluating whether your email deserves to reach the inbox. Understanding the chain is the only way to control it.

The Authentication Stack

Every email you send carries metadata that receiving servers (Gmail, Outlook, Yahoo, Apple Mail) use to decide whether you're legitimate. Three protocols form the foundation, and all three are non-negotiable in 2026. Google and Yahoo made SPF and DKIM authentication mandatory for bulk senders starting in February 2024 — if you're sending newsletters without these configured, your deliverability is already damaged.

SPF (Sender Policy Framework) is a DNS record that tells receiving servers which mail servers are authorized to send email on behalf of your domain. When you send a newsletter through Mailgun, Mailgun's servers are sending the email. Your SPF record says "yes, Mailgun is allowed to send as me." Without it, Gmail sees an email from yourdomain.com coming from a Mailgun IP address and flags it as potentially spoofed. Setting up SPF means adding a TXT record to your domain's DNS. It takes 30 seconds to add and up to 48 hours to propagate. It is one line of text, and not having it is the most common reason new newsletters land in spam.

DKIM (DomainKeys Identified Mail) is a cryptographic signature that proves the email wasn't tampered with in transit. Your sending service (Mailgun, Substack's infrastructure, Kit's servers) signs each email with a private key. The receiving server checks the signature against a public key published in your DNS. If the signature matches, the email is verified as authentic. DKIM setup means adding one or two more DNS records — your sending service provides the exact values. Like SPF, it's a copy-paste job in your DNS provider, but skipping it tanks your deliverability.

DMARC (Domain-based Message Authentication, Reporting, and Conformance) tells receiving servers what to do when SPF or DKIM checks fail. It also sends you reports about authentication failures so you can monitor abuse of your domain. A basic DMARC record — v=DMARC1; p=none; rua=mailto:dmarc@yourdomain.com — starts in monitoring mode, collecting data without rejecting emails. Once you're confident your authentication is clean, you can tighten the policy to quarantine or reject unauthenticated emails. Google requires at least a basic DMARC record for bulk senders. Setting up DMARC without first configuring SPF and DKIM is pointless — it enforces rules that don't exist yet.

The entire authentication stack — SPF, DKIM, DMARC — takes about 15 minutes to configure if you know what you're doing, and maybe an hour if you're learning as you go. It is the single highest-impact thing you can do for deliverability, and it is free.

Sender Reputation

Your domain and the IP addresses you send from have a reputation score — an invisible credit rating that email providers use to decide how to handle your messages. New domains start with no reputation, which is worse than it sounds. No reputation doesn't mean neutral; it means untrusted. Gmail and Outlook are more suspicious of unknown senders than of senders with a track record.

Warming up a sending domain means starting with small volumes and gradually increasing. If you've never sent email from yourdomain.com and you blast 10,000 emails on day one, Gmail will throttle or spam-filter you. The standard warming schedule starts at 50-100 emails per day for the first week, doubling weekly until you reach your target volume. Mailgun, SendGrid, and other providers document specific warming protocols — following them is tedious but essential.

IP reputation matters too, but less than it used to. Most newsletter platforms send from shared IP pools, which means your reputation is partially determined by the behavior of other senders on the same infrastructure. Dedicated IPs are available from most services but only make sense at high volumes (50,000+ sends per month). Below that, a dedicated IP won't have enough sending history to build a strong reputation, and you'll actually get worse deliverability than you would on a warmed shared pool.

Google Postmaster Tools is the free dashboard that shows how Gmail specifically views your domain's reputation. It shows spam rate, authentication success rate, IP reputation, and domain reputation. If you send newsletters and you're not checking Postmaster Tools monthly, you're flying blind on the channel that likely represents 40-60% of your subscriber base. [VERIFY exact Gmail market share for newsletter audiences]

The Gmail Promotions Tab

Landing in Gmail's Promotions tab is not the same as landing in spam, but it's not the inbox either. Open rates from the Promotions tab are meaningfully lower than from the Primary tab — the tab where personal email lives. The difference is significant enough to matter: some studies report 50-70% lower open rates from Promotions versus Primary.

What determines Promotions versus Primary placement is Gmail's machine learning model evaluating your content against patterns it associates with marketing email. Newsletters are, by definition, marketing email. Most newsletters land in Promotions by default. The factors that push toward Primary include: conversational, text-heavy content (not templates), personal sender names (not brand names), low image-to-text ratios, and — this is the uncomfortable one — looking like personal email rather than a newsletter.

Some newsletter operators obsess over Promotions tab avoidance. The pragmatic position: if your content is good and your subject lines are compelling, people will check their Promotions tab. The Promotions tab is where newsletters live. Fighting Gmail's classification is a game of diminishing returns. Focus on writing subject lines people want to open, wherever the email lands.

Content That Triggers Spam Filters

The list of content-based spam triggers is shorter and more rational than the internet makes it sound. The following genuinely increase your spam risk:

Bought or scraped email lists. If you're sending to people who didn't opt in, your spam complaint rate will be catastrophically high. Gmail's threshold for concerning spam rates is 0.3% — three complaints per thousand emails. A bought list will blow through that threshold on the first send and potentially damage your domain reputation permanently.

Excessive links. Emails with dozens of links — especially to different domains — trigger spam filters. Newsletter emails should have links, but if your email looks like a link farm, filters notice.

Image-heavy, text-light emails. An email that's mostly images with minimal text is a classic spam pattern. Filters can't read images, and spammers use image-only emails to bypass text-based scanning. Keep a reasonable text-to-image ratio.

Misleading subject lines. Subject lines that don't match the content, use deceptive formatting (RE: or FWD: when it's not a reply), or employ excessive urgency language are filtered more aggressively.

What is mostly superstition: avoiding words like "free," "discount," or "limited time" in subject lines. Modern spam filters are sophisticated enough that individual trigger words matter far less than overall sending behavior and authentication. If your domain reputation is solid and your authentication is clean, using the word "free" in a subject line won't send you to spam. If your domain reputation is damaged, avoiding trigger words won't save you.

List Hygiene

Your subscriber list degrades over time. People abandon email addresses. They stop opening your emails. Some addresses start hard-bouncing (the mailbox doesn't exist anymore). Every one of these degrades your sender reputation because email providers interpret low engagement and high bounces as signals that you're sending unwanted mail.

The maintenance that keeps deliverability high is straightforward but requires discipline. Remove hard bounces immediately — any reputable sending service does this automatically. Clean soft bounces (temporary delivery failures) after 3-5 consecutive failures. And — this is the hard one — remove subscribers who haven't opened or clicked in 90-180 days. Your subscriber count will drop. Your deliverability will improve. The subscribers who weren't opening weren't subscribers in any meaningful sense; they were deadweight dragging your sender reputation down.

Double opt-in — requiring new subscribers to confirm their email address via a confirmation link — reduces the quality problem at the source. Every subscriber on your list actively confirmed they want to be there. Single opt-in is easier and results in higher initial subscriber numbers, but double opt-in results in higher engagement, fewer spam complaints, and better long-term deliverability. The trade-off is real, and most serious newsletter operators land on double opt-in.

What The Demo Makes You Think

Platform marketing handles deliverability one of two ways. Either the platform manages it and says "we handle deliverability so you don't have to" (Substack, Beehiiv, Kit), or the platform gives you tools and says "here's everything you need for great deliverability" (Ghost, WordPress + email plugin). Both framings are incomplete.

Managed platforms do handle the infrastructure — the IP warming, the sending reputation, the ISP relationships. This is genuinely valuable, and for most independent writers, it's the right choice. But managed platforms can't fix your list quality, your content patterns, or your sending behavior. If you're adding bought subscribers, sending to disengaged lists, or publishing content that consistently generates spam complaints, managed deliverability won't save you.

Self-managed platforms (Ghost via Mailgun, WordPress via whatever email service you connect) give you more control and more responsibility. The control is real — you can manage your own IP reputation, monitor Postmaster Tools, and optimize aggressively. The responsibility is also real — when things go wrong, you're diagnosing DNS records and reading Mailgun support docs, not filing a support ticket with a managed platform.

The demo never shows the maintenance. Deliverability is not a "set it and forget it" configuration. It's an ongoing practice — monitoring, cleaning, adjusting — that requires 30-60 minutes per month for most publishers. Not a lot, but not zero.

What's Coming

Email authentication requirements are getting stricter, not looser. Google and Yahoo's 2024 requirements were the first wave. More providers are likely to follow with their own authentication mandates. [VERIFY] Microsoft has announced similar requirements for Outlook.com taking effect in 2025. The direction is clear: unauthenticated email is dying. Within two years, sending bulk email without SPF, DKIM, and DMARC will effectively guarantee spam placement across major providers.

BIMI (Brand Indicators for Message Identification) is an emerging standard that lets you display your brand logo next to your emails in supported inboxes. It requires DMARC enforcement (not just monitoring) and a Verified Mark Certificate. It's currently supported in Gmail and Apple Mail. The direct deliverability impact is debated, but the brand recognition benefit in the inbox is real. [VERIFY] BIMI adoption among newsletter senders is still low but growing.

AI-powered spam filtering is getting more sophisticated, which is a mixed blessing. Better filtering means fewer false positives for legitimate senders with good practices — and more aggressive filtering of questionable senders. The bar for "looking like a legitimate sender" keeps rising, which favors established publishers with clean practices and hurts newcomers who skip the fundamentals.

The Verdict

Deliverability is approximately 70% infrastructure and 30% behavior. Get the infrastructure right — authentication, warming, reputation monitoring — and most content-level issues become irrelevant. Ignore the infrastructure, and no amount of subject line optimization will save you.

The practical minimum: configure SPF, DKIM, and DMARC for your sending domain. Use double opt-in. Clean your list quarterly. Check Google Postmaster Tools monthly. This takes a few hours upfront and 30 minutes per month ongoing. It's the least exciting work in publishing, and it's the foundation that everything else depends on.

If you're on a managed platform (Substack, Beehiiv, Kit), most of the infrastructure is handled for you. Your job is list hygiene, content quality, and not doing anything that damages the shared sending reputation. If you're self-managing (Ghost via Mailgun, WordPress via SendGrid), you own the full stack and need to treat deliverability as an ongoing operational responsibility, not a one-time setup task.

The honest summary: email deliverability is not hard. It's just boring. And the boring stuff is what determines whether your audience actually sees your work.

This is part of CustomClanker's Publishing Stack series — what actually works for putting stuff online.