The pre-send checklist that keeps a sending domain out of spam

Why we run a checklist at all

Once a sending domain lands in spam, getting back out is slow and expensive. Reputation is sticky on the way down. A few weeks of bad sends can cost a quarter of climbing back, and during that quarter every campaign underperforms because half of it never reaches the inbox. The cheapest deliverability work happens before the send button, while the open rate is still healthy. So we run a fixed pre-send checklist on every account, and we treat skipping it the way we treat skipping a database backup.

This is the email deliverability checklist we actually use, in the order we run it. It is short on purpose, because a checklist that takes an hour gets skipped and a checklist that takes five minutes gets run.

1. Authentication is correct and aligned

Three records have to be right, and aligned means the domain in them matches the visible From domain. Alignment is the part teams miss most. Records can pass on their own and still fail DMARC because the signing domain does not match the From domain the recipient sees.

• SPF. A valid record that includes every service sending on the domain. We check the lookup count stays under the 10-DNS-lookup limit, because an SPF record that exceeds it silently fails as a permerror. The lookup count is easy to blow past once a brand adds a CRM, a help desk, and a transactional sender, each with its own include.
• DKIM. A 2048-bit key published and signing, verified by sending a test and reading the raw headers rather than trusting the platform's green checkmark. We confirm the d= domain in the signature matches the From domain, because a DKIM pass on a vendor's subdomain does nothing for DMARC alignment.
• DMARC. A published policy. We start new domains at p=none with rua reporting so we can read the aggregate reports for a week or two, then move to p=quarantine once SPF and DKIM are passing on real traffic. Mailbox providers now expect DMARC for bulk senders, and a missing policy is an automatic deliverability tax that gets steeper every year.

We pull the actual DNS and parse it on a pre-send job rather than relying on a one-time setup that may have drifted. Records get edited and broken by people who have no idea they touched email. We have caught more than one account where someone added a new tool, updated SPF, and pushed it over the lookup limit without ever knowing.

2. Warmup state matches send volume

A cold or recently migrated domain cannot take a full-list blast. We check where the domain is in its warmup curve and cap the send accordingly.

For a fresh domain we ramp over 4 to 6 weeks, starting around 50 messages a day to the most engaged profiles and roughly doubling every few days while watching the bounce and complaint rates. We send to the most engaged profiles first on purpose, because early opens and clicks are the positive signal that builds reputation, and a cold domain that opens with high engagement warms far faster than one that opens with a broad list.

If we are sending from a domain that has been quiet for over a month, we treat it as semi-cold and re-ramp, because providers down-weight reputation that goes dormant. The pre-send check is simple: is today's intended volume within the warmed ceiling for this domain. If not, we split the send across days. A dedicated sending subdomain helps here too, so a marketing blast that takes a reputation hit never touches the transactional mail the business depends on.

3. List hygiene before the send, not after

We never send to a list we have not screened the same day. Lists rot continuously, and a hygiene pass that ran last week is already stale. The screen:

• Drop known invalids and hard bounces. Anything that hard-bounced previously is suppressed permanently. Mailing a hard bounce again is a direct reputation hit.
• Suppress role and spam-trap-shaped addresses. Role addresses like info@ and the obvious recycled-trap patterns come out.
• Engagement gate by send type. A promotional blast goes only to profiles with an open or click in a recency window appropriate to the audience, often 90 days. Mailing dormant profiles to chase reach is the fastest way to a complaint spike. Transactional and triggered flows are exempt because they are expected mail.
• Complaint and unsubscribe scrub. Anyone who complained or unsubscribed is verified suppressed. This sounds automatic and usually is, but a list imported from another tool can carry stale opt-out state.

Keeping the spam-complaint rate under 0.1% and the bounce rate under 2% is the line we hold. Cross either and we stop and clean before sending more. We watch these per send, not per month, because a single bad blast can spike the complaint rate high enough to cost placement before the monthly average ever moves.

4. Content checks

Content does not get a domain blocked on its own as often as people fear, but several patterns reliably hurt placement.

• Text-to-image ratio. An email that is one giant image with no real text reads as spam-shaped. We keep meaningful live text in every send.
• Link domains. Every link points at a domain with good reputation, ideally the brand's own. A shortener or a flagged redirect domain in the body can sink the whole message. We also check the link click-tracking domain is set up and not a generic shared one.
• The unsubscribe is one click. A working list-unsubscribe header plus a visible link. Required by bulk-sender rules now, and a missing one-click unsubscribe pushes complaints up because people hit the spam button instead.
• Subject and preview honesty. No fake RE: or FW:, no fake urgency. Deception drives complaints, and complaints drive reputation.
• Seed-inbox preview. We send to a small set of seed addresses across Gmail, Outlook, Yahoo, and Apple, and confirm primary-tab placement before the real send goes out. Gmail and Outlook do not always agree, and a message that lands in the primary tab on one can sit in promotions on the other, so we look at all four before committing.

5. The one-look monitoring pass

The last step happens after the send, not before, but it belongs in the same routine. Within a few hours we read the early numbers: open rate against the recent baseline, bounce rate, and any complaint signal the platform surfaces. A send that is tracking 30% below its normal open rate is a placement problem we want to catch on send one, not send four. If we have DMARC rua reporting on, we also glance at the aggregate reports a day later to confirm the real-world auth pass rate matches what the pre-send check predicted. Reporting that disagrees with the static check means a sender we did not account for is using the domain.

A concrete example

A brand came to us after their open rate fell from 32% to 11% over six weeks with no idea why. The checklist found it in under an hour. Someone had added a new email tool and edited the SPF record, pushing it to 11 DNS lookups, one over the limit, so SPF was returning a permerror on every message. DKIM was fine, which is why nothing looked obviously broken, but the SPF failure plus a recent run of blasts to a dormant list had cost them Gmail placement.

We flattened the SPF record back under 10 lookups, suppressed everyone with no engagement in 120 days, and re-ramped sends to engaged profiles only for two weeks. Open rate recovered to 28% by week three and the spam-complaint rate dropped back under 0.1%.

How we think about it

Deliverability is not a one-time setup. It is a pre-send discipline. Records drift, lists rot, and a single over-eager blast to dormant profiles can undo weeks of good reputation. We run the same checklist every time because the cost of running it is a few minutes and the cost of skipping it is a quarter spent climbing out of the spam folder.

The full checklist with the exact thresholds is at https://www.arthea.ai/article/presend-deliverability-checklist.