Email Deliverability for SaaS: A Practical Guide

Deliverability is boring until your password reset emails start landing in spam. Then it's suddenly very interesting.

This guide covers what actually matters for SaaS email deliverability, without the paranoia-inducing complexity that most articles pile on.

The Basics: DNS Authentication

Three DNS records matter. Set them up correctly once and mostly forget about them.

SPF (Sender Policy Framework)

SPF tells receiving servers which mail servers are allowed to send email for your domain. It's a TXT record that lists authorized senders.

Your email provider will give you the specific value. It looks something like:

v=spf1 include:_spf.provider.com ~all

Common mistake: Having multiple SPF records. You can only have one. If you use multiple email services, combine them into one record.

DKIM (DomainKeys Identified Mail)

DKIM adds a cryptographic signature to your emails. The receiving server can verify the email wasn't tampered with and actually came from you.

Your email provider generates DKIM keys. You add their public key as a DNS record. They sign outgoing emails with the private key.

Setup: Follow your provider's instructions. It's usually adding a CNAME or TXT record with a specific selector name.

DMARC (Domain-based Message Authentication)

DMARC tells receiving servers what to do when SPF or DKIM fail. It also enables reporting so you can see who's sending email as your domain.

Start with a monitoring-only policy:

v=DMARC1; p=none; rua=mailto:dmarc@yourdomain.com

After monitoring for a few weeks and confirming everything's working, move to enforcement:

v=DMARC1; p=quarantine; rua=mailto:dmarc@yourdomain.com

Or strict rejection:

v=DMARC1; p=reject; rua=mailto:dmarc@yourdomain.com

Sender Reputation

Email providers (Gmail, Outlook, etc.) track your sending reputation. Good reputation = inbox. Bad reputation = spam folder.

What builds good reputation:

• People open your emails. High open rates signal wanted mail.
• People click links. Engagement indicates value.
• People reply. Strongest signal of legitimacy.
• Low bounce rates. You're sending to valid addresses.
• Few spam complaints. People aren't marking you as junk.

What damages reputation:

• High bounce rates. Sending to invalid addresses looks spammy.
• Spam complaints. Even 0.1% complaint rate is concerning.
• Spam traps. Old addresses turned into honeypots.
• Sudden volume spikes. Going from 100 to 10,000 emails overnight looks suspicious.
• Inconsistent sending. Sporadic large bursts then silence.

Practical Guidelines

For transactional email

Transactional emails (password resets, receipts) have naturally high engagement. People expect and open them. Your main risks:

• Sending to bad addresses. Implement email verification at signup.
• Slow delivery. Use a provider known for speed (Postmark, Resend).
• Getting mixed with marketing. Consider separate infrastructure if you send high marketing volume.

For marketing email

Marketing emails face more scrutiny. Guidelines:

• Only email people who opted in. Never buy lists. Never scrape addresses.
• Make unsubscribe easy. One click. No login required.
• Clean your list regularly. Remove bounced addresses immediately. Remove chronically unengaged subscribers periodically.
• Warm up new sending domains. Start with small volumes to engaged subscribers, gradually increase.
• Send consistently. Regular sending patterns build reputation better than sporadic blasts.

What Your Email Provider Handles

Good email providers (Sequenzy, Resend, Postmark, Customer.io) handle:

• IP reputation management
• Bounce processing
• Feedback loop processing (spam complaints)
• List-Unsubscribe headers
• Automatic suppression of problem addresses

You don't need to manage these yourself. Pick a reputable provider and let them handle the infrastructure.

Testing Deliverability

Before major campaigns:

1. Send test emails to your own Gmail, Outlook, Yahoo accounts
2. Check if they hit inbox or spam
3. Use tools like Mail-Tester.com for detailed analysis
4. Check your domain reputation at Google Postmaster Tools (if you send significant volume to Gmail)

Red Flags to Watch

• Open rates dropping suddenly. Might be deliverability, might be content. Investigate.
• Bounce rates above 2%. Something's wrong with your list hygiene.
• Spam complaints above 0.1%. Review your sending practices.
• Emails going to spam for specific providers. Check authentication and content for that provider's guidelines.

What Doesn't Matter Much

Things people worry about that rarely cause actual problems:

• Email length. Gmail doesn't penalize long emails.
• Images vs text ratio. Old spam filter logic, mostly irrelevant now.
• Certain "spam trigger words." "Free" in your subject line won't tank deliverability.
• Sending time optimization. Matters more for opens than delivery.

The Bottom Line

1. Set up SPF, DKIM, and DMARC correctly
2. Use a reputable email provider
3. Only email people who want to hear from you
4. Make unsubscribe easy
5. Remove bad addresses promptly

That's 90% of deliverability. The remaining 10% is edge cases you'll handle as they come up.

Deliverability Setup Guide

Step 1: SPF Record Setup

Add a TXT record to your domain's DNS:

v=spf1 include:_spf.youremailprovider.com ~all

Your email provider will give you the exact "include" value. Common mistake: Having multiple SPF records. You can only have one - combine all include statements into one record.

Step 2: DKIM Record Setup

Your email provider generates DKIM keys. Add their public key as a CNAME or TXT record:

selector1._domainkey.yourdomain.com CNAME dkim1.provider.com

Follow your provider's instructions exactly. The selector name varies by provider.

Step 3: DMARC Record Setup

Start with monitoring-only policy:

v=DMARC1; p=none; rua=mailto:dmarc@yourdomain.com

After 2-4 weeks of monitoring (and confirming everything works), move to quarantine:

v=DMARC1; p=quarantine; rua=mailto:dmarc@yourdomain.com

Then eventually to reject (strictest):

v=DMARC1; p=reject; rua=mailto:dmarc@yourdomain.com

Frequently Asked Questions

How do I check my current deliverability?

Send test emails to your own Gmail, Outlook, and Yahoo accounts. Check which folder they land in (inbox vs. spam). Use free tools like Mail-Tester.com for detailed analysis. If you send significant volume to Gmail, set up Google Postmaster Tools for reputation monitoring.

What's the difference between soft and hard bounces?

Hard bounces are permanent (email address doesn't exist, domain invalid). Remove these addresses immediately - they damage sender reputation. Soft bounces are temporary (inbox full, server down). Keep sending to soft bounces for a few days, but remove if they continue to bounce.

Should I use separate domains for transactional and marketing email?

Early stage: No, use one domain. It simplifies setup. Scale stage: Consider separating if you send high marketing volume (50k+/month) and see deliverability issues. Common setup: mail.yourdomain.com for marketing, transactional.yourdomain.com for transactional. This isolates reputation so marketing performance doesn't affect critical transactional emails.

How do I warm up a new sending domain?

Start with small volumes to engaged subscribers: Day 1: 50 emails, Day 3: 100 emails, Day 7: 250 emails, Day 14: 500 emails. Gradually increase over 4-6 weeks. Send only to your best subscribers initially (recently active, high engagement). Never start with a large blast to a cold list.

What's a good spam complaint rate?

Below 0.1% is good. Above 0.1% investigate why. Above 0.5% you have serious problems. Common causes: Poor list quality (bought lists, scraped addresses), misleading subject lines, too frequent sending, or difficult unsubscribe process. Make unsubscribe one-click and obvious.