Deliverability at Scale: How Enterprises Protect Placement & Reputation

Why placement is a license (not a vibe)

Inboxes are not a single room; they are a gated community with bylaws. Your “right to be seen” is a license renewed one send at a time. When you scale, license renewal turns into a discipline—domain architecture, authentication, engagement policy, content standards, and incident response. Skip the discipline and the mail gets quieter, then disappears. You don’t notice right away because dashboards show opens; a month later finance asks why conversions are down and support complains that “nobody saw the back-in-stock.”

Deliverability is boring until it’s not. Treat it like plumbing: invisible when it works, urgent when it leaks, and the first thing buyers check when they tour the house. Your program should prove, every week, that it deserves to be in the room.

Domain & authentication strategy (SPF/DKIM/DMARC/BIMI/MTA-STS)

Authentication is your handshake. At enterprise scale, the handshake must be consistent, explicit, and segmented by message stream.

Subdomain strategy (separate streams)

  • Marketing: news.brand.com
  • Lifecycle/Triggers: updates.brand.com
  • Transactional: notify.brand.com
  • Regional/brand splits: add only when needed; keep the tree shallow

Stream separation prevents one misbehaving campaign from dragging your critical receipts into junk. Each subdomain carries its own reputation and complaint profile.

SPF (Sender Policy Framework)

  • One SPF record per root domain; include only the providers that actually send.
  • Beware “include” chains and DNS lookup limits (10 max); flatten where possible.
  • End with a hard fail (-all) when confident; start with ~all during transition.
example.com TXT "v=spf1 include:_spf.esp.com include:_spf.crm.com ~all"

DKIM (DomainKeys Identified Mail)

  • Enable DKIM signing in your ESP for each subdomain; rotate keys annually.
  • Use separate selectors per provider (e.g., s1._domainkey.news.brand.com).
  • Verify alignment: the d= value should match the visible “From” domain under DMARC.

DMARC (Domain-based Message Authentication, Reporting & Conformance)

  • Start with p=none to collect reports; move to quarantine then reject once aligned.
  • Set adkim / aspf to strict (s) if possible for tighter alignment.
  • Use aggregate reports (rua) to see who is pretending to be you; monitor weekly.
_dmarc.brand.com TXT "v=DMARC1; p=quarantine; pct=100; adkim=s; aspf=s; rua=mailto:dmarc-reports@brand.com"

BIMI (Brand Indicators for Message Identification)

BIMI is a trust flourish: show your verified logo in the inbox. It requires DMARC enforcement and a properly formatted SVG; in some ecosystems, you’ll need a verified mark certificate (VMC). Treat BIMI as the cherry on top—after authentication and complaint rates are healthy.

MTA-STS & TLS-RPT (transport security)

Enforce TLS for mail transport and get reports when someone fails to negotiate encryption. It won’t boost placement by itself; it closes a class of downgrade attacks and earns points with security reviewers.

_mta-sts.brand.com TXT "v=STSv1; id=2025-01"
mta-sts.brand.com  CNAME to a policy host or serve a policy over HTTPS
_tlsrpt.brand.com  TXT "v=TLSRPTv1; rua=mailto:tlsrpt@brand.com"

Tracking domains, link hygiene, and alignment

Some providers still default to generic click domains. At scale, mismatched link domains can trip filters and confuse users. Use a branded tracking CNAME per subdomain and align link hosts with your brand.

  • Set a CNAME like click.news.brand.com to your ESP’s tracking host.
  • Keep landing-page hosts stable; redirect chains should be short and consistent.
  • UTM parameters standardized across teams; no empty or conflicting keys.
  • One primary domain for links; avoid a patchwork of unfamiliar headers and hosts.

Engagement banding, sunset, and list governance

Deliverability dies slowly, then all at once. Engagement banding buys you the time to fix issues before the cliff. Treat it as policy, not a courtesy.

Band policy (baseline)

  • 0–30 days: eligible for most sends; the engine of placement.
  • 31–60 days: limited campaigns; lifecycle only for some cohorts.
  • 61–90 days: lifecycle only or re-engagement minimum; no promos.
  • 90+ days: pause for two re-engagement touches; then suppress.

Adjust windows by category and sales cycle, but keep the principle: you earn the right to message by respecting recent behavior. “Because it’s a big week” is not a policy; it’s how reputations tank.

Re-engagement (two tries, then stop)

  • Touch 1: value-first (“here’s what changed/why people stay”).
  • Touch 2: a clear choice—opt down, snooze, or say goodbye. No pleading.
  • Suppress unresponsive addresses; let absence protect your domain.

Capture quality (stop importing problems)

  • Validate domains and common typo traps at capture; correct politely.
  • Use double opt-in where law or risk demands it.
  • Log consent source, timestamp, jurisdiction, and IP/user agent.

Content standards that machines and humans trust

Filters don’t read like humans, but they agree on this: predictable brands with accessible templates and honest intent go farther. Your design system should serve both audiences.

  • Accessible HTML: real text for key content, descriptive alt text, minimum 16px body text, AAA contrast where feasible.
  • Subject/preheader honesty: match the promise and the payload. Clickbait is a short-term sugar high with long-term insulin resistance.
  • One-click unsubscribe: List-Unsubscribe and List-Unsubscribe-Post headers plus a visible footer link. Let people leave gracefully.
  • Legal footer: place a valid physical mailing address where required by law; don’t hide it in images.
  • Consistency: tone, cadence, and brand elements steady across streams; avoid surprise layout swaps that feel like phishing.
  • Image/text balance: there is no magic ratio; the rule is renderable meaning. If the message is unreadable without images, you shipped an image, not a message.

Throttling, concurrency & rate control (the mechanics of respect)

Even perfect content fails if it arrives like a firehose. Large mailbox providers protect their users with rate limits. Respect them and you’ll earn more room next week.

  • Throttle by domain: cap messages per minute to Gmail/Yahoo/Outlook and ramp up with evidence.
  • Concurrency limits: control simultaneous connections; monitor 4xx deferrals and back off.
  • Greylisting tolerance: retry gracefully with exponential backoff; don’t hammer.
  • Stagger high-risk sends: avoid scheduling every brand’s blast at :00; spread across the hour.

Bounce taxonomies, suppression logic, and trap defense

Not all bounces are equal. Your ESP may normalize codes; at enterprise scale, you still need to treat patterns differently.

Hard vs. soft

  • Hard: “user unknown/invalid domain.” Suppress immediately.
  • Soft: “mailbox full/temporary failure/deferral.” Escalate suppression after N attempts (e.g., 3–5 sends or 72 hours for a campaign).

Trap awareness

  • Pristine traps: never opt-in; caught via purchased lists or scraping. Avoid by never buying lists and validating at capture.
  • Recycled traps: old addresses now set as traps. Engage banding and sunset protect you here.
  • Typo traps: common misspellings. Correct at capture or confirm via COI.

Measurement: complaint, placement proxies, and the dashboard

Your weekly deliverability dashboard should be boring and blunt. Everyone should be able to read it in two minutes and know if this week is safe or spicy.

Core dials

  • Complaint rate by mailbox provider (Gmail/Yahoo/Outlook). Treat 0.08% at Gmail as yellow; 0.1%+ as red. Your thresholds may vary; write them down.
  • Hard/soft bounce trend with reasons. Spikes precede problems.
  • Placement proxy (seed/panel trendline). Individual samples lie; trends don’t.
  • Engagement by band (0–30/31–60/61–90). If 0–30 slumps, the issue is content or cadence, not banding.
  • RPR split (flows vs. campaigns). When campaigns drag RPR down, you’re using placement you didn’t earn.

Under the dials, two bullets: what changed, what we’ll test next. Strategy becomes a habit when you force truth into 10 minutes a week.

Incident response playbook (freeze, fix, prove)

You will have a bad week. The difference between a blip and a month-long slump is the first hour. Treat deliverability like site reliability: severity, owners, and a blameless post-mortem.

Severity ladder

  • SEV-1: widespread spam placement or major complaint spike.
  • SEV-2: localized provider issue or sustained panel drop.
  • SEV-3: anomaly under investigation; no user impact yet.

First hour (SEV-1)

  1. Freeze promotional sends; lifecycle continues only for 0–30 band.
  2. Gather indicators: complaint by domain, 4xx/5xx patterns, panel results, recent changes (template, link domain, volume).
  3. Roll back the last risky change (new link domain, template, audience expansion).
  4. Communicate in one sentence: impact, action, ETA for next update.

48–72 hours

  • Warm down to engaged cohorts; prioritize proof-first lifecycle.
  • Repair causes (authentication drift, link host mismatch, list hygiene gap).
  • Document what will prevent recurrence (policy changes, checks, training).

Post-mortem

One page. Timeline, root cause(s), what worked/failed, five action items with owners and dates. No blame; the goal is learning that survives turnover.

Global & multilingual deliverability (without drowning)

Global programs don’t fail because of language; they fail because duplicate flows multiply mistakes. Use one logic per journey and swap language via template packs. You’ll protect reputation and sanity.

  • Language packs: translators edit keys, not logic. No copy-paste flows.
  • RTL readiness: dir="rtl" containers, mirrored icons, font coverage. Run additional device QA.
  • Regional consent & quiet hours: store lang, timezone, jurisdiction on profile; enforce in orchestration.
  • Regional ramp: cut over one market per week; monitor dials by region; do not globalize incidents.

Ops & governance: QA, RACI, and change-freeze that prevent fire drills

Governance is unglamorous until you have it. Then it’s freedom. A few pages of SOPs prevent months of “why is Gmail mad at us?”

Pre-send QA (minimum)

  • Device rendering (dark/light, mobile/desktop), alt text, contrast checks.
  • Link validation (redirects, UTM taxonomy, branded tracking domain).
  • Segmentation/suppression audit (bands, exclusions, legal flags).
  • Headers: List-Unsubscribe & List-Unsubscribe-Post; correct “From” and reply-to.
  • Approval snapshot: copy, audience size, send time, risk level, owner sign-off.

RACI (deliverability excerpt)

Task R A C I
Domain & DMARC config Deliverability lead Head of Lifecycle IT/Sec Marketing
Engagement band policy Lifecycle strategist Head of Lifecycle Legal Brand teams
Incident response Producer on call Head of Ops Deliverability/Data Stakeholders

Change-freeze policy

During risk windows (warm-up, migrations, major promos, incidents), only pre-approved critical changes go out. Everything else queues. Exceptions require joint sign-off from lifecycle and deliverability owners.

60-day operating plan (week-by-week)

Weeks 1–2: Foundations

  • Audit domains, SPF/DKIM/DMARC, tracking CNAMEs; fix drift.
  • Publish banding/sunset policy; implement in ESP.
  • Refactor templates for accessibility; add one-click unsub headers.
  • Baseline complaints, bounces, seed/panel placement.

Weeks 3–4: Reduce risk

  • Throttle sends to banded cohorts; remove “big blasts” to unengaged.
  • Introduce value-first content in campaigns; migrate transactional to dedicated subdomain if not already.
  • Set QA SLA; create change log; start weekly 10-minute readout.

Weeks 5–6: Learn faster

  • Experiment with send time distribution (no top-of-hour pileups).
  • Test plain-text proof variant vs. design-heavy; score by RPR/complaint.
  • Tune throttles per provider; watch 4xx deferrals and adjust.

Weeks 7–8: Harden

  • Rotate DKIM selectors; set DMARC to quarantine if aligned and stable.
  • Write incident playbook and run a tabletop with marketing + IT.
  • Document “what changed / learned / test next.” Freeze learnings as SOP.

Weeks 9–10: Expand safely

  • Gradual audience expansion from 31–60 band as metrics allow.
  • Introduce BIMI (if ready) to strengthen visual trust.
  • Evaluate seed/panel trendlines vs. baseline; present to leadership.

Weeks 11–12: Review & commit

  • Quarterly deliverability review with owners; refresh thresholds.
  • Publish updated banding and QA checklists; retire outdated assets.
  • Schedule next DKIM rotation and DMARC policy step.

Case snapshots: three failures avoided (and how)

1) The big-week blast

A retail brand planned a “site-wide” send to 8M addresses with no banding. We implemented a three-tier release: 0–30 band in hour one, 31–60 in hour two, and 61–90 only for lifecycle triggers. Complaints stayed below threshold; revenue came in steadier (and higher) because inbox providers didn’t throttle the whole stream.

2) The link-domain mismatch

Marketing switched to a new URL shortener—unbranded and unfamiliar. Seeds went red; complaints jumped. We rolled back the link host, set a branded CNAME, and retried with engaged cohorts. Placement recovered in 48 hours. The action item: link changes go through QA and a small cohort first.

3) The image-only redesign

A gorgeous template arrived: all images, tiny footers, no alt text. We rebuilt with live text and real hierarchy, kept the design system feel, and added List-Unsubscribe-Post. Placement stabilized; clicks rose (because users could read without loading images). Aesthetic survived; messages got seen.

FAQ

How low should our Gmail complaint rate be?

Lower than you think. Treat 0.08% as yellow and 0.1%+ as red. Your thresholds depend on volume and history; the important part is to write them down and act consistently.

Does BIMI improve placement?

Not directly. BIMI improves brand trust and consistency once DMARC is enforced and complaints are healthy. Think of it as a trust flourish, not a lever.

Do seed/panel tests tell the truth?

They tell a truth—trendlines matter more than single tests. Combine with complaints, bounce patterns, and engaged cohort behavior. If all signals point down, believe them.

Is there still an “image/text” ratio rule?

No magic number. Filters care about renderable meaning, predictable branding, and behavior. Use live text for what matters and keep images honest and descriptive.

How quickly can we recover from a placement incident?

Faster with discipline: freeze promos, warm down to engaged cohorts, fix the cause (auth drift, link host, banding), and communicate. Many programs stabilize inside 72 hours; some take longer if reputation was already strained.

 

Back to blog