Most deliverability problems come from just 5-6 common issues
Regular audits prevent problems before they tank your reputation
How to Use This Checklist
This checklist covers everything that affects email deliverability. Use it to:
Audit your current setup before sending campaigns
Diagnose deliverability issues when emails go to spam
Set up a new domain correctly from the start
Each section includes what to check, why it matters, and how to fix issues.
Quick Start: Scan your domain with MailRisk to automatically check authentication records and get your risk score.
Email Authentication (10 points)
SPF (Sender Policy Framework)
[ ] SPF record exists — Without SPF, emails can't be verified
[ ] All sending services included — Every server that sends email needs to be listed
[ ] Using -all (hard fail) — Rejects unauthorized senders
[ ] Under 10 DNS lookups — Too many lookups = SPF fails
[ ] Single SPF record — Multiple SPF records break authentication
DKIM (DomainKeys Identified Mail)
[ ] DKIM enabled — Signs emails with your domain's private key
[ ] DKIM records in DNS — Public key published for verification
[ ] All services have DKIM — Each email service needs its own DKIM setup
[ ] Key is 2048-bit — 1024-bit keys are deprecated
DMARC
[ ] DMARC record exists — Tells providers how to handle failed authentication
[ ] Policy is quarantine or reject — p=none only monitors, doesn't protect
[ ] Reporting enabled (rua) — You can't fix what you can't see
[ ] Subdomains covered — Use sp= to protect subdomains
Domain & IP Reputation (8 points)
Domain Reputation
[ ] Domain is 30+ days old — New domains have no reputation
[ ] Not on email blacklists — Check MXToolbox, Spamhaus
[ ] Clean domain history — Check if domain was used for spam before you owned it
[ ] Proper MX records — Valid mail servers configured
IP Reputation
[ ] Sending IP not blacklisted — Check all major blacklists
[ ] Dedicated IP (if high volume) — Don't share reputation with others
[ ] IP properly warmed up — Gradual volume increase on new IPs
[ ] Reverse DNS configured — PTR record matches your domain
Content & Formatting (6 points)
Text Content
[ ] No spam trigger words — "Free", "Urgent", "Act now" = spam folder
[ ] Personalization included — Generic templates get flagged
[ ] Text-to-image ratio is high — Text-only or mostly text
[ ] No deceptive subject lines — "Re:" on cold emails = spam complaint
Links & Formatting
[ ] Limited links (1-3) — Too many links = spam behavior
[ ] No link shorteners — bit.ly, etc. are spam signals
[ ] No suspicious attachments — PDFs and docs get scanned
[ ] Plain text version included — Important for deliverability
Sending Infrastructure (6 points)
Email Service Setup
[ ] Using reputable ESP — Google Workspace, Microsoft 365, or established platforms
[ ] Proper authentication with ESP — SPF/DKIM configured per their docs