This article is based on insights from The Actual State of Email Deliverability, a webinar hosted by Email Industries in collaboration with Unspam.email. The session featured two of the industry’s most trusted voices: Matt Vernhout, Principal Deliverability Advisor at Email Industries, and Lawrence Heslin, Head of Accounts and Sales Operations.
The webinar explored recent policy changes at Gmail, Yahoo, and other mailbox providers, explained the technical foundations every sender must master, and offered practical strategies for sustaining inbox placement in an increasingly complex landscape. What follows is a written adaptation of that discussion.
In early 2024, Gmail and Yahoo announced the most significant changes to email deliverability in more than a decade. For senders around the world, these requirements marked a turning point. Authentication became mandatory, one-click unsubscribe was no longer optional, and bulk-sender rules grew stricter. One year later, the rest of the ecosystem has begun to align, creating both new challenges and new clarity for marketers and businesses that rely on email.
This article draws on insights from a recent webinar hosted by Email Industries in collaboration with Unspam.email, featuring Matt Vernhout, Principal Deliverability Advisor at Email Industries, and Lawrence Heslin, the company’s Head of Accounts and Sales Operations. Together, they traced the recent evolution of deliverability, explained the technical details, and offered practical guidance for keeping messages in the inbox.
The New Rules of the Inbox
Until recently, many senders treated deliverability as an afterthought. Problems were addressed only when messages started to bounce or disappear. That posture is no longer sustainable. Beginning in February 2024, Gmail and Yahoo began enforcing a set of rules that fundamentally reshaped the sending landscape.
All messages must now be properly authenticated through SPF, DKIM, and DMARC. Bulk senders, defined loosely as those sending more than 5,000 messages per day but often evaluated case by case, must support one-click unsubscribe. Google also introduced the Feedback-ID header, which allows senders to trace complaints back to specific campaigns without violating user privacy. Yahoo relaunched its feedback loop program, requiring DKIM authentication as the basis for participation.
In April 2025, Google went further, clarifying that accounts failing to meet these standards may lose the ability to display their brand name in the “From” field. Instead, users would see only the raw email address, a change intended to help consumers identify suspicious or untrustworthy senders. The message was clear: authentication and compliance are not just technical details. They are visible signals of trust.
A Growing Alignment Across Mailbox Providers
The influence of Gmail and Yahoo quickly spread. Apple introduced similar expectations, focusing on authentication and complaint thresholds. Microsoft’s Outlook tightened its filters, causing noticeable delivery challenges for many senders during the rollout. European providers also adjusted, with Orange lowering its acceptable complaint rate from one percent to 0.3 percent, in line with industry norms.
AT&T, long an outlier in North America, moved its email accounts under Yahoo’s common filtering system, while Comcast began testing an experimental DKIM-based feedback loop. Instead of sending full complaint copies, Comcast’s system provides structured header data, requiring senders to adapt their monitoring and analysis tools. The overall effect has been an industry-wide alignment, reducing the guesswork that once forced marketers to juggle conflicting requirements.
What Lies Ahead: DKIM 2 and Beyond
Deliverability continues to evolve. The next generation of authentication standards is already in development. DKIM 2, as it is currently known, promises stronger cryptography, better resilience against forwarding, and closer integration with DMARC policies. A revision of DMARC itself is also on the horizon. Features that proved impractical, such as forensic reporting, may be abandoned, while more realistic mechanisms for privacy and enforcement are expected to take their place.
Mailbox providers are also testing subscription management portals that allow users to view and cancel subscriptions directly within their interface. This shift underscores a principle emphasized by Matt Vernhout during the webinar: unsubscribes are far healthier than spam complaints. Senders who make it easy for people to leave protect both their reputation and their long-term deliverability.
Why Email Remains Hard
At first glance, email seems simple. A sender clicks “send,” and the message appears moments later in the recipient’s inbox. In reality, the journey is complex. Each message passes through a series of checkpoints: authentication checks, reputation assessments, spam filters, and foldering decisions. Providers evaluate thousands of signals, from IP addresses and domains to the content of links and landing pages. A small misstep at any stage can send a message to spam or prevent delivery altogether.
This complexity explains why “email is hard” has become a familiar refrain among deliverability experts. It also explains why seemingly minor changes, such as a new ESP, a sudden spike in volume, or a poorly configured SPF record, can cause major problems if not carefully managed.
Technical Foundations You Must Get Right
Several technical elements form the foundation of modern deliverability. Each requires careful setup and ongoing monitoring:
- SPF: maintain a single record per domain, retire old vendor includes, and keep within the 10-lookup limit.
- DKIM: use stable selectors, rotate keys carefully, and monitor DNS for timeouts or caching errors.
- DMARC: enforce alignment with a clear policy, review aggregate reports regularly, and align From domain, DKIM d=, and SPF Mail-From.
- TLS: confirm that your ESP or MTA enforces encrypted delivery between networks.
- BIMI: publish a record once authentication is solid. Begin with a free self-asserted record, then plan for a VMC or CMC certificate if budget allows.
- Feedback-ID: ensure headers are present so Postmaster tools can group complaints by campaign or list.
- Postmaster dashboards: configure Gmail, Yahoo, and Microsoft portals and check them consistently.
Building and Protecting Reputation
Reputation sits at the heart of deliverability. Mailbox providers use behavioral data to judge whether a sender is trustworthy. Complaints, unsubscribes, and spam-trap hits are obvious red flags. Engagement patterns also matter: are recipients opening and clicking consistently, or ignoring most of what they receive? Even display names are scrutinized. Adding emojis or disguising a brand behind a generic sender often raises suspicion.
To manage reputation, senders must monitor feedback loops, postmaster dashboards, and internal metrics. Segmenting by engagement level—new, active, cooling, and inactive contacts—allows marketers to adjust cadence and messaging. Persistently unengaged users should be sunset, ideally after a final re-activation attempt. Continuing to send to them risks damaging reputation across the board.
The Role of Data Quality and Consent
Good deliverability starts with good data. Bot sign-ups and fake addresses can poison a list, creating spam-trap hits and triggering filters. Protecting forms with tools such as reCAPTCHA, validating addresses in real time, and tracking consent types by region are all critical. Laws differ, so marketers must understand the rules where their subscribers live. Canada, for example, distinguishes between implied and express consent for commercial messages.
Monitoring complaints and unsubscribes helps reveal whether expectations are being met. A sustained unsubscribe rate above one percent is often a warning sign, suggesting that subscribers did not fully understand what they were signing up for, or that the frequency and content are misaligned with their needs.
Content and User Experience
The content of a message also influences deliverability. Mobile-first design, clear hierarchy, and obvious calls to action improve usability. Experts recommend a balance of roughly 70 percent live text and 30 percent images, ensuring that messages remain legible across devices and avoid appearing as “image only” spam.
Accessibility has grown more important as well. Both U.S. and European regulations now require compliance with accessibility standards, making features like alt text and high-contrast design essential. Oversized messages create their own problems, with Gmail truncating emails larger than 102 KB.
Display names must also be chosen carefully. A brand name is usually more recognizable than the name of a CEO or staff member. As Vernhout noted, most consumers do not know who a company’s executives are, but they immediately recognize the brand.
Metrics in the Age of Bots
For years, marketers relied on open rates as a primary measure of success. That metric is now unreliable. Apple’s Mail Privacy Protection, image caching by Gmail and Yahoo, and aggressive security scanners all inflate opens. Click rates are also distorted by automated link-checking tools.
Instead, deliverability experts recommend using open rates as directional signals rather than KPIs. A sudden drop from a stable baseline often indicates a filtering problem. Real performance should be measured by downstream actions that bots cannot complete: purchases, downloads, bookings, or registrations.
The Threat Landscape
The heightened aggressiveness of mailbox filters is not arbitrary. Phishing, account compromise, and deepfake scams have caused billions in losses. Businesses must now assume that every message will be scrutinized by security systems before reaching the inbox. In some cases, these scans mimic human behavior so closely that they appear as inflated engagement metrics. The arms race between attackers and defenders is ongoing, and marketers are caught in the middle.
Diagnosing and Preventing Issues
Early warning signs of deliverability trouble often appear before a full crisis develops. Marketers should watch closely for:
- Rising bounce rates, especially soft bounces
- Increasing complaints or unsubscribes
- Sharp declines in opens compared to a stable baseline
- Direct customer feedback that emails are not being received
When issues arise, the solution is often found by looking backward. A new partner data source may have introduced poor addresses. A redesigned signup form without bot protection may have allowed fake subscriptions. A migration to a new IP without proper warmup may have reset reputation. Identifying the change that coincided with the trend usually reveals the root cause.
Choosing Infrastructure Wisely
Email Service Providers (ESPs) play a role in deliverability, but less than many marketers assume. Domain reputation now outweighs IP reputation, although network reputation still matters. Dedicated IPs are valuable for high-volume senders, usually those sending at least 20,000 messages per day, because they isolate reputation. Smaller senders may fare better in reputable shared pools.
As for automated “warm-up services” that simulate engagement, Vernhout and Heslin were clear: these tools provide little value and often violate ESP terms of service. Real warmups, conducted gradually with engaged recipients, remain the best practice.
The Path Forward
Email deliverability in 2025 is more demanding than ever, but also clearer. Authentication, alignment, data hygiene, and user-first content are no longer best practices, they are requirements. Metrics must evolve beyond opens and clicks, focusing instead on outcomes that reflect real human behavior.
The good news is that the industry is moving toward greater consistency. As Vernhout emphasized, alignment across providers means fewer contradictions and fewer excuses. For senders who commit to compliance, transparency, and relevance, the path to the inbox is still open.
