Forem: Kristyna Vrbova

How to validate an email address? Quick and simple 🚀

Kristyna Vrbova — Fri, 09 Jan 2026 12:54:00 +0000

Validating an email address means checking that it’s real, active, and able to receive messages.

In this guide, you’ll learn how to verify an email address step by step. We’ll cover the basics of email validation, verification steps, tools and methods for email validation.

If you’re in a hurry, the easiest solution is to use an email validator – like this free online tool. It can instantly check if an email is valid and safe to use.

What is email validation?

Email validation is the process of confirming an email address is properly formatted and actually exists on a mail server, without sending an email.

It means checking that the address has a valid format (like name@example.com), belongs to a real domain, and ideally that the mailbox is ready to receive mail.

Why validate emails?

Because sending to invalid addresses hurts your email deliverability. Invalid emails will bounce back undelivered – a few bounces are normal, but a high bounce rate gives email providers negative signals about your sending practices.

By validating addresses, you ensure you only send to deliverable emails, protecting your sender reputation and improving inbox placement.

How to validate an email address

Validating an email address can be done automatically via email validation tools or manually by following a few sequential checks.

Email validation step-by-step

Below is a manual step-by-step process to verify if an email is valid.

1. Check the email’s format (syntax)

First, ensure the email address is formatted correctly. It should have a local username part, an @ symbol, and a valid domain part (e.g. username@example.com).

Look for common formatting errors: missing @ or dot in the domain, extra spaces, or illegal characters. For instance, an address with a space (john doe@example.com) or a missing TLD (john@example) is invalid.

Make sure the local part doesn’t start or end with a period and only uses allowed characters (letters, numbers, hyphens, underscores, and dots in the middle).

A quick way to do this is using regex or built-in validation functions.

2. Verify the domain name and DNS records

Next, check that the domain (the part after @) is a real, active domain.

You can use a DNS lookup to see if the domain exists and has MX records (Mail Exchange records) – these tell you if the domain has a mail server set up to receive email. If a domain has no MX record (and no fallback mail server via an A record), any email to it will go nowhere and hard-bounce.

Also, be cautious of domains that do exist but look suspicious or are known for spam/disposable emails.

3. (Optional) Perform an SMTP check for the mailbox.

For an even deeper verification, you can perform an SMTP handshake with the email’s mail server. A successful SMTP check can tell you the mailbox exists on the server without sending an email

Using an email validator tool

One of the easiest ways to check if an email is valid is to use an email validator tool. These online services combine all the essential checks into one process.

For example, Sidemail’s email validator (a free online tool) will check an address’s syntax, verify the domain and MX records, flag disposable email domains, catch common typos, and even do an SMTP server handshake.

It provides a clear result for each aspect (whether the address is formatted correctly, the domain can receive mail, if the address passed the SMTP check, etc.), plus an overall valid or invalid verdict.

Why use a dedicated validator?

Because it’s quick and reliable. Instead of manually performing multiple lookups and risking mistakes, the tool automates it.

Another advantage is that professional email validation services can handle bulk lists efficiently. If you have an email list of thousands, you can upload it and let the service bulk-validate all addresses at once.

Also, there are email list cleaner tools, that can help you remove invalid addresses from your list, further speeding up your process and improving deliverability.

Email validation methods explained

In this section, I’ll explain each key component of email validation in detail.

1. Syntax validation

Syntax validation is the first and most basic step – it ensures the email address is formatted correctly. The rules for email format are defined by standards (like RFC 5322).

To explain simply, you need a local part, an @ symbol, and a domain part.

The local part can include letters, numbers, and certain symbols (like periods, underscores, hyphens, plus signs), but it can’t start or end with a dot, and it can’t have spaces

The domain part has to be a valid domain name (letters, numbers, hyphens, dots separating labels) and typically includes a top-level domain like .com, .org, etc.

Syntax checking is a necessary first filter to catch typos and malformed addresses before doing deeper checks. Modern validators handle this for you. Just don’t rely on syntax validation alone – it’s just step 1.

2. Domain & MX record validation

After confirming the email looks properly formatted, the next question is – does the domain exist and can it receive email?

This step involves checking DNS records for the domain part of the email address.

Firstly, a DNS lookup for the domain will tell you if the domain is registered and active. If the domain doesn’t resolve (no DNS records at all), then the email address is not deliverable.

Secondly, and importantly, check for MX records on that domain. An MX record (Mail Exchange record) is a DNS record that specifies which mail server(s) handle email for the domain. If a domain has no MX record, it might still receive mail if it has an A record (as a fallback, some mail servers will try the domain’s A record), but lacking an MX is a strong sign the domain isn’t set up for email. In practice, legitimate email domains almost always have MX records. For example, example.com might have an MX record pointing to mail.example.com. If there are no MX records (and especially if there’s no A record either), any email sent there will bounce immediately.

A domain check should also flag domains that exist but might be problematic, for example disposable email domains. We’ll discuss these more below, but domains like mailinator.com or 10minutemail.net exist and have MX records, yet they’re used for throwaway addresses. A domain check alone won’t rule them out (since technically they can receive email), but a good validator will cross-reference against known disposable domains.

3. SMTP mailbox verification

This is the most direct check: asking the mail server if the address exists.

SMTP (Simple Mail Transfer Protocol) is the protocol through which emails are sent between servers.

Mailbox verification via SMTP goes further than DNS, it is the closest you can get to actually sending an email without sending one. It’s extremely useful, but requires more technical resources, and should be done carefully and with some caution as not all mail servers will give you a straight answer.

That being said, professional email validation tools are a great way to perform this type of verification without the technical overhead.

Double opt-in confirmation

It's important to note, that no method is 100% foolproof.

Email validation greatly reduces bounces, but it cannot guarantee delivery in every case. For example, some mail servers might initially say an address is OK but bounce the message later. Factors like full inboxes, temporary server issues, or spam filters can still cause a valid address to bounce.

That’s why double opt-in is the gold standard when feasible.

Double opt-in is when a user who signs up with their email is sent a confirmation email and must click a link or button to verify that their address is real and that they indeed want to receive emails from you.

Why is this important for validation? Because it’s the only method that confirms deliverability and user intent in one go.

From a deliverability standpoint, addresses obtained via double opt-in have virtually zero chance of bouncing, and you have proof of consent.

Summary

Validating email addresses is an essential practice for anyone who sends emails in bulk. It helps ensure that your messages reach real, active inboxes. By doing so, you protect your sender reputation, improve delivery rates, and save resources.

If you’re ever in doubt or need a quick answer on an email’s validity, don’t hesitate to use Sidemail’s email validator. It’s free, requires no signup, and combines all best-practice checks into one step for you.

Originally published at https://sidemail.io/articles/how-to-validate-email-address/

🤖 MCP in email delivery: AI-generated transactional emails and newsletters

Kristyna Vrbova — Tue, 29 Jul 2025 12:58:00 +0000

One area where MCP (Model Context Protocol) can shine is email delivery. SaaS products regularly send emails to their users – from transactional emails like password resets and notifications, to marketing emails like product updates and newsletters. MCP can enhance and automate these processes by letting AI models directly interface with email services in a controlled way.

AI-powered transactional emails (password resets & notifications)

Transactional emails (e.g. a password reset link, account activation, order confirmation, or system alert) are typically triggered by user actions or application events. Using MCP, an AI agent can handle these email workflows more intelligently. For example, if a user in a chat says, “I forgot my password,” an AI assistant could invoke an MCP server connected to the company’s email service or identity provider to send out a secure password reset email instantly. The AI doesn’t need special hard-coded privileges – it simply calls a standardized “sendPasswordReset” tool via MCP, and the server does the rest (generating the reset link and emailing it to the user).

What’s the advantage here?

Firstly, it simplifies the backend logic – instead of your app calling the email API and constructing the message, the AI agent (guided by user request or an event) can trigger it via MCP as part of its natural workflow.

Secondly, it opens the door for dynamic content. The AI could tailor the notification message based on context. For instance, a usage alert email could include a brief AI-generated summary of what triggered the alert (“Your team uploaded 5 new files today, pushing you over the free storage limit”). The AI could fetch that data via another MCP server (e.g., a database connector) and include it in the email before sending – something very hard to do with a static template system.

Personalized product updates & newsletters with AI

Beyond one-off transactional emails, MCP can boost marketing emails and newsletters, by connecting AI into the campaign workflow. Traditionally, product update emails or newsletters are created by marketers using static templates and segment lists. With MCP and AI, these communications can become more dynamic and personalized than ever.

Using MCP, an AI model could be connected to multiple data sources – for example, your product’s release notes database, the user’s usage history, and an email platform. This allows the AI to generate a custom newsletter for each user or segment on the fly.

Imagine an AI that pulls the list of new features from your wiki (via an MCP documentation server), then checks which features the particular user has used or might benefit from (via an MCP query to your analytics DB), and then writes a tailored product update email highlighting the most relevant new features for that user.

It could even vary the tone or depth of content based on the user’s profile (e.g. technical details for a developer, high-level summary for a manager).

Finally, it can send the emails out through an MCP connector to your email service (like Sidemail, SendGrid, etc.). All of this could happen automatically or with one command from a product marketer to the AI system.

Where email stands with MCP now

This isn’t science fiction – it’s an emerging reality. Major email platforms are starting to integrate AI-driven protocols like MCP into their systems.

The goal is to allow AI to drive personalization and automation within familiar tools. MCP essentially lets the AI do the heavy lifting: real-time data fetching, content generation, and triggering sends, all within the guardrails you set. The benefit to SaaS product owners and marketers is huge: far more engaging emails, and less manual work crafting variants for each audience.

Studies and early adopters are already reporting dramatic improvements in email engagement when using AI with live context. With traditional “batch and blast” newsletters, open rates might be 15–20%, but AI-personalized emails can achieve open rates on the order of 35–45%. Click-through and conversion rates similarly see multi-fold increases.

Why? Because the content is hyper-relevant to each reader. MCP-powered email campaigns aren’t just inserting a first name greeting; they can tailor the entire message to what the AI knows about the recipient’s needs and behaviors. For example, MCP enables “adaptive learning” – the AI can learn from each email interaction (opens, clicks) and adjust subsequent emails for that user, all within the campaign cycle. If a user ignores a certain type of content, the AI can swap it out next time with something more engaging for them, or change the send time, etc., thanks to the continuous feedback loop.

Summary

MCP opens up new possibilities for email delivery in SaaS contexts. For transactional emails, it means smarter, on-demand messaging triggered by AI understanding (with consistent formatting and security). For newsletters and updates, it means truly responsive campaigns that adapt to each user. Product managers and developers can leverage MCP to integrate AI into their email pipelines in a controlled way, achieving the holy grail of “one-to-one” personalization at scale.

Sidemail is among the first email services to add official MCP support for sending and managing emails, contacts, and sending domains – you can read more about Sidemail MCP server in the docs.

Originally published at https://sidemail.io/articles/mcp-in-email-delivery/

MCP (Model Context Protocol) Explained Simply 🤖

Kristyna Vrbova — Tue, 22 Jul 2025 12:07:24 +0000

What is MCP

Model Context Protocol (MCP) is a new open standard that makes it easier for AI systems to connect with external data and services.

In simple terms, MCP acts a bit like an API for AI models – it provides a standard “language” for AI programs to access tools or data from the outside world. This means developers no longer have to write one-off integrations for each service; instead, an AI can use MCP to securely interface with many different data sources through a unified protocol.

Think of MCP like a USB-C port for AI applications: it’s a single, standardized way to plug an AI model into various databases, apps, or APIs.

MCP was developed by Anthropic (the AI company behind Claude) and open-sourced in late 2024. It quickly gained traction as a standard for connecting large language models (LLMs) to the systems where real data lives. In other words, MCP now lets AI “go beyond” its training data by pulling in live information and taking actions through external tools.

Real-world MCP examples

Example 1 – Café reservation

To illustrate, imagine you have an AI assistant that needs to make a reservation for a meeting at a café.

Normally, the AI might not know anything beyond its static training data. But if we give it a way to access an external system (such as a phone or booking API), it can get the job done. MCP is like giving the AI a phone number to call: it can reach out to a service, ask for what it needs, and act on the response.

In practice, this means an AI agent (a program built on an LLM) could use MCP to check your calendar, find an open slot, call the café’s booking system, and reserve a table, all autonomously. This ability to retrieve up-to-date information and interact with external apps is a game-changer for making AI more agentic.

Example 2 – E-commerce customer support

Another example would be a direct-to-consumer e-commerce brand overwhelmed by the steady trickle of “Where’s my order?” messages.

A human agent normally has to juggle three dashboards – Shopify for the order record, ShipStation for live tracking, and Stripe for any refund.

With MCP in the loop, the customer-support AI inside the chat or email thread handles everything in one smooth sweep: it takes the buyer’s order number, queries Shopify through an MCP endpoint to fetch the purchase details, requests real-time tracking data from ShipStation, and if the package shows a failed delivery, triggers a refund via Stripe and sends an apology email that includes a goodwill discount code.

Every interaction is automatically audit-logged at the protocol layer, giving finance a clean trail for any chargeback review while cutting response time from minutes to seconds.

How MCP works

Under the hood, MCP follows a client-server architecture. Here’s what that means:

MCP client
- Every AI app (a chatbot, an AI-powered IDE, etc.) contains a small MCP client.
- Think of it as a built-in plug that lets the AI talk to outside tools.
MCP server
- Each outside service (for example, your database, Gmail, Google Drive, and so on) runs its own tiny MCP server.
- The server is just a translator that turns the service’s features into something the AI can understand.
When the AI needs a tool, its client opens a direct line to that tool’s server. The same AI agent can keep several of these lines open in parallel: one to Google Drive, another to Gmail, another to your database, all managed quietly in the background by the host app.

All communication between the AI client and the servers happens via structured messages, usually in JSON format (following a pattern similar to JSON-RPC). MCP defines a few basic message types:

Requests: Ask the other side to do something or provide data (and expect a response).
Results: Successful responses to a request, containing the data or confirmation.
Errors: Indicate a request failed or couldn’t be processed.
Notifications: One-way messages that don’t require any reply (e.g. a status update or event notice).

A typical MCP interaction begins with a handshake (initialization): the client connects and both sides agree on the protocol version and capabilities.

After that, the client can send requests (like “retrieve file X” or “execute function Y”) and the server will return results. This request-response exchange can continue as needed, and either side can also send notifications (for example, a server could send a “data updated” notification).

When done, either party can terminate the connection gracefully. Because MCP is a protocol (like an agreed set of rules), any client and server following the spec can work together, regardless of what language or platform they’re built on.

MCP is flexible in terms of where these components run. The connections can be local or remote: an MCP server might run as a local process on the same machine (communicating via standard I/O streams), or it could be a remote web service (communicating over HTTP). This flexibility means MCP can operate within a closed enterprise network or across the internet.

MCP essentially standardizes how an AI agent “talks” to tools. The AI doesn’t call an external API directly. Instead, it issues a structured MCP request to a server, and the server handles the actual API calls or data queries, then returns a result to the AI. This indirection provides a clear separation and security layer – the AI only sees the data it requested, in a uniform format, and cannot do anything not exposed by the MCP server. Developers can thus control what actions the AI is allowed to take by defining the MCP servers and their available functions.

Summary

The Model Context Protocol represents a significant evolution in how we integrate AI into real-world applications. We started with a simple idea – give AI a standard way to access external data and tools – and that idea is unlocking more powerful and context-aware AI behavior across industries. MCP makes it feasible to connect an LLM to your business systems (databases, CRM, email, etc.) securely and seamlessly, so the AI can provide relevant, up-to-date answers and even take actions on behalf of users.

For software developers and SaaS product teams, MCP offers a path to add AI “smarts” to your product without reinventing the wheel for each integration.

In the near future, we can expect MCP to become as ubiquitous for AI tools as REST APIs are for web services. For those building SaaS products, it’s worth exploring how MCP could connect your AI models to your context – be it your database, your users’ emails, or your internal APIs – to deliver smarter, more proactive functionality. With MCP, the AI revolution becomes a lot more plug-and-play. The result is AI systems that are context-aware, capable, and truly helpful in real-world tasks, from sending the right email at the right time to handling complex multi-system workflows – all through a few well-defined protocols.

Originally published at https://sidemail.io/articles/what-is-mcp/

🔑 What Is a DKIM Selector?

Kristyna Vrbova — Tue, 01 Jul 2025 12:54:00 +0000

DomainKeys Identified Mail (DKIM) is an email authentication system that uses cryptographic signatures to verify that messages come from an authorized sender and haven’t been altered. A crucial component of DKIM is the DKIM selector, which plays a key role in how DKIM works.

DKIM selector explanation

In simple terms, a DKIM selector is a text string used to identify a particular DKIM key pair (private/public key) in use for signing email. It is included in the header of an outgoing email and helps receiving mail servers find the correct public key in DNS to verify the email’s signature.

The selector is specified in the s= tag of the DKIM‑Signature header, and it serves two important roles:

on the sending side it tells the mail server which private key to use,
and on the receiving side it tells the mail server which public key to fetch from DNS.

In essence, the DKIM selector acts as a namespace or label for a DKIM key, allowing you to have multiple DKIM keys under one domain without conflict.

When you publish your DKIM public key in DNS, you include the selector as part of the record’s name. The general format is:

<selector>._domainkey.<yourdomain>

For example, if your selector is mail and your domain is example.com, the DKIM TXT record’s name will be mail._domainkey.example.com. The content of that DNS TXT record will contain the public key (along with some metadata like the version and key type).

A practical example of two DKIM DNS records on the same domain could be:

selector1._domainkey.example.com – contains public key 1
selector2._domainkey.example.com – contains public key 2

Each email’s DKIM‑Signature header will reference one of these selectors (e.g., s=selector1 or s=selector2), telling the receiver which public key to use for verification

Why are DKIM selectors used

They allow domain owners to use multiple concurrent DKIM keys or to rotate keys seamlessly.

For instance, you might use one DKIM selector/key for your application’s transactional emails and another for your marketing emails or if you use two different email service providers. Each provider can manage its own key pair under a unique selector, and your DNS can host both public keys.

Multiple selectors are also used for DKIM key rotation – e.g., you generate a new key (new selector) every year and decommission the old one, without any email downtime. These practices improve security and prevent any single key from being a single point of failure.

Only one key is used to sign any given message (the selector in the signature tells you which one), but having multiple available keys gives you flexibility in operations.

How DKIM Selectors Work

When setting up DKIM, an organization chooses a selector string (it can be any arbitrary name, e.g. “mail”, “s1”, “2023key”) and configures their mail server to use that selector when signing emails. The mail server adds the selector to all outgoing email signatures as mentioned above (s=<selector> in the DKIM‑Signature header). On the DNS side, the domain owner creates a TXT record at <selector>._domainkey.<domain> containing the public key portion of the DKIM key pair

When an email is received, the receiver’s mail server does the following to validate DKIM:

It parses the DKIM‑Signature header in the email and extracts the domain (d= tag) and selector (s= tag).
It constructs a DNS query to <selector>._domainkey.<d= domain> to retrieve the DKIM TXT record.
It then uses the public key from that DNS record to verify the digital signature in the email header.

If the public key from DNS successfully verifies the signature, the DKIM check passes, confirming that the message was indeed signed by the legitimate domain and wasn’t tampered with. If the key can’t be found or the signature doesn’t match, DKIM verification fails. Without the correct selector, the receiving server wouldn’t be able to find the right key in DNS – which is why the selector is integral to DKIM functioning.

Related terms

In the broader context of email authentication, DKIM is one of three primary standards; the other two are SPF and DMARC.

SPF (Sender Policy Framework): SPF allows a domain to specify which mail servers are authorized to send email on its behalf. This is done via a DNS TXT record that lists permitted IP addresses or hostnames. When an email claiming to be from your domain arrives, the receiver can check the SPF record to see if the sending server’s IP is on the list. If it’s not, the email fails SPF. In effect, SPF helps prevent fraudsters from spoofing your domain to send unauthorized emails.
DKIM (DomainKeys Identified Mail): DKIM is an email authentication method that uses a digital signature to verify that an email was sent by the domain owner and hasn't been altered during transit. It works by signing outgoing emails with a private key and letting recipients verify the signature using a public key stored in the sender’s DNS records.
DMARC (Domain-based Message Authentication, Reporting, and Conformance): DMARC is built on top of SPF and DKIM to enforce alignment (as discussed above) and to provide instructions to receiving servers on how to handle emails that fail authentication. With DMARC, the owner of the domain publishes a DNS record that tells receivers what policy to apply if an email doesn’t pass SPF and/or DKIM checks – for instance, do nothing, quarantine it (e.g. send to spam), or reject it outright.

Together, SPF, DKIM, and DMARC complement each other to improve email trust. SPF defines who can send for your domain, DKIM verifies a message’s integrity and sender via cryptographic signature, and DMARC ties the results together and specifies enforcement. Using all three in tandem is considered best practice for protecting your domain’s reputation and preventing fraudulent emails.

Wrapping up

In summary, the DKIM selector is a mechanism to select the correct key in DNS. It’s chosen when configuring DKIM on the sending side (it can be an arbitrary string, often provided or recommended by your email platform). When reading an email’s headers, you’ll see something like s=txn1; d=saasapp.com in the DKIM‑Signature – which informs us that the public key is published at txn1._domainkey.saasapp.com for domain saasapp.com.

Originally published at https://sidemail.io/articles/what-is-dkim-selector/

⭐ DKIM and Its Setup - Explained Simply with Examples

Kristyna Vrbova — Tue, 24 Jun 2025 10:22:01 +0000

DomainKeys Identified Mail (DKIM) is a core component of modern email authentication. It allows domain owners to digitally sign outgoing emails.

In this guide, we’ll explain DKIM in simple terms, why it matters, and how it works behind the scenes. Whether you're using an email delivery service like Sidemail, Sendgrid, Mailgun or similar, or managing your own mail server, this article will guide you through everything you need to know to get DKIM up and running smoothly.

What is DKIM? Explained simply

DomainKeys Identified Mail (shortly DKIM) is an email authentication standard that uses cryptographic signatures to verify that an email was truly sent by the owner of the sending domain and that it wasn’t altered in transit. It allows you (your service, application, or website) to “sign” its outgoing emails with a digital signature linked to your domain.

Imagine DKIM like putting a unique, tamper-proof seal on every email you send, so that when it arrives, the recipient’s mail service can check that it really came from you and hasn’t been changed along the way. It works by using a digital signature, created with a private key only the sender controls, and matched against a public key published in their domain’s DNS records. If the signature checks out, the email is considered authentic and trustworthy; if not, it might be treated as suspicious or rejected. This helps protect against email forgery and ensures messages stay intact from sender to recipient.

Why does DKIM matter?

Because email is a critical channel for user communication – from verification codes and password resets to onboarding emails and newsletters. Implementing DKIM is one of the best ways to protect your brand against email spoofing and to ensure reliable delivery. It effectively ties your domain’s identity to every email you send, making it much harder for attackers to send fraudulent emails pretending to be from your SaaS. In conjunction with other measures, DKIM improves your email deliverability (less chance of being flagged as spam) and safeguards your customers by preventing tampering with email content.

In short, DKIM adds a layer of trust to your outbound emails that mailbox providers and recipients can rely on.

How DKIM works (step‑by‑step)

At a high level, DKIM works by using a pair of cryptographic keys (one private and one public ) to sign and verify emails. Here’s a step-by-step overview of how the DKIM process unfolds:

Key generation:
- A domain owner (or their email service provider) generates a public/private key pair for DKIM. The private key is kept secret on the sending mail server, and the public key is published in the domain’s DNS records (as a special TXT record). This public key DNS entry is known as the DKIM record, and it’s what recipients will use to verify signatures.
Email signing:
- When your service or application sends an email, the mail server uses the domain’s private key to create a unique digital signature for the message. It does this by hashing select parts of the email (for example, the headers like “From:”, “Subject:”, and the message body) and then encrypting that hash with the private key. The result is placed in a new email header called DKIM‑Signature. This header includes: the domain that is claiming responsibility (the d= tag), the selector name (the s= tag – we explained more details about DKIM selectors in separate article), and the signature itself (b= tag), among other metadata. For example, a DKIM‑Signature header might look like:
```
DKIM-Signature: v=1; a=rsa-sha256; d=saasapp.com; s=txn1;
h=from:subject:date:content-type; bh=…; b=<long signature hash>
```

* This header is added to your email and travels with it to the recipient.

DNS lookup (public key retrieval):
- When the recipient’s mail server gets the email, it sees the DKIM‑Signature header and extracts the domain (d=saasapp.com) and selector (s=txn1). Using these, the receiver constructs a DNS query to retrieve the public key. Specifically, it looks up a TXT record at txn1._domainkey.saasapp.com, which is the location of the DKIM public key for that domain/selector. (By convention, all DKIM public key records live under the _domainkey subdomain of your domain.)
Signature verification:
- The recipient’s mail server then uses the fetched public key to decrypt the signature in the DKIM‑Signature header. It also computes its own hash of the email’s relevant parts (the same parts that were hashed by the sender). If the decrypted signature matches the hash that the receiver computes, it means two things:
  - the email truly originated from the holder of the domain’s private key (i.e., your SaaS or its mail service), and
  - the email’s headers and content weren’t altered in transit. In other words, the signature is valid and the email passes DKIM verification.
Resulting trust:
- If DKIM verification passes, the recipient server flags the message as authenticated for that domain. This makes the email far more likely to land in the inbox rather than being suspected as spam or phishing. (Other filters still apply, but DKIM pass is a positive signal.)
- If the DKIM check fails (because the signature was missing, broken, or the keys didn’t match), the email will be treated with suspicion – it might be marked as spam or rejected, especially when combined with other policies like DMARC (more on that later).

How to set up DKIM for your domain

Setting up DKIM may sound technical, but modern email providers (ESP) and services have made it straightforward. As a SaaS company, you’ll typically use an email sending service (like Sidemail, SendGrid, Mailgun, etc.) or your own mail server to send emails. Let’s break down the setup process:

DKIM setup with email delivery services (e.g., Sidemail, SendGrid, Mailgun)

Obtain DKIM from your dashboard
- Most email delivery services generate a DKIM key pair for you. This includes a public key (to be published in DNS) and a private key (used by the provider to sign emails). You’ll typically find this in the service’s dashboard under sections like “Domain authentication” or “Sending domains.”
Publish the Public Key via DNS
- Your provider will supply one or more DNS records (CNAME or TXT). These records must be added to your domain’s DNS settings. Be sure to include the entire public key string without modifying it, and avoid line breaks, spaces, or punctuation changes.
- CNAME record example: Name: ka76aowijf._domainkey Value: ka76aowijf.dkim.sidemail.net
- TXT record example: Name: selector._domainkey.yourdomain.com Value: v=DKIM1; k=rsa; p=MIIBIjANBg…(base64 public key)
Verify DNS Setup in Your Provider Dashboard
- Once the DNS record is added, the provider will typically attempt to verify it. Status indicators like “DNS record not found” will change to “Verified” once the record is correctly propagated.
Start Sending Signed Emails
- Once verification succeeds, your emails will be automatically signed with the DKIM private key managed by the service. No code changes are needed. If you want to double-check it’s working, send a test email and check for the DKIM‑Signature header, ensuring the domain in the d= field matches yours.

💡 Note: Some modern email services like Sidemail offer direct integration with DNS providers such as Cloudflare. This allows you to authenticate with your DNS provider through the service’s dashboard and have all required DKIM records added automatically, eliminating the need for manual copy-pasting or DNS editing.

DKIM setup for self-hosted mail servers

1.Generate a DKIM key pair

You can use OpenSSL, which is commonly preinstalled on Unix/Linux systems to generate a key pair:

a. Generate a 2048-bit private key (private key will be then used by your server to sign outgoing emails)

openssl genrsa -out mail2025.private 2048

b. Extract the public key (public key will be then published in DNS)

openssl rsa -in mail2025.private -pubout -out mail2025.public

c. Extract the Base64 public key for DNS

awk 'NR>1 && NR<$(NF){printf "%s", $0} END {print ""}' mail2025.public | \
sed 's/-----.*-----//g' | tr -d '\n' > dkim_key.txt

2. Publish the Public Key via DNS

Create a TXT record in your DNS zone. If you used commands above for generating DKIM key pair, open dkim_key.txt, copy the content, and paste it into your TXT record like this:
Name: mail2025._domainkey.yourdomain.com
Value: v=DKIM1; k=rsa; p=<contents_of_dkim_key.txt>

3. Configure your mail server to sign emails

Update your mail server settings to use DKIM signing. This involves:
Specifying the path to the private key
Setting the DKIM selector (used in the DNS name)
Enabling signing for the correct domain(s)

4. Verify your DNS records

Use tools like nslookup, dig, or online DKIM checkers to confirm your DNS record is visible. Propagation can take a few minutes to 72 hours depending on your TTL settings.

5. Test email signing

After setup, send a test email and inspect the headers for a DKIM-Signature. Look for your domain in the d= tag to ensure the signature is applied correctly.

What is DKIM alignment

Setting up DKIM is an important step in email authentication. But if you choose to use DMARC (Domain-based Message Authentication, Reporting & Conformance) to protect your domain, there’s more to it than just having DKIM – it also needs to be aligned.

DKIM alignment means the domain used in your DKIM signature (the d= value) matches the domain in the “From” address of your email. This helps receivers confirm that the sender is who they claim to be.

Types of DKIM alignment

Relaxed (default): The domains can be a parent and subdomain (e.g., yourcompany.com and updates.yourcompany.com), and still be considered aligned.
Strict: Domains must match exactly. Using yourcompany.com for the DKIM signature while sending from updates.yourcompany.com would fail under strict alignment.

Scenario	From address domain	DKIM `d=` domain	DKIM alignment
Same domain (exact match)	`user@yourcompany.com`	`yourcompany.com`	Aligned (passes in both strict and relaxed)
Subdomain vs. root domain	`user@updates.yourcompany.com`	`yourcompany.com`	Aligned (passes in relaxed mode; fails in strict mode)
Different domains (mismatch)	`user@yourcompany.com`	`someotherservice.com`	Not aligned (fails alignment)

Even if your DKIM signature is valid, it won’t pass DMARC unless the domain is aligned – or unless SPF (another method) passes and is aligned instead. DMARC only requires one of these (DKIM or SPF) to both pass and be aligned.

💡 Note: DMARC is optional, but it’s a valuable to protect your domain from spoofing and phishing. It’s widely recommended, especially for bulk senders.

Related terms – SPF and DMARC

DKIM is a cornerstone of email authentication, but it’s not the only piece. Two other major protocols that SaaS companies should implement are SPF and DMARC:

SPF (Sender Policy Framework): SPF allows a domain to specify which mail servers are authorized to send email on its behalf. This is done via a DNS TXT record that lists permitted IP addresses or hostnames. When an email claiming to be from your domain arrives, the receiver can check the SPF record to see if the sending server’s IP is on the list. If it’s not, the email fails SPF. In effect, SPF helps prevent fraudsters from spoofing your domain to send unauthorized emails
DMARC (Domain-based Message Authentication, Reporting, and Conformance): DMARC is built on top of SPF and DKIM to enforce alignment (as discussed above) and to provide instructions to receiving servers on how to handle emails that fail authentication. With DMARC, the owner of the domain publishes a DNS record that tells receivers what policy to apply if an email doesn’t pass SPF and/or DKIM checks – for instance, do nothing, quarantine it (e.g. send to spam), or reject it outright.

Wrapping up

Together, SPF, DKIM, and DMARC form a triad of defenses for your outbound email.

SPF addresses who can send emails for your domain, DKIM addresses how to verify an email’s integrity and sender via a signature, and DMARC ties the results of SPF/DKIM to the domain’s own policies and enforcement. For a SaaS startup looking to establish trust and hit the inbox consistently, setting up all three is highly recommended.

By implementing these authentication standards, you not only protect your brand’s reputation and your users from phishing, but you also signal to mail providers that you’re a legitimate sender – which over time improves your deliverability.

Originally published at https://sidemail.io/articles/what-is-dkim/

Email Deliverability Best Practices for SaaS Businesses 💌

Kristyna Vrbova — Fri, 20 Jun 2025 16:04:43 +0000

Email is a lifeline for SaaS businesses – it’s how you welcome new users, reset passwords, send notifications, and keep customers engaged through newsletters or updates. Ensuring these emails actually reach the inbox (and not the spam folder) is known as email deliverability. In this guide, we’ll explain what email deliverability means, why your domain reputation is crucial, and outline best practices for both transactional emails (e.g. signup confirmations, receipts) and marketing emails (e.g. newsletters, promotions).

What is email deliverability?

Email deliverability refers to where your email ends up once it’s accepted by the recipient’s mail server – ideally, the main inbox rather than spam or other tabs. It’s distinct from basic email delivery, which only means the email was received by the server (even if it landed in spam or a promotions folder). In short, deliverability measures your ability to get emails into the inbox, not just into the system.

For SaaS businesses, deliverability is incredibly important. Poor deliverability directly impacts user onboarding, activation, retention, and conversion.

Deliverability is influenced by several factors:

Sender reputation (domain and IP)
Authentication (SPF, DKIM, DMARC)
Bounce and complaint rates
Message content and structure
Engagement metrics (opens, clicks, deletions, replies)

Domain reputation – Why it matters for email deliverability

One of the most important factors in deliverability is your sender reputation.

As detailed in Sidemail’s article on domain reputation, mailbox providers now evaluate sender identity primarily at the domain level. Domain reputation refers to how email providers like Gmail or Outlook view the sending domain (the part after the @ in your email).

In the early days of email, reputation was tied mostly to the server IP address, but modern spam filters have shifted focus to the sender’s domain as a more stable and long-term identifier. Unlike IPs (which can be changed or shared easily), a domain sticks with you – if your domain builds a bad reputation, switching IPs won’t fully escape that history. Conversely, a good domain reputation can carry over even if you change email providers or IPs.

Major mailbox providers have their own algorithms, but all look at similar domain reputation signals:

user spam complaint rates, spam trap hits, bounce rates (sending to invalid addresses),
sending consistency – avoiding sudden large spikes in volume,
user engagement with emails – opens, clicks vs. deletions,
authentication – a domain must be authenticated (via SPF/DKIM) before it can accrue a reputation.

Maintaining a strong domain reputation requires consistent, authenticated sending to opted-in recipients, monitoring of bounce and complaint rates, and avoiding blacklists.

Best practices to improve email deliverability

Improving and maintaining high email deliverability requires attention to both technical setup and sending behavior. The following best practices apply to both transactional emails (e.g. account confirmations, password resets, receipts) and marketing emails (newsletters, promotions) – with some special notes for each where relevant. By implementing these, tech teams can greatly increase the chances that their emails hit the inbox reliably.

1. Authenticate your emails (SPF, DKIM, DMARC)

Setting up email authentication is step one for deliverability. SPF and DKIM are DNS records that prove your server is allowed to send on behalf of your domain, and they attach a cryptographic signature to each message. ISPs check these; without them, your emails are far more likely to be flagged or rejected. Moreover, as noted above, inbox providers will only build a reputation profile for your domain if your emails are authenticated.

Implementing DMARC on top (with a policy to monitor or reject unauthorized mail) adds another layer of trust and helps prevent others from spoofing your domain.

In short, authentication establishes your identity and is foundational for good deliverability.

2. Use a reliable email sending infrastructure

The platform and IP address you send from can influence deliverability. If you’re using an Email Service Provider (ESP) or SMTP service, choose one with a strong track record for inbox placement. Providers that specialize in transactional email or have quality IP pools can give you a head start on reputation.

If you send large volumes of email, consider using a dedicated IP address that isn’t shared with other senders – this way, your reputation won’t be affected by other senders. Just remember that a new dedicated IP needs warming up.

3. Warm up new domains and IPs gradually

If you have a brand new sending domain or IP, don’t send a massive blast on day one. Inbox providers notice big, sudden volumes from new senders and may throttle or filter you.

Start by sending small amounts of email and slowly increase over days or weeks. This “warming up” period allows you to build a positive sending history. During warm-up, focus on sending to your most engaged and friendly recipients (e.g. recent sign-ups, customers likely to open), which maximizes positive engagement signals.

Over time, as you prove to mailbox providers that your domain sends wanted emails, you can scale to your full volume.

4. Segment transactional and marketing emails

It’s a best practice to separate your transactional traffic from marketing or bulk emails.

Why? Transactional emails (like sign-up confirmations and receipts) are usually highly important, expected by the user, and have near 100% valid recipients.

Marketing emails, on the other hand, go to broader audiences, may not be opened as frequently, and carry a higher risk of spam complaints or unsubscribes. Ideally, use a separate sending subdomain (or even a separate IP) for marketing campaigns so that your core product emails are isolated.

5. Keep your email list clean and opted-in

A healthy mailing list is essential for deliverability. Always use opt-in methods for sending marketing emails to ensure recipients actually want your emails – never buy lists or scrape emails, as those addresses will lead to high bounces and spam complaints.

Over time, regularly clean your list by removing or segmenting unengaged subscribers. If someone hasn’t opened or clicked your emails in many months, continuing to send to them only risks them hitting spam or dragging down your engagement rates. Also, promptly remove addresses that hard-bounce (invalid emails) or consistently soft-bounce.

By emailing only people who expect (and interact with) your messages, you send a strong signal to inbox providers that your emails are wanted.

6. Send relevant content and encourage engagement

Beyond the technical factors, the content you send and how users react to it plays a big role in deliverability. Make sure your email content is valuable and relevant to the recipient.

For marketing emails, personalize where possible, segment your audience so they receive content that matches their interests, and avoid gimmicky or spammy tactics. High-quality content leads to higher open rates and clicks, which in turn boosts your sender reputation.

Also, make emails readable on all devices and avoid elements that might trigger filters (very large images with little text, deceptive subject lines, etc.).

Another tip: avoid no-reply sender addresses – using a real reply-to address (or even inviting replies) can improve engagement and signals that you’re open to communication.

Critically, you should make it easy for users to unsubscribe or manage their email preferences. It might feel counterintuitive to voluntarily offer an easy opt-out, but it’s far better than the alternative: if a user wants off your list and can’t do so easily, they will likely report your email as spam. Those spam reports directly damage your deliverability. By having a visible unsubscribe link and honoring removals immediately, you keep your list full of people who genuinely want your emails. This also indirectly boosts your open and click rates (since uninterested people are gone), which improves reputation.

Remember, mailbox providers are watching how users interact – if they consistently ignore or delete your emails, or worse, flag them, that will hurt your deliverability. Engaged recipients (opening, clicking, replying) are the goal.

7. Monitor your sender reputation and performance

Treat deliverability as an ongoing effort, not a one-time setup. Continuously monitor key metrics: your inbox placement rate (what percent of emails go to inbox vs. spam), open rates, click rates, bounce rates, and complaint rates. If you use services like Google Postmaster Tools, watch your domain reputation trend and any spike in spam reports

Many ESPs provide dashboards with metrics; drops in delivery or engagement can signal an issue to investigate. By catching problems early, you can adjust before they seriously damage your domain’s standing. In short, monitor what you send. As the saying goes, “you can’t improve what you don’t measure.” Stay vigilant and treat your sender reputation as a valuable asset.

What is a “good” email deliverability rate?

Email deliverability isn’t a simple yes/no metric, so what counts as a “good” rate? It can vary by industry and the type of email, but generally, you want the vast majority of your emails reaching inboxes. In practice, many email marketers consider an inbox placement rate above ~90% to be very good, and anything around 95% or higher as excellent.

Transactional emails, which are often sent to verified addresses (e.g. users who just signed up or are expecting the email), should ideally hit even closer to 100% deliverability – these are critical messages, and with proper practices, nearly all should go through.

In summary, “good” deliverability means the vast bulk of your emails reliably reach the inbox. Aim for as close to 100% as you can, but if you’re hitting ninety-something percent consistently, you’re on the right track. Always be cautious if that number starts slipping down.

Tools and platforms to help with deliverability

Achieving great deliverability is a combination of good sending practices (as discussed above) and using the right tools. Many SaaS teams rely on dedicated email delivery services or platforms (ESP – Email Service Providers) to handle the heavy lifting of sending emails at scale. These platforms not only provide email APIs and SMTP servers, but often they manage underlying things like IP reputation, feedback loops, and compliance, which can significantly affect your deliverability. Here’s a brief overview of a few popular email delivery tools and how they stack up:

Sidemail.io: Tailored for startups and SaaS companies, Sidemail focuses on simplicity, deliverability, and ease of use. It specializes in transactional email – things like sign-up confirmations, password resets, and onboarding sequences – and helps ensure those critical messages are delivered fast and reliably. But also offers everything that startups need for sending marketing emails and setting up email automations. One standout advantage is that Sidemail handles infrastructure, IP reputation, and warm-up automatically, which is especially valuable for teams without dedicated email ops staff. It also provides great developer ergonomics with clean APIs and a streamlined UI. If you want a high-deliverability transactional email platform without deep configuration, Sidemail is an excellent choice.
Mailgun: Mailgun is a powerful, developer-centric email delivery service that combines robust API access with comprehensive tools for deliverability and analytics. It's designed for businesses that need granular control over email infrastructure, from SMTP to advanced routing and tracking. What makes Mailgun particularly valuable for SaaS is its real-time email validation, inbox placement testing, dedicated IP options, and predictive email analytics. Though it requires more technical overhead, Mailgun provides solid flexibility and insight.
SendGrid: One of the largest email infrastructure providers, now part of Twilio. SendGrid is a popular all-in-one platform that offers both transactional and marketing emails through a scalable cloud infrastructure. It provides a lot of advanced features and analytics. It’s also known for its free tier.
Amazon SES (Simple Email Service): Amazon SES is a powerful, low-cost email-sending platform from AWS, ideal for SaaS companies with technical teams that want full control over their email infrastructure. It supports both transactional and marketing emails at scale, offering high deliverability potential when properly configured. While it requires more technical effort than platforms like Sidemail, Mailgun or Sendgrid, SES offers unmatched flexibility and scalability for teams willing to handle its configuration overhead.

Regardless of which platform you choose, remember that the tool is just one part of the equation. A good ESP can give you a strong foundation, but your sending practices are still crucial. If you send spammy content or blast unengaged lists, even the best platform won’t save your emails from the spam folder. Conversely, with excellent practices, even a decent platform can yield great deliverability. Ideally, pick a platform that aligns with your needs and follow the best practices outlined earlier.

Closing thoughts

Email deliverability is part art, part science. For SaaS founders and tech professionals, it pays to understand the fundamentals: build your domain’s reputation through responsible sending, set up the proper technical authentication, and always keep the recipient’s experience in mind (sending relevant, wanted emails).

High deliverability means your users get the information they need – when they need it – fostering trust and engagement with your product.

In summary, email deliverability matters because your relationship with users depends on reliable communication. Treat your sending domain’s reputation as a valuable asset, stick to proven practices, and choose tools that support your goals. Do that, and you’ll greatly increase the odds that your next critical message lands right where it belongs – at the top of your user’s inbox, ready to be read.

Originally published at https://sidemail.io/articles/email-deliverability-best-practices/ on May 30, 2025.

DMARC Explained: From Basics to Technical Specs + Examples 💡

Kristyna Vrbova — Wed, 11 Jun 2025 12:46:00 +0000

Domain-based Message Authentication, Reporting and Conformance (DMARC) is an email security protocol that helps prevent unauthorized use of your email domain. In simple terms, DMARC is like a policy and reporting system that sits on top of existing email authentication methods (SPF and DKIM) to ensure that only legitimate emails get delivered while fraudulent messages (like spoofed phishing emails) are blocked or flagged.

This article will start with a beginner-friendly overview of DMARC and then progressively dive into more technical details, including how it works with SPF/DKIM and why it’s especially important for SaaS companies.

What is DMARC? Explained simply

DMARC (which stands for Domain-based Message Authentication, Reporting & Conformance) is essentially a system that tells email receivers how to verify the source of an email and what to do if an email isn’t verified.

In everyday terms, think of DMARC as the instructions a domain owner gives to the world’s email providers: “If an email claims to be from my domain but can’t prove it, don’t trust it.”

It’s an email authentication protocol designed to combat email fraud and phishing by using the mechanisms of SPF and DKIM underneath. By leveraging these existing technologies, DMARC adds an extra layer of protection that links emails to the domain in the “From” address (the sender you see) and can enforce actions on suspicious emails.

How DMARC works during email delivery

Related terms

To understand how DMARC works under the hood, we need to briefly recall what SPF and DKIM do:

SPF (Sender Policy Framework): SPF allows a domain owner to specify which mail servers or IP addresses are authorized to send emails on behalf of their domain. This is done via a DNS TXT record. You can read more in a separate article about SPF.
DKIM (DomainKeys Identified Mail) adds a digital signature to emails to prove they came from your domain and weren’t changed on the way. Your domain’s public key is published in DNS, and each email is signed with a private key. The receiving server uses the public key to check that the message is authentic and unaltered. It’s like a security stamp that confirms the email is legitimate. You can read more in a separate article about DKIM.

Email flow step-by-step

1. The sender composes and sends an email
- An email is sent from a domain – e.g., alice@company.com using an email service or server (like an app, SMTP server, or third-party provider).
2. The email travels to the recipient’s mail server
- The message is routed through the internet and received by the destination mail server (e.g., Gmail, Outlook, etc.).
3. The recipient’s server checks for a DMARC record
- The receiving server looks up the DNS records for the sender’s domain (company.com) and checks if a DMARC policy is published at _dmarc.company.com.
4. SPF check is performed
- The recipient’s server retrieves the SPF record from company.com.
- It checks if the sending server’s IP address is authorized to send emails for that domain.
- Result: Pass or Fail
5. DKIM check is performed
- The server looks for a DKIM signature in the email headers.
- It retrieves the public DKIM key from the sender’s DNS and uses it to verify that the message hasn’t been altered and was authorized.
- Result: Pass or Fail
6. DMARC alignment is evaluated
- The recipient checks whether the domain used in SPF and/or DKIM matches (aligns with) the domain in the visible “From” address.
- Alignment can be strict or relaxed, depending on the DMARC policy.
- If either SPF or DKIM passes and aligns with the From domain, the message passes DMARC.
- If neither passes and aligns, the message fails DMARC.
7. The recipient enforces the DMARC policy
- Based on the sender’s DMARC policy (p=none, p=quarantine, or p=reject), the receiving server takes action:
- None → Deliver the message normally (but log/report the failure).
- Quarantine → Mark the message as spam or suspicious.
- Reject → Block the message from being delivered.
- You can read more details about DMARC policies in section DMARC Policies (detailed).
8. The recipient sends a DMARC report (if requested)
- If the DMARC record includes a rua= tag, the recipient compiles an aggregate report of authentication results.
- This report is emailed (usually daily) to the address specified in the DMARC record.
- Optionally, if a ruf= tag is present, the server may send forensic/failure reports in real time.

Is DMARC necessary?

In short, DMARC isn’t legally mandatory in most cases, but in practice, it’s essential for email security, trust, and reliable delivery. DMARC is becoming increasingly important, especially for any organization that sends email using its own domain — like a SaaS company, brand, or business.

Why is DMARC important

Email remains a primary vector for cyberattacks, and businesses need to ensure their emails are both delivered to inboxes and protected from abuse. DMARC addresses both security and deliverability concerns. Here are some key benefits of implementing DMARC:

Prevents domain spoofing & phishing: DMARC helps stop scammers from using your domain to send fake emails. It helps to verify that incoming messages actually come from the domain they claim. Interesting fact: Deloitte reports that 91% of cybercrimes start with a spoofed or phishing email. So blocking them is a crucial defense.
Improves email deliverability: Using DMARC can increase the likelihood that your legitimate emails land in recipients’ inboxes rather than being flagged as spam. When email providers (like Gmail, Outlook, etc.) see that your domain has strict DMARC authentication in place, they trust your emails more.
Protects brand trust: DMARC helps block fake emails pretending to be from your domain. This protects your reputation and prevents customer confusion or lost trust. Showing you have DMARC in place can also signal to clients and partners that you take email security seriously.

By combining these benefits, DMARC not only secures your email channel against impersonation attacks, but also helps ensure your real emails get delivered and trusted. It’s an industry best practice today — as of 2024, over half of all domains’ email volume was protected by DMARC. Businesses that implement DMARC have seen dramatic reductions in phishing emails pretending to be them.

Sample DMARC DNS record (+ its components explained)

To use DMARC, you publish a special DNS TXT record on your domain (specifically, on the subdomain _dmarc.yourdomain.com). This DMARC record contains a list of tags and values that define your policy and preferences. Let’s look at an example DMARC record and break down each part of it:

_dmarc.example.com. TXT “v=DMARC1; p=reject; rua=mailto:dmarc-reports@example.com; ruf=mailto:dmarc-errors@example.com; adkim=s; aspf=s; pct=100; sp=reject”

In this example (for "example.com"), the DMARC record is expressing a policy to reject failing emails, send reports to specified addresses, and some additional settings. Here’s what each component means:

v=DMARC1 – This is the version tag and it’s required in every DMARC record. DMARC1 is currently the only valid version, so this tag is basically a fixed identifier that tells the email server “this is a DMARC record.” If the version tag is missing or incorrect, mail receivers will ignore the record.
p=reject – The policy for the domain. In our example, it’s set to reject, meaning any email that fails DMARC authentication should be rejected (blocked) by receivers. The policy is the core of DMARC’s enforcement power: p can also be set to none (no special action, just monitor) or quarantine (treat failing mail as suspicious, typically send to spam). You can read more details about DMARC policies in section DMARC Policies (detailed).
rua=mailto:dmarc-reports@example.com – The aggregate report address. This optional tag (rua) tells receivers where to send aggregate DMARC reports (RUA stands for “reporting URI for aggregate data”). In the record above, mailto:dmarc-reports@example.com is an email address that will receive XML summaries of DMARC results each day. You can list multiple addresses here, separated by commas, if you want reports sent to a team or a third-party analysis service.
ruf=mailto:dmarc-errors@example.com – The forensic report address for message-specific failure reports (RUF = “reporting URI for forensic data”). This tag is optional. If specified, some receivers will send you real-time copies or detailed reports of emails that failed DMARC. You can read more details in section DMARC Reporting.
adkim=s; aspf=s – These tags set the alignment mode for DKIM (adkim) and SPF (aspf). In the example both are s, which stands for “strict” alignment. That means the domain in the DKIM signature must exactly match the domain in the From address for DKIM to be considered aligned, and likewise the Return-Path (envelope) domain must exactly match for SPF alignment. The other possible value is r for “relaxed,” which is the default if these tags aren’t specified. “Relaxed” alignment means subdomains are allowed to count as a match (e.g., an email from notify.example.com could still align with example.com under relaxed mode). By setting strict alignment (s), example.com is choosing to be more restrictive — only emails from the exact domain qualify, not subdomains. Alignment settings are a way to fine-tune DMARC’s strictness.
pct=100 – This tag stands for percentage. It specifies what percentage of emails should be subjected to the DMARC policy. pct=100 means the policy applies to all emails from the domain (100%). If, for example, you set pct=20, then only 20% of failing emails would actually have the policy applied (the rest would be treated as if p=none). This is an optional tag and is often used during a gradual rollout — for instance, you might start with pct=20 to only quarantine 20% of failing messages while monitoring the effect, then later increase to 100%. In our example, it’s 100 because we want full enforcement.
sp=reject – The subdomain policy. This optional tag (sp) allows you to specify a different policy for your subdomains than the one you’ve set for the main domain. If sp is not set, subdomains typically inherit the top-level p policy by default. In the example, we’ve explicitly set sp=reject to apply a reject policy to all subdomains of example.com as well. This could be useful if, say, you wanted your primary domain at reject but were unsure about some subdomains (you could then set sp=quarantine or sp=none accordingly). In this case, since our main policy is reject, we’re just making it clear that subdomains should also reject failing email. (If your organization doesn’t send any email from subdomains, it’s common to set sp=reject to guard against abuse of any wildcard or unused subdomains.)

Together, these tags form a complete DMARC policy record. When published in DNS, it tells the world:

“This domain uses DMARC (v=DMARC1). Our policy is to reject unauthenticated emails (p=reject). Please send aggregate reports to dmarc-reports@example.com and forensic reports to dmarc-errors@example.com. We require strict alignment on DKIM/SPF (adkim=s; aspf=s). Apply this policy to 100% of messages, and use the same reject policy for any subdomains as well.”

Mail receivers like Gmail, Yahoo, Microsoft, etc. will reference this record when processing emails from example.com. They’ll enforce the specified policy and provide the requested reports. By analyzing the DMARC reports, the domain owner can verify that all legitimate email streams are passing authentication and see if any unauthorized sources are attempting to use the domain. Over time, this helps maintain a secure and reliable email ecosystem for the domain.

Note: In real-world scenarios, your DMARC record might be simpler or more complex depending on needs. At minimum, a DMARC record requires the v and p tags (and including a rua email is strongly recommended). Other tags like adkim, aspf, sp, pct, ruf, fo, etc., are optional and used for fine-tuning. Many organizations start with a basic DMARC record (e.g. v=DMARC1; p=none; rua=mailto:you@example.com;) and then evolve it. The example we provided above is a comprehensive one to illustrate various components.

DMARC Policies (detailed)

When a message fails the DMARC alignment test, DMARC allows the domain owner to specify what should happen next. This is defined in the DMARC policy published in DNS. There are three policy options a domain owner can choose:

p=none: No special action is taken on failing emails. In practice, “none” means monitor only — the email is treated as if DMARC wasn’t in place (it may still be delivered, filtered, or rejected based on the receiver’s own spam rules), but you will receive DMARC reports about these messages.
p=quarantine: Emails that fail DMARC should be accepted by the receiver but marked as suspicious — typically, they’ll be delivered to the spam/junk folder rather than the inbox. Quarantine is a step up from none: it tells receivers to flag or isolate failing messages (for example, Gmail might show a warning or send it to spam). This mitigates risk while still allowing the message to be seen by the user (just in case it was a legitimate email that failed due to a misconfiguration).
p=reject: Emails that fail DMARC should be outright rejected (not delivered at all) by the receiving server. This is the strictest policy — essentially dropping emails that don’t pass the DMARC checks. A reject policy provides the highest protection against spoofed emails; messages that fail authentication will be bounced or discarded, never reaching the user’s inbox.

DMARC Reporting (detailed)

As mentioned, DMARC’s “R” stands for Reporting. There are two types of reports DMARC can send to the domain owner:

Aggregate Reports (RUA): These are daily summary reports sent in XML format to the address specified in the rua tag of your DMARC record. Aggregate reports show high-level information about all the emails purporting to be from your domain: which IPs sent them, whether they passed SPF/DKIM, if they failed DMARC, etc. They do not include the actual email content, just statistics. For example, an aggregate report might say “100 emails received from IP X (claiming to be your domain), 90 passed, 10 failed SPF/DKIM and were quarantined.” These reports help you spot trends or unknown senders using your domain.
Forensic Reports (RUF): Also known as failure reports, these are more detailed notifications sent in real-time (or near real-time) when an email fails DMARC. A forensic report might contain portions of the original email (such as headers or samples) that failed authentication, to help you investigate the cause. The ruf tag in the DMARC record specifies where to send these. For example, if someone tries to spoof your domain, you could get a forensic report containing the offending message’s details. In practice, forensic reports are optional and less commonly used, as some mailbox providers don’t send them due to privacy concerns. But if enabled, they can be very useful for incident response, providing a copy of a failed email for analysis.

Wrapping up

By now, you should have a solid understanding of what DMARC is and how it works — from the basic idea of verifying emails and blocking fakes, to the technical details of DNS records and policy enforcement. Implementing DMARC in the context of your email infrastructure can significantly bolster your security and improve email deliverability. It aligns the interests of senders and receivers in keeping email channels trustworthy.

Originally published at https://sidemail.io/articles/what-is-dmarc/ on June 3, 2025.

Dunning Emails – Definition, Examples, Best Practices, and Automation Tools

Kristyna Vrbova — Fri, 02 May 2025 12:40:57 +0000

What are dunning emails? Definition

Dunning refers to the process of contacting customers to collect overdue payments. Historically, the term implied aggressive debt collection tactics (even dating back to sending 17th-century debt collectors). In modern usage, especially for subscription and SaaS businesses, dunning is a gentler, automated process of notifying customers about failed or overdue payments in an attempt to recover revenue and prevent churn. A dunning notice typically means a written communication informing a customer their account is past due.

Dunning emails in SaaS

For SaaS companies, dunning usually takes the form of a series of transactional email reminders when a recurring payment fails (due to an expired card, insufficient funds, etc.). Instead of threatening legal action, SaaS dunning emails focus on gently nudging the customer to update their payment information and avoid service interruption.

The goal is to address involuntary churn – when customers unintentionally churn because their payment couldn’t be processed.

In numbers:

Involuntary churn can account for 20–40% of total churn, making it a major source of lost subscriptions.
SaaS companies typically lose 1–5% of MRR each month due to failed payments.
With well-optimized recovery systems, up to 70–80% of failed payments can be recovered.

That’s why a solid dunning process is critical for SaaS revenue retention – it can make the difference between quietly bleeding revenue and keeping paying customers on board.

A dunning email is essentially a payment failure notice sent to the customer, often including details of the issue and instructions to resolve it. These emails typically contain account or invoice information, explain the problem (e.g. “your card was declined”), and prompt the user to take action (update their card, retry payment, etc.). Importantly, they are transactional emails, not marketing messages, so they don’t require unsubscribe links and are expected by the customer as part of the service process. You can read more in an article covering specifics of transactional vs marketing emails.

In summary, dunning emails in SaaS are friendly but urgent payment reminders triggered by failed charges. They inform the customer of the payment issue and its consequences, and guide them to fix it – all in a way that preserves the customer relationship and keeps them using the service.

The dunning email process in SaaS

When a recurring payment fails, SaaS businesses usually initiate a dunning process – a sequence of communications aiming to collect the payment. Unlike a single overdue notice, a dunning process involves multiple touchpoints over a period of days or weeks until the issue is resolved or the account is canceled. The process generally looks like this:

Trigger: A payment attempt is declined (common causes include expired credit card, insufficient funds, or bank processing error). This failure triggers the first dunning email.
Sequence of emails: Rather than relying on one email, companies typically send a dunning email sequence (usually 3–4 emails) at set intervals. Each email escalates urgency slightly. The first email goes out immediately when the payment fails, politely notifying the customer and requesting action within a certain timeframe. If the payment isn’t fixed, follow-up emails are sent after subsequent failed retry attempts.
Payment retries: In between emails, the billing system will often automatically retry the charge after a few days. For example, a business might retry the card 3 days after the first failure, and again 5 days later, etc. If a retry succeeds, the dunning sequence stops. If not, the next email in the sequence is sent.
Resolution or cancellation: The dunning process continues until the payment is recovered or a final attempt fails. If after the final reminder the customer hasn’t updated their info, the account may be suspended or canceled due to non-payment (ending the service).

Tips on dunning emails

Successful SaaS companies put a lot of thought into their dunning emails’ tone, content, and design. Here are some insights and examples from real brands:

Friendly, on-brand subject lines: The email subject is crucial for getting the customer’s attention. Companies tailor subject lines to match their brand voice while conveying urgency. For example:
- Oh no, your payment failed
- Action required – please update your payment details
- We couldn’t process your payment
- Your Product payment didn’t go through
Clear body message: The body of a dunning email usually:
- States what happened (e.g., “Your last payment for Product failed”).
- Explains why if known or lists common reasons (expired card, insufficient funds, etc.)
- Tells the customer what to do next (update their card on file, retry payment, or contact support).
- Mentions when the next charge attempt will happen or deadline to fix (e.g., “we’ll retry on Sept 5” or “please update within 3 days to avoid interruption”)
- Provides a direct link or button to update payment details (a clear Call-to-Action).
- Offers help via support channels for any questions or issues.
Tone and customer relationship: Successful dunning emails use empathy and helpful language, reinforcing that the business values the customer and just wants to ensure they can continue their service. For instance, rather than saying “you failed to pay,” they might say “we couldn’t process your payment” – focusing on the issue, not blame. This approach can even turn a potentially negative event into an opportunity to build trust by showing concern for the customer’s access to the product
Including consequences (gently): Dunning emails often remind customers what will happen if they don’t take action, but framed in a helpful way. By giving a clear deadline or consequence, it creates urgency, but it’s usually phrased as “we don’t want you to lose access, so please...” rather than a threat.
Support option: Some companies include additional contact options in their dunning emails to ensure customers feel supported, giving them the choice to either update their payment details on their own or reach out to support for help. For example: “Need assistance? Our team is here to help 24/7”.
Tone differences by brand: There is no one-size-fits-all template; companies adapt to their audience. The key is to remain polite and professional, even as reminders get more urgent. Early notices assume the failure is an oversight and maintain a “we’re in this together” feel. Later notices can be firmer but should still strike a tone of professionalism and care.
Clean visual design: Dunning emails can be plain text or designed HTML, but many SaaS brands use a simple template with branding. The design typically highlights the key message and CTA. For instance, an example from Sidemail.io’s template library shows a concise email with a clear headline and a bright action button:

To wrap up, effective dunning emails are concise, actionable, and customer-centric. They remind the customer of the issue, provide an easy path to resolution, and communicate the urgency without making the customer feel pressured.

Sample dunning email templates

Below are sample templates for a dunning email sequence. These can serve as a starting point and should be customized to fit your product’s tone and specifics.

The templates incorporate several best practices: clear subject lines, an explanation of the issue, a call-to-action button or link, a sense of urgency, and a helpful tone. In template #1, the tone is light and assumes the best (the issue can be fixed easily). By template #3, the tone is more serious and time-sensitive, clearly stating the consequence (suspension) while still offering help. You can adjust the timing and wording to match your business.

Template 1: Friendly First Reminder (Day 0)

Subject: “Uh-oh, we couldn’t process your payment”

Hello {name},

We attempted to process your recent payment for {product}, but unfortunately it didn’t go through. This might happen if a card expired or there were insufficient funds. No worries – we’ll try charging your card again in a few days.

In the meantime, please update your billing information at the link below to ensure your subscription remains active:

Update payment details [button]

And if you need any help, just reply to this email or contact our support team. We’re here to assist!

Thank you,

The {product} Team

Template 2: Second Attempt Reminder (Day 3)

Subject: “Important: Please update your payment details for {product}”

Hi {name},

We just tried to bill your {product} subscription again, but the payment still didn’t succeed. To avoid any interruption in your service, please take a moment to update your payment information.

Update payment details [button]

Need help? Feel free to reach out by replying to this email – our team is ready to help.

Thank you, The {product} Team

Template 3: Final Notice (Day 7 or Final Attempt)

Subject: “Final Notice: Your {product} subscription is at risk”

Hello {name},

This is a final reminder that we’ve been unable to process your payment for {product} despite multiple attempts.

Please update your billing information immediately to continue your subscription without interruption:

Update payment details [button]

If the payment issue isn’t resolved, your account will be automatically paused on {date}.

We sincerely value you as a customer and want to help you continue using {product}. If you have any questions or need assistance updating your info, please reply to this email or contact our support at {support-email}.

Thank you,

The {product} Team

Tools and software for automated dunning

Managing dunning manually can be tedious and prone to error, especially as you scale. Fortunately, there are many tools to help automate the dunning process. These range from full billing systems with built-in dunning workflows to specialized add-ons and email services. Automating dunning ensures timely, consistent follow-ups and frees your team from chasing payments one by one.

Billing platforms with dunning features

Many subscription billing or payment platforms include dunning management out-of-the-box. For example, Stripe (a popular payment processor) can be configured to send automatic payment failure emails and retry charges on a schedule. However, Stripe’s native dunning features are somewhat basic and not highly customizable.

Dedicated email platforms

Another effective approach is to use an email platform built specifically for SaaS communication. These tools make it easy to design and send dunning emails triggered by your app or billing system. Platforms like Sidemail let you create automated email sequences and trigger them via API or webhook when specific events occur – such as a failed payment.

Many of these platforms include pre-built templates and offer the flexibility to handle both transactional and marketing emails.

Below, we’ll take a closer look at Sidemail as a case study as it’s an example of a modern email platform well-suited for handling dunning emails in a SaaS context.

Sidemail.io combines a transactional email API, marketing and newsletter tools, and automation workflows into one streamlined service—making it especially well-suited for startups and SaaS applications. Key benefits of Sidemail for dunning emails:

Pre-built dunning email templates: Sidemail provides ready-made email templates, including templates out of the box. Templates are mobile-responsive, work in all email clients, supports dark mode, and are fully customizable – so you can match your brand and tone with ease.
No-code email editor: With Sidemail’s visual editor, you can modify email templates without needing to code HTML.
Fast and reliable email delivery: For dunning emails, deliverability is crucial (a dunning email that goes to spam won’t get your customer back!). Sidemail is reliable solution that ensures the highest delivery standards and fastest email delivery on the market.
Contact management and Stripe integration: Sidemail includes light CRM features like contact profiles, subscription forms, and importantly a Stripe integration. If you use Stripe for billing, Sidemail can “plug’n’play” with it.
Multiple email types in one platform: Sidemail isn’t just for dunning. You can also manage welcome emails, password resets, newsletters, product updates, and more – all from the same platform. This simplifies the tech stack and helps maintain a consistent brand voice and design across all touchpoints.

Other tools: Aside from Sidemail, there are alternatives depending on your needs:

If you already use a customer engagement platform like Intercom or Customer.io, you might integrate failed payment events there and use their messaging capabilities.
Also there are available dedicated churn-focused tooling like Paddle or Churn Buster, though some of these extend into broader spectrums.
Some companies even use generic automation tools: for example, sending a Slack notification to the sales/support team on final failure so they can personally reach out to save an account (not automated email, but a human touch in the loop).

Conclusion

Dunning emails might not be the most glamorous part of running a SaaS, but they are undeniably important. A well-executed dunning strategy means more recovered revenue, lower involuntary churn, and happier customers who don’t suddenly find their service cut off.

Key takeaways: always communicate clearly and promptly when a payment issue occurs, be persistent but polite in following up, and use the right tools to automate and optimize the process. Whether you leverage your billing platform’s built-in features or integrate a dedicated solution like Sidemail, make sure the process is efficient and aligned with your company’s tone and customer experience standards.

In practice, successful SaaS companies treat dunning emails as an extension of customer service. They use them not only to get paid, but to remind customers that the company cares about keeping them on board. With the examples, templates, and best practices outlined above, you should be well-equipped to manage your dunning process effectively – turning failed payments back into active subscriptions with minimal friction.

The Importance of Domain Reputation in Email Deliverability

Kristyna Vrbova — Thu, 10 Apr 2025 13:21:00 +0000

In the early days of email spam filtering, the sending server’s IP address was the primary identifier used to judge trustworthiness. Mailbox providers would maintain IP blacklists and reputation scores, heavily weighting the sender’s IP reputation in deliverability decisions. However, modern email filtering has evolved to focus more on domain reputation — the reputation of the sender’s domain name — as a more stable and reliable indicator of sender identity and behavior.

Several trends drove this shift. IP addresses can be easily changed or shared, which made sole reliance on IP reputation less effective. Spammers could hop to new IPs, and legitimate senders using cloud email services often share IPs. Domain names, on the other hand, are a consistent brand identifier — if a sender has a poor domain reputation, simply switching IPs won’t erase that history. This “stickiness” means domain reputation better reflects the sender’s long-term sending practices. As a result, mailbox providers treat the sender’s domain as the anchor of reputation. Domain reputation is more portable and long-lived — it follows you even if you change email services or IP addresses. By contrast, IP reputation is more transient and must be re-established whenever a new IP is used.

From IP Reputation to Domain Reputation: A Paradigm Shift

Today, email deliverability experts widely agree that sender reputation (especially domain-based) is the single most important factor determining whether an email lands in the inbox or the spam folder. Gmail’s own guidelines note that a sender’s domain reputation can heavily influence if their messages are accepted or filtered as spam. For example, Google categorizes domain reputations as High, Medium, Low, or Bad – if your domain falls to “Bad” reputation, Gmail states that your mail will “almost always be rejected or marked as spam”. Conversely, a high domain reputation means Gmail will rarely spam-filter your messages. This illustrates how domain reputation has become a decisive deliverability factor, even more so than IP reputation in many cases. (Notably, Google’s own Postmaster Tools emphasize domain reputation as the top metric to monitor)

It’s important to note that this doesn’t mean IP reputation is irrelevant — far from it. Modern spam filters use a blend of both domain and IP reputation signals. However, domain reputation has taken the lead for long-term sender assessment, while IP reputation is used for more short-term and initial heuristics. In fact, Microsoft confirms that new IPs with no history are treated cautiously at first, but if they belong to a sender with an established good domain reputation, they can ramp up sending much faster (according to Microsoft). This shows how a solid domain reputation can effectively “carry” a new IP with it. On the flip side, a poor domain reputation can drag down even a clean IP — as ActiveCampaign notes, having a “Green” (good) IP on Microsoft’s SNDS doesn’t guarantee inbox placement if your domain or content is problematic (some Green IPs’ emails still land in spam). In short, domain reputation now acts as the primary trust indicator, with IP reputation as a supporting signal.

How To Check Your Domain Reputation

To get a clear view of your domain’s reputation, the best place to check is Google’s Postmaster Tools. Google, being a top recipient inbox provider, offers insights into your domain’s reputation over time, graded as High, Medium, Low, or Bad. This tool provides valuable feedback on how your domain is perceived, which can help you make necessary adjustments to improve deliverability. Unfortunately, there are no other good checkers available, and most other providers require you to gauge reputation "by feel" based on your email performance and feedback.

How Major Inbox Providers Evaluate Domain Reputation

Each major inbox provider (Gmail, Outlook/Microsoft, Yahoo, and Apple iCloud) has its own algorithms for evaluating domain reputation, but there are common threads in what they look at. Key metrics that feed into domain reputation include user spam complaints, spam trap hits, bounce rates (invalid addresses), sending consistency, and user engagement with emails. Authentication also plays a pivotal role — mailbox providers only assign domain reputation to authenticated domains (verified via DKIM or SPF), since that’s how they know an email truly comes from your domain.

Let’s examine how each provider gauges domain reputation and what factors matter most:

1) Gmail (Google)

Gmail heavily prioritizes domain reputation in its filtering. Google’s spam filters consider domain reputation “the most heavily weighted metric” when deciding inbox vs. spam placement. Gmail tracks domain reputation through its Postmaster Tools, which categorize your sending domain’s reputation as High, Medium, Low, or Bad. This reputation is influenced mainly by user feedback signals – particularly the percentage of your emails that users mark as spam (the spam complaint rate). Gmail internally calculates a daily spam rate for your domain (only counting emails that were authenticated via DKIM). If too many users report your messages as spam (generally if >0.3% of recipients mark spam in a day), Gmail will downgrade your domain’s reputation and deliverability will plummet. For example, Google has announced that any bulk sender domain hitting a 0.3% spam complaint rate will see decreased deliverability.

Other factors Gmail evaluates include your domain’s sending history and volume patterns (suspicious spikes can hurt reputation), and engagement metrics. While Gmail doesn’t explicitly reveal all metrics, senders observe that if users consistently delete your emails without reading or if they move your emails out of spam, those behaviors can affect future placement. In essence, Gmail rewards domains that send wanted, safe mail: high domain reputation corresponds to very low spam-mark rates and compliance with best practices.

Gmail also requires proper authentication — starting in 2024, bulk senders must have DMARC in place on their domains, and Gmail will bounce or spam-folder unauthenticated messages from high-volume senders. All Gmail domains have to build up reputation gradually; a new domain with no history is treated cautiously. Gmail’s own guidance is to send first to your most engaged users to build reputation when warming up a domain. Notably, Gmail’s domain reputation is aggregated across all mail streams from that domain — if you send both marketing and transactional emails under the same domain, Gmail sees one combined reputation.

2) Outlook.com / Microsoft (Exchange Online)

Microsoft’s consumer mail (Outlook.com, Hotmail, Live) and Office 365 also incorporate domain reputation in filtering decisions. Microsoft uses the SmartScreen® filter and Exchange Online Protection, which evaluate both the sending IP and the sender’s domain (according to Microsoft ). Outlook’s own postmaster guidance states that their filters are influenced by “a number of factors related to the sending IP, domain, authentication, list accuracy, complaint rates, content and more”. A principal factor for Microsoft is the junk email complaint rate — if users often hit “Report Junk” on your emails, your reputation (IP and domain) suffers. Microsoft provides some tools like SNDS (Smart Network Data Services) which shows IP reputation (Green/Yellow/Red status for your IP), and the JMRP (Junk Mail Reporting Program) which forwards spam complaints back to senders. These help monitor reputation signals, though SNDS by itself doesn’t tell the whole story (a Green IP can still have delivery issues if the domain or content is suspect).

One notable aspect of Microsoft’s approach is how domain reputation can mitigate new IP issues. Microsoft says that when you send from new IP addresses, those IPs initially lack reputation and may face throttling, but if the domain is authenticated and has an existing good reputation, the new IP “inherits some of the domain’s sending reputation” and ramps up faster (according to Outlook.com). In practice, this means Outlook will trust your mail more if your sending domain is known and reputable, even if the IP is new. Like Gmail, Outlook expects proper SPF and DKIM authentication — they even state SPF helps verify the domain to prevent spoofing. Outlook’s spam filtering (including Office 365’s) also looks at content and user interactions. For example, if recipients consistently move your messages out of the junk folder, it can improve reputation over time. But the core factors remain: low complaint rates, proper list hygiene (few bounces, good address quality), and authenticated domain identity. Microsoft does not publicly offer a domain reputation dashboard like Google, but senders can assume their domain’s track record (across IPs) is being tracked internally. High domain reputation means fewer Outlook spam folder appearances, whereas a poor domain reputation can cause even mail from a decent IP to land in junk.

3) Yahoo Mail (Yahoo/ AOL)

Yahoo Mail (part of Yahoo Inc., which also handles AOL Mail filtering under Verizon Media) also evaluates sender reputation on multiple levels. Yahoo explicitly notes that “each IP and DKIM domain has a reputation, which can impact the delivery of your email.”. In other words, Yahoo tracks reputation for the sending IP and for the domain (particularly the domain used in DKIM signing and the From address). Yahoo’s spam filters consider many of the same signals as Gmail and Outlook: spam complaints, unknown user rates (sending to invalid addresses), and engagement. Yahoo offers a Feedback Loop (FBL) program for senders, where if a Yahoo user marks an email as spam, Yahoo will report that back (in aggregate) to the sender — this helps senders gauge their complaint rates. Keeping complaints low is crucial: like Gmail, Yahoo has indicated a spam complaint rate above about 0.3% will significantly hurt deliverability. In fact, both Google and Yahoo announced in 2024 that any domain with spam rates at or above 0.3% will experience delivery problems, reinforcing how important it is for senders to avoid spam complaints.

Yahoo also looks at domain authentication and alignment. Starting February 2024, Yahoo requires all bulk senders to have a valid DMARC record for their domain. This means Yahoo wants to verify that the domain in the From address is truly managed by the sender (via SPF/DKIM alignment). Domains that fail authentication may not build a positive reputation or could be outright rejected. Beyond complaints and authentication, Yahoo’s filters pay attention to things like sending consistency and content quality. They even evaluate URL reputation — if your emails link to a domain that is known for malware or spam, that can hurt your delivery. But for the sending domain itself, the golden rule is similar to others: send mail that people don’t flag as spam. A poor domain reputation at Yahoo will cause your emails to land in the spam folder, even for transactional notifications that users might be expecting. Many senders segment their mail by subdomains (for example, news.yourdomain.com for newsletters) because Yahoo’s systems will consider those separately to some extent, which can protect your main domain’s reputation. Overall, Yahoo combines IP and domain reputation: inbox placement tends to happen only if both are in good standing. If either the sending IP or the sending domain has a bad rep, Yahoo will likely divert the message to spam.

4) Apple iCloud Mail

Apple’s iCloud Mail (which covers @icloud.com, @me.com, and @mac.com addresses) is a bit less openly discussed, but Apple has published guidelines indicating that sender reputation (both IP and domain) is central to their filtering. Apple states, “We track a sender’s reputation using various mechanisms, such as IP and domain reputations, content checks, and user feedback. Then we make our filtering decisions.” (according to iCloud Mail). This confirms that iCloud Mail evaluates the domain reputation alongside IP reputation and user behavior. Like other providers, Apple wants to see that senders follow best practices: they require senders to only email opt-in subscribers and to include an easy unsubscribe link. If users receiving iCloud mail consistently mark a domain’s messages as junk, that domain’s reputation in Apple’s system will drop and more of its emails will be filtered out.

Apple does not offer a public postmaster tool or reputation dashboard for iCloud Mail, so senders have to infer their standing by monitoring open rates and any bounce notifications. However, Apple provides a postmaster support page with strict requirements: messages must be authenticated with SPF and DKIM, and Apple honors DMARC policies. This means if your domain has a DMARC policy and an iCloud Mail user gets an unauthenticated email claiming to be from your domain, Apple will likely reject or junk it per your policy. All of these authentication measures help Apple reliably attach reputation to your domain. In practice, senders have observed that iCloud is sensitive to sudden volume spikes and to list quality — if you send to a lot of invalid iCloud addresses that bounce, that can hurt your domain’s standing. Apple Mail also has no formal feedback loop, but presumably user actions (moving an email to Junk or out of Junk) feed into their algorithm. They emphasize list hygiene and engagement: Apple suggests senders should remove inactive subscribers and not send to people who never interact. If a domain consistently sends mail that iCloud users ignore or flag, that domain will struggle to reach the iCloud inbox over time. In summary, Apple’s filtering ethos is similar to Gmail’s — reward good sending behavior and authenticated identity, punish spammy behavior — even if details aren’t publicly quantified.

Domain Reputation vs. IP Reputation in Modern Spam Filtering

How do domain and IP reputation compare in today’s filtering systems? In essence, they are complementary, but domain reputation has become the more comprehensive indicator of sender trust. Domain reputation encapsulates your sending behavior across potentially multiple IP addresses and campaigns, giving a holistic view of your email practices (for example, how often users complain about your @yourdomain.com emails in general). IP reputation, on the other hand, is narrower — it reflects the sending history of a specific server’s IP. Modern spam filters use both: IP reputation is often a first line of defense (e.g. a known bad IP might get blocked outright before content is even evaluated), while domain reputation guides the overall inbox vs spam decision, especially once authentication passes.

One way to look at it: IP reputation is like the reputation of the mail truck delivering your message, and domain reputation is the reputation of the sender or brand on the letter. A clean, unlisted IP (truck) helps get your foot in the door, but it’s the domain (sender name) that the mailbox provider ultimately looks at to decide if the message should be trusted. In the past, many senders focused on IP reputation by using dedicated IPs or switching IPs if one got blocklisted. But today, switching to a new IP won’t escape a bad sending reputation. If your domain and content practices are poor, that baggage moves with you. As a Validity/Return Path expert vividly explained, trying to fix reputation by changing IP or domain is like a person donning a disguise after misbehaving — the mailbox providers still recognize the underlying sender. In their words, “changing to a new IP or domain is never the answer to solving an email reputation issue. Problematic behavior is still problematic on shiny new IPs/domains.”.

This isn’t to say IP reputation doesn’t matter — it does, especially in the short term. When you start sending from a new domain or IP, IP reputation and proper warm-up are critical so that providers don’t see a sudden flood of mail from an unknown source. A bad IP (one that previously sent spam) will hurt even a good domain’s mail until that IP reputation is repaired. However, as senders adhere to best practices over time, domain reputation becomes the persistent memory that ISPs reference. It acts as a stabilizing force. ISPs also use domain reputation to manage senders on shared IP pools: if you’re sending via an ESP’s shared IPs, your domain reputation is how Gmail or Yahoo discern your traffic from another sender on the same IP. For example, Google’s system can differentiate senders on a shared IP by looking at the DKIM domain — so each sender’s domain builds its own rep even if the IP reputation is shared or averaged. In Office 365, user-level allow/block settings and Microsoft’s tenant reputation features also revolve around sender domains, not just IPs.

In modern filters, a strong domain reputation is often a prerequisite for good deliverability, and IP reputation is an additional layer. Many filters will forgive a single bad IP (or route around it) if the domain’s reputation is otherwise excellent — for instance, Gmail might still deliver from a “Medium” IP if the domain is High reputation. Conversely, a “Bad” domain reputation will typically result in spam placement even if you use a fresh IP. Domain reputation is also more resilient: it accrues over months of sending and isn’t easily wiped out by one incident (unless that incident is severe), whereas IP reputation can swing more rapidly with recent sending behavior. Mailbox providers have increasingly realized that domain-based reputation is harder for spammers to evade, especially when combined with strict authentication (which ties the domain to the sender). It effectively forces bad actors to either rehabilitate their domain by sending good mail consistently (unlikely for spammers), or to keep buying new domains — which is costlier and slower than spinning up new IPs used to be.

To summarize, domain and IP reputation both matter, but in the 80/20 sense of impact: domain reputation carries the bulk of the weight for ongoing deliverability, while IP reputation must be managed carefully during onboarding/warm-up and kept in good standing as a supporting signal. Focusing on building a great domain reputation (through sending practices and subscriber engagement) will yield the most impactful deliverability improvements, whereas focusing only on IP reputation (like endlessly warming up new IPs without fixing underlying issues) is an increasingly ineffective strategy.

The Role of DKIM, SPF, and Alignment in Deliverability

Technical email authentication protocols — namely DKIM (DomainKeys Identified Mail) and SPF (Sender Policy Framework) — are foundational to establishing domain reputation. These protocols themselves don’t guarantee inbox placement, but they are required for your domain to earn a positive reputation. Here’s why: without DKIM or SPF, a mailbox provider can’t be sure an email actually came from your domain, so it cannot reliably attach the sending behavior (good or bad) to your domain. Implementing DKIM and SPF (and ideally DMARC) is what “tags” your domain on every email, allowing all that reputation data to accrue to the domain’s record at mailbox providers.

SPF is essentially a DNS record that lists which IP addresses or servers are allowed to send on behalf of your domain. It helps prevent spammers from spoofing your domain. On the receiving side, when an email comes in claiming to be from @yourdomain.com, the receiving server checks SPF to see if the sending IP is authorized. If it isn’t, the message fails SPF. Failing SPF can lead to outright rejection or at least a big hit to credibility, since it suggests potential forgery. However, even passing SPF is not enough on its own – a spammer could use their own domain with a correct SPF. That’s why domain reputation still depends on your sending behavior, not merely having an SPF record. But having SPF properly set up is a baseline requirement; Microsoft, Google, Yahoo, and Apple all expect it. In fact, Microsoft notes SPF helps them verify the domain is authorized, feeding into SmartScreen’s assessment.
DKIM is a cryptographic signature added to your email headers that vouches for the email’s content and headers on behalf of your domain. The DKIM signature (which includes your domain name) proves the message hasn’t been tampered with and that the domain owner (you) takes responsibility for the email. DKIM is crucial for domain reputation because it securely ties the message to your domain’s identity. Gmail’s spam rate metric, for example, only counts user spam reports for emails that were DKIM-signed by your domain — this implies Google only builds domain reputation when DKIM is in place (or SPF passes with alignment). If you don’t sign with DKIM, you may be missing out on building domain reputation, and your emails might instead be evaluated on shared IP reputation or other factors. All major providers verify DKIM signatures, and a valid signature can positively influence filtering (it’s much harder for someone else to spoof a DKIM-signed domain).
Domain Alignment (DMARC): Having SPF and DKIM is great, but there’s another piece: ensuring the domains used by SPF and DKIM align with your visible “From” domain. This is where DMARC (Domain-based Message Authentication, Reporting, and Conformance) comes in. DMARC is a policy layer that tells receivers to look for alignment — meaning, was the email authenticated and do the domains match? For example, if you send an email from “sales@yourdomain.com”, DKIM might sign it with d=yourdomain.com, and SPF might pass for bounce domain yourdomain.com. If those domains align with the From domain, then DMARC passes, proving that yourdomain.com is the authenticated sender. This alignment is important because it ensures that any “credit” for good sending behavior goes to the right domain (yours!). If you use an ESP that defaults to a generic bounce domain (like esp.com) and you don’t align it, your domain might not get the reputation benefit. In short, only aligned authenticated domains build a strong reputation. If your email is authenticated under some other domain (or not at all), you’re not building your own domain’s rep – and worse, mailbox providers might treat the misalignment as a red flag (since most legitimate senders now align their mail).

The impact of proper authentication on deliverability is significant. By implementing SPF, DKIM, and DMARC (with alignment), you:

Prevent spoofing of your domain, which means others can’t damage your domain reputation by sending fake emails. This protects your brand and keeps mailbox providers confident that emails from your domain are truly from you.
Enable providers to build a reputation profile for your domain. For example, once you have DKIM in place, Google will start showing your domain reputation in Postmaster Tools and will use it as a major factor. Without DKIM, you simply won’t have a domain reputation score in Gmail’s system.
Potentially get slightly better filtering results. Some providers give a small positive weighting to authenticated mail. For instance, an email that passes SPF/DKIM is less likely to be considered outright fraud or phishing. While authentication alone doesn’t guarantee inboxing, it does clear a necessary hurdle. Think of it as having a valid ID — it won’t get you special treatment by itself, but without it you’re likely to be turned away at the door.

Moreover, DMARC compliance is increasingly becoming a mandatory requirement for bulk senders. Google and Yahoo’s recent policy changes explicitly require senders to have DMARC in 2024. This means if you don’t have a DMARC record (with SPF/DKIM alignment), your emails might be subject to stricter filtering or even rejection by those providers. It’s a strong signal that mailbox providers see aligned authentication as foundational to trust.

In summary, DKIM, SPF, and Mail-From/From alignment (via DMARC) are the technical underpinnings that allow your domain reputation to thrive. Ensuring these are set up correctly (and monitored) will not by themselves make your emails land in inboxes — but without them, good deliverability is nearly impossible. You’d be flying blind without a reputation identity. Thus, one of the first steps to improve deliverability is always: set up SPF and DKIM for your domain, and publish a DMARC record. This gives you the “authentication halo” under which you can then cultivate a positive domain reputation through good sending practices.

How Domain Reputation Affects Inbox Placement and Engagement (Data Insights)

We’ve discussed the theory of domain reputation, but what about real-world impact? The data and case studies show a clear link between strong domain reputation and better email performance metrics (inbox placement rates, open rates, etc.). Here are a few insights and examples:

High domain reputation = Inbox delivery, Low domain reputation = Spam folder. This might sound obvious, but providers explicitly confirm it. As noted earlier, Gmail will rarely spam-filter mail from a domain with a “High” reputation, meaning most of those emails go straight to the inbox. On the other hand, a “Bad” domain reputation at Gmail results in nearly all those emails being blocked or sent to spam. The difference in inbox placement between a High-rep domain and a Low-rep domain can be dramatic — often the difference between, say, 98% inbox rate vs. 50% or less. Yahoo similarly indicates that poor domain reputation leads to even important emails (like password resets or order confirmations) ending up in spam. This gulf means that maintaining a good domain rep is critical for your messages to even reach the audience.
Open rates and click rates climb with better reputation. When your emails avoid the spam folder and land in the inbox, naturally more people will see and open them. But there’s a reinforcing cycle: a better reputation not only gets you to the inbox, it also might put your emails in the primary inbox tab or higher in the inbox list (especially with Gmail’s algorithmic sorting), making engagement more likely. A case study by Inboxroad, for example, showed that after a sender properly warmed up and improved their sender reputation, their inbox placement skyrocketed and open rates spiked accordingly. Before, they had low deliverability and thus low opens; after boosting reputation, they achieved a 98.8% delivery rate and saw a significant jump in open and click-through rates. This underscores that improving domain reputation isn’t just an IT exercise — it directly translates to better campaign performance (more eyes on your emails, more interactions, and ultimately more conversions).
Complaint rate thresholds are make-or-break. Providers like Gmail and Yahoo publicly cite the ~0.1%–0.3% spam complaint rate thresholds. These numbers might seem small, but they are pivotal. If your domain consistently stays below 0.1% complaint rate, you’re likely to maintain a good reputation (and thus high inbox placement). But if you creep up toward 0.3% or beyond, you will almost certainly experience a reputation decline and spam filtering. Data from large senders shows a stark difference in outcomes once complaint rates cross that line. It’s essentially a tipping point: below it, your domain can sustain inbox delivery, but above it, you trigger alarms. Therefore, watching that metric (and reducing it by pruning unengaged users or improving content) has a huge impact. Some organizations have internal data showing that for every incremental 0.1% increase in complaint rate, their inbox placement at Gmail or Yahoo dropped X%. Keeping it low keeps the welcome mat out at the ISPs.
User engagement metrics reinforce reputation. Gmail and others don’t just look at negatives (like spam complaints); they also look at positives or lack thereof. If recipients often delete your emails without reading or never open them, over time Gmail may “learn” that your domain’s mail is not wanted, and that can hurt inboxing (or cause your mail to go to Gmail’s Promotions or spam). Conversely, if people reply to your emails, forward them, or consistently move them from spam to inbox, those actions can boost your reputation. While these metrics are harder to quantify publicly, email marketers have observed higher Gmail inbox placement when they focus on engagement (e.g., sending only to recent engagers). One could look at it this way: a strong domain reputation is usually built on a base of high engagement (opens, clicks) and low complaints. Thus, the ultimate effect of good domain rep is seen in your engagement metrics: you should enjoy higher open rates, whereas a poor rep domain might see dismal opens even if you send the same content, simply because the emails aren’t getting to the inbox or are being de-prioritized by the mail client.

To illustrate, consider two domains sending the same offer email to 100,000 Gmail users. Domain A has a stellar reputation; Domain B has a so-so reputation. Domain A might get 95,000 emails delivered to inbox, 5,000 to spam — yielding perhaps 20,000 opens (20% open rate). Domain B might get only 50,000 to the inbox and 50,000 to spam, yielding 8,000 opens (16% opened of delivered, but effectively 8% of total sent). Same content, vastly different result, purely due to reputation. Over time, Domain B’s poorer engagement could further drag its reputation down. This shows how domain reputation and engagement can create a virtuous cycle or a vicious cycle.

In summary, data and case studies confirm that domain reputation directly affects your bottom-line email metrics. High domain reputation correlates with high inbox placement rates, which drive higher opens and clicks. Businesses that invest in building and maintaining domain rep see tangible improvements — more of their emails reach customers and get read. Those that neglect it find themselves fighting uphill, with messages stuck in spam and campaigns underperforming. The evidence is clear: domain reputation isn’t an abstract technical score — it’s a key performance indicator for your email program.

Best Practices to Improve and Maintain a Strong Domain Reputation

Achieving a high domain reputation (and by extension, high deliverability) requires consistent adherence to email best practices. Here we distill the most impactful steps you can take — the “80/20” of improving domain reputation:

Authenticate Your Domain (SPF, DKIM, DMARC): Ensure you have SPF and DKIM records set up for your sending domain, and that they are correctly configured. This is step zero for building domain trust. Also publish a DMARC record and ideally set it to enforce (p=quarantine or p=reject) once you’re confident your mail streams are authenticated. Mailbox providers give more credence to authenticated domains, and some (like Gmail/Yahoo) now mandate DMARC for large senders. Proper authentication also prevents others from spoofing your domain, safeguarding your reputation.
Warm Up New Domains (and IPs) Gradually: When using a new domain for emailing, start with low volumes to your most engaged recipients, then ramp up over time. ISPs are wary of domains that go from 0 to 100k emails overnight. Gradual warm-up lets you demonstrate good sending behavior in stages, building a positive reputation. The same goes for new IP addresses — although as noted, a good domain rep can ease IP warm-up, you should still send gradually. During warm-up, monitor metrics closely (if you see spam complaints or bounce issues early, pause and fix them before scaling). Patience in the beginning pays off with inbox placement later.
Use Subdomains to Isolate Streams: Consider using separate (sub)domains for different types of email (e.g. news.yourdomain.com for newsletters, notify.yourdomain.com for transactional alerts). This way, each subdomain builds its own reputation, and problems in one won’t directly poison the others. For example, many companies keep transactional email on a different subdomain from marketing email. If a marketing campaign generates spam complaints and hurts the newsletter subdomain a bit, your login OTP emails from the notify subdomain can still sail through to inbox. Subdomains reputations do influence the root domain somewhat, but not as acutely – they provide a buffer. Just be sure to authenticate each subdomain with SPF/DKIM and include them in your DMARC policy (or use a wildcard DMARC for the whole domain). Using subdomains is not mandatory, but it’s a safety best-practice especially for high-volume senders with varied email types.
Practice Good List Hygiene: A healthy sending list is critical for reputation. This means: never purchase email lists (many addresses will be invalid or spam traps). Use double opt-in wherever feasible to ensure recipients really want your emails — confirmed opt-in greatly reduces the chance of complaints. Regularly clean your mailing list by removing or suppressing inactive subscribers and invalid addresses. High bounce rates (sending to a lot of non-existent users) can signal poor list quality, which hurts your credibility. Hitting a spam trap (an address used to catch spammers) is especially damaging to domain rep. By keeping your list updated — removing folks who haven’t engaged in say 6–12 months — you not only lower the risk of spam complaints and traps, but you also improve your engagement rates (which indirectly boosts reputation). Many ESPs offer automated bounce handling and list cleaning tools; use them liberally. The goal is to only send to people who want your emails. As a metric, strive for bounce rates under 1% and unsubscribe/spam complaint rates well under 0.1% of your list.
Monitor and Minimize Spam Complaints: Be proactive in preventing complaints. Prominently include an easy one-click unsubscribe link in every email (and honor removals immediately) — this gives unhappy recipients a way out other than marking spam. Segment your audience so you send relevant content (more on that next) and at an appropriate frequency; over-mailing can lead to frustration. If you do have access to feedback loop data (for Yahoo, Microsoft, etc.), monitor it closely. Even without FBL, you can infer complaint rates by looking at open rates vs. click rates vs. unsubscribe rates. If complaints spike, halt and diagnose: Did you send to a stale segment? Was there something misleading in your email? Solicit feedback from subscribers occasionally to ensure you’re meeting their expectations. Remember, a spam complaint is essentially a “strike” against your domain — too many and you’re out. Keeping complaint rates low is the single most important thing for reputation, so design your program around user respect and permission.
Send Relevant, Expected Content: This is more on the soft side, but extremely important. Emails should match what recipients signed up for. If people get content that surprises or annoys them, they will unsubscribe or complain. For example, if someone signed up for tech news and you suddenly start sending marketing promos for unrelated products, expect trouble. Stick to your promised content and send cadence. Also, avoid the classic spam flags: deceptive subject lines, all-caps shouting, excessive punctuation, and obviously spammy phrases. While modern filters are more about behavior than keywords, bad content can still trip filters or turn off users. On the flip side, encourage engagement: some brands explicitly ask users to mark them as “not spam” or to drag their emails to the primary inbox in Gmail — these actions train the filters that your domain is wanted. While you can’t rely on users doing that en masse, it demonstrates that focusing on relevancy and quality content pays off with engagement, and engagement feeds back into reputation. As a rule: send the right content, to the right people, at the right time. That builds trust in your domain over the long run.
Maintain Sending Consistency: Consistent sending volume and frequency help establish a stable reputation. ISPs get wary if they see a domain go dormant and then blast out a huge campaign, or if a normally low-volume sender suddenly spikes. Try to avoid extreme peaks and if you have a big send (like a yearly announcement to all customers), see if you can stagger it in batches. Warming up ahead of seasonal peaks is a strategy many senders use (e.g. ramp volume in the weeks before Black Friday). Consistency also applies to your “From” addresses — use a consistent domain identity; don’t constantly change your From name or email domain. Branding your emails with a consistent domain and sender name helps receivers recognize you and builds a positive sending history linked to that identity.
Monitor Reputation and Delivery Data: You can’t improve what you don’t measure. Utilize tools to check on your domain reputation: Google Postmaster Tools (for Gmail) is a must — it will show your domain’s reputation grade and spam rate. Microsoft’s SNDS for IPs, and any available ISP feedback. Also watch your email analytics: if you see a sudden drop in open rates across multiple ISPs, that’s a warning sign your domain might have been junked. Services like GlockApps or Validity’s Everest can run seed tests to see if your emails land in inbox or spam across providers (just remember, as ActiveCampaign notes, seeds are imperfect because they don’t engage like real users, but they can still catch major issues). Many ESPs also provide deliverability alerts. The key is to catch problems early — if you see your Gmail domain reputation drop from High to Low in Postmaster, take corrective action immediately (pause sends to figure out why, and slowly rebuild with only engaged recipients). Domain reputation can take weeks or months to repair, so avoiding a deep drop in the first place is best.
Use a Reputable ESP or Infrastructure: Your email service provider can influence your deliverability. Good ESPs enforce best practices and provide tools to help your reputation (like automatic suppression of bounces, feedback loop integration, and validated authentication). They may also have “managed” shared IP pools that are kept clean. If you’re a smaller sender, being on a high-quality shared IP with other well-behaved senders plus your own good domain reputation can work well. If you’re larger, a dedicated IP (or set of IPs) gives you more control — just remember that with great power comes great responsibility (you can’t blame anyone else for poor sending on a dedicated IP!). Some ESPs also provide pre-warmed dedicated IPs. In any case, partner with an ESP or use infrastructure that supports the technical needs: easy DKIM setup, DMARC reporting, analytics, etc. For instance, ESPs like Sidemail.io provide a strong starting point by pre-configuring SPF/DKIM for your sending domain and using clean, warmed-up IP addresses, so you don’t have to worry about the initial technical hurdles. This means right out of the gate your emails are authenticated correctly and coming from a reputable range, giving your domain a solid foundation on which to build its reputation. (In other words, choose an email sending platform that takes deliverability seriously — it can save you a lot of headaches.)

By following these best practices consistently, you’ll cultivate an email sending program that ISPs recognize as legitimate and user-friendly. Over time, you’ll see that reflected in a strong domain reputation: one that ensures your emails reach the inbox, your subscribers stay engaged, and your email marketing achieves the highest ROI. Maintaining domain reputation is an ongoing effort — much like maintaining personal credit score — but with these guidelines, you can largely stay in the “good” or “excellent” sender range and enjoy excellent deliverability.

Conclusion

The shift from IP-based to domain-based reputation in email deliverability marks a new era where the sender’s identity and behavior matter more than the sending server. Focusing on domain reputation forces senders to adopt a long-term, customer-centric view — there’s no single shortcut to “beat” the spam filters; instead, success comes from consistently sending wanted email, authenticating your domain, and learning from feedback. The major inbox providers have made it clear that your domain’s sending reputation is your calling card: take care of it, and your emails will be welcomed; neglect it, and even the best-designed campaigns may never be seen. The good news is that by applying the 80/20 of best practices — authentication, permission-based lists, relevant content, and vigilant monitoring — any sender can improve their domain’s standing and achieve high deliverability. In this landscape, tools and partners can help (for example, having an ESP that handles the technical heavy lifting like DKIM/SPF correctly, as sidemail.io does, can give you a head start), but ultimately it’s the sender’s commitment to quality that builds a sterling domain reputation.

Email deliverability might seem technical, but at its heart it boils down to trust. Domain reputation is simply how much the internet trusts your domain as a sender of email. By earning that trust, you ensure your messages land where they should — in your customers’ inboxes — and you lay the groundwork for successful, sustainable email communication.

What is a transactional email? Everything you need to know

Kristyna Vrbova — Thu, 03 Apr 2025 15:05:00 +0000

Transactional emails play a crucial role in digital platforms, from SaaS applications to e-commerce stores. They’re triggered by specific user actions and deliver timely, relevant information that keeps users informed and engaged — such as account updates, password resets, or purchase confirmations.

In this article, we’ll explain what is a transactional email, characteristics and definition of transactional emails, why they’re essential, and more.

What is a transactional email — Definition

Transactional emails are emails sent automatically in direct response to specific user actions within an application, service, or website. Examples include single sign-on confirmations, password reset instructions, welcome emails, order confirmations, and receipts.

Unlike marketing emails, transactional emails have high open rates because they deliver information the user expects or needs. They are vital for enhancing user experience, building trust, and driving retention across SaaS, e-commerce, and other digital platforms.

Example of a transactional email (source: Sidemail.io)

What is considered a transactional email — Characteristics

Transactional emails have unique qualities that set them apart from other types of emails. They are typically triggered in real time, carry vital information, and prioritize delivering that information swiftly and reliably. Here are the key characteristics of transactional emails:

Triggered by user actions — These emails are automatically sent when a user performs a specific action within your application, service, or website, such as signing up or resetting a password.
Personalized email content — Transactional emails typically include user-specific information, links, or data. They serve as direct one-on-one communication, providing details that are unique to each recipient.
Priority on high deliverability and speed — Because transactional emails are integral to the critical architecture of an application, service, or website and often convey urgent or time-sensitive information, a reliable transactional email provider that ensures swift delivery (within milliseconds) is crucial.
High engagement and open rates — Transactional emails generally have higher engagement and open rates than marketing emails. On average, transactional emails tend to have an open rate between 40% and 60% due to their nature of being triggered by user actions and containing important information that the recipient is expecting or needs to access.
Not promotional — Unlike marketing emails, transactional email focuses on essential functional communication rather than promotional content.
Focus on content — A transactional email is usually kept simple and straightforward, emphasizing clear text and readability over elaborate visuals or design elements.

You can learn more about the difference between transactional vs marketing email in a separate article.

Examples of transactional emails

Transactional emails come in many forms, each serving a specific purpose. Here are the most common categories of transactional emails, along with examples of when and how they’re used:

Account-related transactional emails

Welcome email — sent after a user signs up.
Account activation — confirms a user’s email address.
Password reset — lets users reset their password.
Two-factor verification — sends a one-time code for extra login security.
Account update notifications — alerts users to changes in their profile (e.g., email or password updates).

Password reset email (source: Sidemail — transactional email templates)

Purchase or subscription transactional emails

Order confirmation — confirms a successful purchase.
Invoice or receipt email — summarizes a transaction.
Subscription confirmation — sent when someone subscribes to a service.
Subscription renewal — reminds users of upcoming or completed renewals.
Subscription cancellation — confirms a canceled subscription and explains next steps.

Invoice email (source: Sidemail — transactional email templates)

Usage transactional emails

Trial expiration reminders — let users know when a free trial is about to end.
Payment failure alerts — inform users of a failed transaction.
Product activity notifications — notify users about new messages, mentions, or status changes.

Trial expired email (source: Sidemail — transactional email templates)

Security and compliance transactional emails

Login alerts — warn users about logins from new devices or locations.
Privacy policy or terms updates — sent for legal compliance.

Login alert email (source: Sidemail — transactional email templates)

If you need quick and polished templates for these transactional emails, explore pre-made email templates here.

What is transactional email used for?

Transactional emails deliver automated, essential, and user-specific messages triggered by an action or event. They serve a wide range of purposes across applications, websites, and services.

For example, when a user signs up for an account, they receive a welcome email or an email verification request. If they forget their password, a password reset email helps them restore access. In e-commerce, order confirmations and shipping updates keep customers informed about their purchases. For added security, two-factor authentication (2FA) emails send one-time codes that help protect user accounts. Additionally, subscription-based services use payment renewal emails to notify users about upcoming charges or failed transactions, and so on.

Why are transactional emails important?

Transactional emails are crucial for delivering timely, relevant, and essential information to users. They provide immediate feedback on actions like account sign-ups, purchases, and password resets, ensuring a smooth user experience. These emails keep users informed about their accounts, subscriptions, and important updates.

They also play a major role in security and trust. Features like two-factor authentication (2FA), login alerts, and account change notifications help protect user accounts and build confidence in your service.

Without transactional emails, users might struggle to access their accounts, miss important updates, or experience security risks, making them an essential part of any digital platform.

Does a transactional email need an unsubscribe link?

No, transactional emails do not require an unsubscribe link because they are not promotional and are sent in response to a user’s action. These emails contain essential information like account updates, password resets, order confirmations, or security alerts, which users generally need to receive.

Need to help with transactional emails?

Do you need help with your transactional emails? We specialize in email delivery and love working with clients directly. Whether you need help understanding transactional emails, managing and delivering emails for your service, integrating emails into your application, or anything else related to emails, we’ve got you covered. Feel free to reach out to me directly at kristyna@sidemail.io or check Sidemail — all-in-one email service for delivering not only transactional emails.

Top Brevo (formerly Sendinblue) Alternatives in 2025

Kristyna Vrbova — Mon, 31 Mar 2025 12:35:58 +0000

Looking for a better alternative to Brevo (formerly Sendinblue)? Whether you’re managing transactional emails, marketing automations, or just seeking more reliable support, there are several competitive solutions on the market in 2025.

We’ve compiled a curated comparison between Brevo and other providers above, highlighting what sets them apart so you can pick the service that suits your needs best.

First, let’s tackle the obvious question… Yes, Sidemail is an alternative and competitor to Brevo. Yes, we wrote down this comparison of email providers. From talking to people like you who migrated from various email providers, we know well about the struggles. At the end of the day, we also were at the point where you are now. We had a SaaS company and needed to deliver its emails. No service was good enough. Sidemail was built to change that. Now, we’re helping online businesses all around the world to make the whole email game easier.

Brevo (Sendinblue) alternatives comparison

Below is a quick side‑by‑side overview of major Brevo alternatives — ideal for growing SaaS businesses and anyone looking for improved deliverability, powerful automations, and top‑notch support.

Features & Specs:

Brevo (Sendinblue) alternatives — key features comparison

About Brevo (formerly Sendinblue)

Brevo, formerly known as Sendinblue, is a popular email marketing and transactional email platform. It’s especially favored by small and medium‑sized businesses seeking a user‑friendly solution for sending bulk marketing campaigns, automated workflows, and transactional messages. Their free plan has historically been a strong selling point, featuring up to 300 emails per day at no cost.

👍 Brevo (Sendinblue) Pros

Generous free plan. Up to 300 emails per day at no cost is one of the Brevo’s most liked selling point.
Robust marketing automation. Many customers appreciate Brevo’s advanced automation features.
Multi‑channel marketing. Beyond email, Brevo offers built‑in SMS campaigns, live chat, and lightweight CRM capabilities.
Responsive email templates
Drag‑and‑drop email editor

👎 Brevo (Sendinblue) Cons

Intermittent deliverability issues. Some customers report their emails hitting spam more than expected or experiencing occasional dips in deliverability performance.
Slow and inconsistent support. While high business and enterprise plans generally have better access, users on lower‑tier plans sometimes mention slow or inconsistent support responses.
Sluggish UI. Some customers complain about the platform being slow to load or occasionally buggy.
Learning curve for new users. While user‑friendly at first glance, Brevo UI can still be confusing when setting it up for the first time.
Only 1 team member. For more, you have to pay $12/member/month, and the maximum is 10 members.
Complicated pricing

💰 Brevo (Sendinblue) Pricing

Brevo has tiered monthly plan-based pricing, starting with a free plan (300 emails/day) and moving into paid tiers based on email volume and contacts.

The Business plan begins at around $18/month for 5,000 emails/month and up to 500 contacts. Costs can also vary based on additional features, team members, etc.

1. Sidemail

Sidemail is the simplest yet complete Brevo (Sendinblue) alternative. Designed mainly for SaaS companies, Sidemail combines transactional and marketing email functionality into one seamless platform. With its easy-to-use interface, transparent billing, and focus on reliability, Sidemail offers a straightforward solution for businesses seeking efficiency.

Founded in 2018 and based in the EU, Sidemail emphasizes excellent customer support and developer-friendly approach. It’s an ideal choice for those who want a fast and effective alternative to Brevo without unnecessary complexity.

👍 Sidemail Pros

5-star rated support
Fast and reliable email delivery
Specialization in SaaS email delivery
Quick integration, simple instructions, intuitive UI. The whole process takes about 30 minutes.
All-in-one email platform. All Sidemail plans include everything you need for delivering transactional and marketing emails, sending product updates, setting up email automation, collecting your subscribers’ information, and managing your contacts.
Specialization in SaaS email delivery
Simple pricing
Personal care and pro-customer approach. Sidemail is an independent company with a strong background and a flexible team, which enables us to adapt quickly to new trends and offer a truly individual approach.

👎 Sidemail Cons

Not offering a free plan. To maintain the fastest email delivery and the highest service standards, we decided to pass the free plan and instead offer 7 days as a free trial for testing.
“Different” approach. Sidemail’s main focus is to bring the best email delivery service for SaaS companies and online businesses. It simplifies the whole email game for them so they can focus on their business and not invest tons of resources in emails. However, this approach might not be suitable for others. If you are an offline business or need advanced functionality just for email marketing, other Brevo alternatives might be a better solution for your case.

💌 But! If you’re missing a feature that you think others could also benefit from, let us know at support@sidemail.io. We are happy to discuss your ideas.

💰 Sidemail Pricing

Sidemail has monthly plans-based pricing with a free trial. Compared to other Brevo alternatives on this list, Sidemail includes everything for delivering and managing emails in one plan — transactional emails, and newsletters, and email automation. Plans start at $19 per month.

2. Sendgrid

SendGrid ranks among the biggest names as a Brevo (Sendinblue) alternative, primarily dedicated to sending transactional emails and now also covering an extensive array of email marketing and automation services. The company, founded in 2009, is headquartered in Denver, Colorado. In 2019 it became part of Twilio. As one of the oldest email providers, it has been used by companies like Uber, Booking.com, Yelp, Spotify, and Airbnb. In 2019, SendGrid was acquired by Twilio.

👍 Sendgrid Pros

One of the oldest and largest platforms for email delivery
Free plan with basic features available
Multi-channel support. Integration with Twilio’s suite allows for combined email and SMS communication strategies.
Comprehensive analytics. The platform offers detailed email tracking and analytics.

👎 Sendgrid Cons

Ocasional deliverability issues. Since the acquisition in 2019, there has been a notable rise in customer complaints regarding issues with email deliverability and quality of support, resulting in a significant increase in negative reviews.
Slow and bad support experience
Complicated pricing. The pricing model can be confusing, with additional costs for certain features, leading to unexpected expenses.
Learning curve

💰 Sendgrid Pricing

Twilio SendGrid offers freemium pricing, but if you need both transactional emails and email marketing with automation, you’ll need to purchase two separate plans.

For transactional emails, SendGrid provides a free plan with a limit of 100 emails per day and basic functionality. The paid Essentials plan starts at $19.95 per month and includes core features. For additional functionality, such as support for more than one team member, 7 days of data history, and a dedicated IP address, the Pro plan starts at $89.95 per month.

For marketing emails and email automation, SendGrid also has a limited free plan. Beyond that, there are two paid options: Basic and Advanced. The Basic plan does not allow for email automation. The Advanced plan, which includes email marketing, automation, and up to 15 subscribe forms, starts at $60 per month.

3. Mailchimp (+ Mandrill)

Mailchimp is another widely recognized Brevo alternative, known for its focus on email marketing and automation. Mailchimp positions itself primarily as a marketing platform, offering advanced tools for campaign management, segmentation, and analytics. In 2016, it expanded its services to include transactional emails through Mandrill, which is available as a paid add-on.

In 2021, Mailchimp was acquired by Intuit, joining their portfolio of business solutions. For those prioritizing sophisticated marketing features and audience insights, Mailchimp provides a compelling option as a Brevo alternative.

👍 Mailchimp Pros

Advanced marketing segmentation and targeting. Enables precise audience segmentation, allowing for personalized and effective marketing campaigns.
Generous marketing free plan. Offers a free tier suitable for small businesses or those new to email marketing, allowing up to 500 contacts and 2,500 monthly email sends.
Advanced marketing automation tools

👎 Mailchimp Cons

The most expensive alternative
Previous data breach issues. Following the Intuit acquisition, Mailchimp suffered a number of data breach incidents in 2022 and 2023.
Uncertain transactional emails. Since the Mailchimp + Mandrill acquisition, some former Mandrill customers report delivery issues and feel the transactional email service lacks development, leading them to seek alternatives.

💰 Mailchimp Pricing

Mailchimp is the most expensive alternative to Brevo. Its pricing is based on monthly plans, with a free option available for email marketing.

For email marketing, Mailchimp offers a free plan that includes up to 500 subscribers and 1,000 emails per month. The Standard marketing plan starts at $20 per month.

If you need to send transactional emails, you must purchase a Standard or Premium marketing plan and add the Transactional Email feature as an extra, starting at $20 per month.

4. Mailgun (+ Mailjet)

Mailgun is a Brevo (Sendinblue) alternative primarily focused on email delivery for transactional emails. Founded in 2010 and headquartered in San Antonio, Texas, it has long been a favored choice for developers due to its API-first approach.

In 2021, Mailgun became part of Sinch, a global communication platform provider. As part of this acquisition, Sinch also acquired Mailjet, a service specializing in email marketing and automation. While both Mailgun and Mailjet are now under the same parent company, they continue to operate as separate platforms. This means that businesses requiring both transactional and marketing email solutions need to manage two distinct services.

For those seeking a developer-friendly Brevo alternative with a focus on transactional email, Mailgun remains a solid choice. However, integrating marketing capabilities requires additional considerations.

👍 Mailgun Pros

Solid functionality for sending and managing transactional emails. Mailgun offers a robust and customizable API, making it popular solution amongst developers.
Comprehensive documentation
Pay-as-you-go option for transactional emails

👎 Mailgun Cons

Mixed customer support ratings
Limited email customization Unlike some other Brevo alternatives, Mailgun lacks user-friendly interfaces for customizing email templates.
Occasional deliverability issues
To send both transactional emails and email marketing, you need to pay for two separate services

💰 Mailgun Pricing

Mailgun offers pricing based on monthly plans and includes a free trial.

To use both transactional emails and email marketing with automation, you’ll need to pay for two separate services. Mailgun’s plans for transactional emails start at $35 per month, while Mailjet’s plans for marketing emails and automation begin at $25 per month.

5. Amazon SES

Amazon SES is one of the most affordable Brevo alternatives available. As part of Amazon Web Services (AWS), its “Simple Email Service” is designed to provide a straightforward, low-level solution for email sending. With its scalable infrastructure and reliable deliverability, Amazon SES is trusted by major companies like Netflix, Reddit, and Duolingo.

Unlike Brevo, Amazon SES focuses entirely on the technical aspects of email delivery. It offers a basic dashboard and minimal built-in features, making it better suited for developers or businesses with the resources to build and maintain their own email systems. While it excels in flexibility and cost-efficiency, it requires significant technical expertise to set up and manage effectively.

For businesses seeking a highly customizable and budget-friendly Brevo alternative, Amazon SES could be an excellent option, provided they have the necessary development resources.

👍 Amazon SES Pros

The cheapest Brevo alternative with a Pay-as-you-go pricing model
High deliverability rates
Robust and reliable infrastructure

👎 Amazon SES Cons

Complex initial setup. Getting started with Amazon SES requires significant manual setup on your part. Amazon offers basic tools for email delivery, but tasks like email template creation, troubleshooting, and analytics are entirely your responsibility.
No customer support included
Learning curve

💰 Amazon SES Pricing

Amazon SES uses a pay-as-you-go pricing model.

When considering email costs alone, it is by far the cheapest alternative to Brevo, with 1,000 emails priced at just $0.10.

Choosing the Brevo Alternative

I hope this detailed guide on Brevo alternatives has helped you better understand which option might be the right fit for you. Each of the listed alternatives provides at least basic functionality for sending transactional emails and email marketing. From there, the best choice depends on your specific use case and preferred approach. If you have any questions or need assistance with email delivery, don’t hesitate to reach out at support@sidemail.io.

Transactional Email vs Marketing Email (+ Examples)

Kristyna Vrbova — Thu, 20 Jun 2024 14:56:34 +0000

Transactional emails and marketing emails — you have probably heard these terms before. However, the definitions are not always very clear, which might leave you unsure about the differences and why you should take the time to differentiate them. In this article, I’ll simplify these terms as much as possible, help you cover the basics of transactional vs. marketing emails, show you some examples of each, and answer frequently asked questions.

What is a transactional email?

Transactional emails are emails that are sent as a direct response to a user’s actions in an application, service, or website. Single sign-on, password reset, welcome email, order confirmation, receipt — these all are examples of transactional emails.

What is a marketing email?

Marketing emails (also known as promotional emails, commercial emails, newsletters, broadcast emails, or bulk emails) are emails that a company member, usually a marketing person, sends to a large group of contacts who have agreed to receive promotional messages from the company. Examples of marketing emails include product updates, weekly/monthly newsletters, announcements, and sale or promo offers.

What is the difference between transactional email vs marketing email?

Now that we know the definitions of transactional and marketing emails, let’s go through their differences.

Transactional vs Marketing email differences (source: Sidemail.io)

The main differences between transactional emails and marketing emails are:

Trigger ⚡ — Transactional emails are triggered by a specific user action in your application, service, website, or similar. Marketing emails are sent to a group of contacts, usually by a marketing employee of the company.
Opt-in 🤝 — Marketing emails, in contrast to transactional emails, require explicit opt-in by a recipient. Marketing emails are also regulated by GDPR, CAN-SPAM, and other regulations.
Email content 💌 — The content of a transactional email is customized to the specific user and usually contains unique information, links, or data for the user. It’s direct one-on-one communication. On the other hand, the content of a marketing email is rather general and promotional, often as part of a marketing campaign.
Unsubscribe link 📫 — All marketing emails must contain an unsubscribe link, giving the recipient the right to opt-out from receiving further promotional emails from the company at any time. Transactional emails do not need unsubscribe links.
Delivery speed and time ⌛ — Transactional emails are part of the critical architecture of an application, service, or website. Therefore, deliverability rates and speed are crucial. A good transactional email provider should deliver emails reliably and within a few milliseconds. For marketing emails, the delivery speed is generally less critical. Marketing emails are rather optimized to reach the recipient at the most convenient time, often using timezone-based delivery for optimization.
Engagement and open rates 📈 — Transactional emails generally have higher engagement and open rates than marketing emails. On average, transactional emails tend to have an open rate between 40% and 60% due to their nature of being triggered by user actions and containing important information that the recipient is expecting or needs to access. In contrast, marketing emails usually have an open rate ranging from 20% to 30%, though this can vary widely based on factors such as industry, target audience, email content, and the quality of the email list.

Why do I need to differentiate between transactional and marketing emails?

As introduced in the previous section, transactional emails and marketing emails have different specifics, are sent with different purposes, and need to comply with different regulations. Therefore, companies must have knowledge regarding the specifics of transactional and marketing emails to comply with email regulations and ensure the best possible experience for their users.

By separating transactional and marketing emails, you can achieve better deliverability results. For transactional emails, deliverability speed is crucial, so they should always have the highest priority for email sending. However, marketing emails also need to be reliably delivered.

Also, when you separate transactional and marketing emails, email service providers can better identify and categorize your emails in users’ inboxes.

Additionally, separating transactional and marketing emails simplifies troubleshooting and potential debugging, while also saving time for your support team.

And how to separate transactional and marketing email sending?

Generally, the best practice is to separate your emails by using different “from” names, “from” addresses, and IP addresses. Today, there are email sending providers that can help you easily manage this. For example, Sidemail manages all the separation, unsubscribe link handling, and email delivery for you, and provides you with industry best practices. You can check out Sidemail and start a free trial here.

Do transactional emails need to contain an unsubscribe link?

No, transactional emails do not need to contain an unsubscribe link. As explained earlier, transactional emails are sent in response to a user’s action in your application, service, or website. Therefore, if you’re sending transactional emails such as password resets, single sign-on confirmations, receipts, or similar messages, they do not need to include an unsubscribe link.

Do marketing emails need to contain an unsubscribe link?

Yes, all marketing emails must contain an unsubscribe link. Therefore, if you’re sending newsletters, product updates, discount offers, or similar promotional emails, you are required to include an unsubscribe link. Also, it’s important to keep in mind that to send marketing emails to a recipient, you need to have their explicit opt-in to receive such marketing messages from your company.

Transactional email examples

Now that we understand the definition and specifics of transactional emails, let’s explore some examples.

Password reset email

Perhaps the most recognized transactional email, the password reset email is sent to a user after they request to change their password. This email verifies the user’s action and allows them to proceed with updating their password securely.

Single-sign-on email (SSO)

For applications or services offering passwordless login, the single sign-on email facilitates user login. Users enter their email, request an SSO email, and receive a login link via your transactional email provider. Clicking the link logs them into your application or service.

Receipt, Order confirmation, Subscription activation emails

After a successful payment, it’s good practice to send your user an email with a receipt, order confirmation, or subscription activation. You can also use these emails to thank users, build trust, and foster good relationships.

Registration & Welcome email

Registration and welcome emails are crucial for making a good first impression. They can help you establish a great relationship with users, guide them through their first steps in your application or service, or offer assistance if they need it.

Account activation email & Email address verification

If you have a SaaS platform, you’ll probably want to verify your users’ email addresses before they get started. To do this, you can use an email API to send an activation email. Users verify their email address by clicking the link inside this email.

Dunning emails

Dunning emails notify users about issues with payments. These emails are typical for SaaS and play an important role in churn prevention, building trust, and managing subscriptions. Examples of dunning emails include:

Payment attempt failed
Subscription renewal issue
Expired credit card information
Authorization issues

Marketing email examples

And now, let’s look at some examples of marketing emails.

Newsletters & Product updates

Have you introduced a new feature, improved your application, or recorded a new tutorial video? These are amazing opportunities to reach out to your users and audience, sharing what you’re up to. You can also use newsletters to ask for their thoughts and collect feedback.

Discounts & special offers

Companies often offer special discounts for celebrations and holidays like Black Friday, New Year, and Summer holidays. Email marketing is a great way to spread the word about your offers. You can also combine it with discount codes, buy-more-save-more offers, and other strategies depending on your resources and creativity.

Need to help with transactional and marketing emails?

Do you need help with your transactional and marketing emails? We’re here for you! We’re experts on email delivery and enjoy working with clients directly. Whether you need help separating transactional and marketing emails, managing and delivering emails for your service, integrating transactional emails into your application, or anything else related to emails, we’ve got you covered. You can reach out to me directly at kristyna@sidemail.io or check Sidemail, our email platform.

👉 Try Sidemail today

Dealing with emails and choosing the right email API service is not easy. We will help you to simplify it as much as possible. Create your account now and start sending your emails in under 30 minutes.

Start 7-day free trial →