Spam Resource: All Things Deliverability

Webinar Alert: When Email Deliverability Isn't Enough: Turning Trust Into Brand Impact

2026-04-23T08:00:00.000-05:00

If you want to learn more about the value of and potential benefit from BIMI (Brand Indicators for Message Identification), the inbox logo standard that helps you build email trust and boost engagement with your subscribers, then this is the webinar for you!

Join Al Iverson (Valimail), Dean Coclin (DigiCert), and Mica Taboada (Valimail) as we walk through everything you need to know about BIMI, with real world data and successful use cases. We'll also share how Valimail Amplify helps you streamline your path to BIMI success, where Mark Certificates (VMC/CMC) from DigiCert fit into all of this, and more!

Join us, won't you? The fun happens on Tuesday, April 28th at 12:00 noon central time, and is 100% free.

Mickey Chandler: DKIM Failing at One Domain Is Not a Key Issue

2026-04-22T07:00:00.005-05:00

My friend Mickey Chandler recently posted a great new blog post explaining what an email sender can do with DMARC aggregate reporting. Specifically, what the reporting can tell you with regard to troubleshooting mailbox provider-specific email authentication failures. What you should do, and not do. Good advice, and you should click on through to check it out.

(BTW, Mickey Chandler's a smart guy. You should hire him.)

What is DKIM2? What do you need to know?

2026-04-21T07:30:00.021-05:00

There have been a few different blog posts, Linkedin posts, and email newsletters talking about DKIM2 lately. And oof, most of them seem to get one or more of the details wrong. People mean well, so let's forgive them -- this is a complex thing, and it's easy to misunderstand what's going on. But I think we need a bit of better info out there.

So, here I am, opening my own big mouth, explaining what DKIM2 is. The difference is, I'm actually one of the folks participating in the IETF working group process. I'm a little bit out on the edges in that I'm not necessarily writing code to define or unwind message-instance-tracked message modifications, but I'm observing what's going on, and doing so through the eyes of somebody with a strong email sender background.

In this short (5 minute) video (embedded above or find it on Youtube), for the latest episode of Valimail's "Your Email Authentication and Deliverability Questions Answered" video series, I focus on what senders need to know and care about when it comes to DKIM2. Keys aren't changing (at least not so far), and email senders might actually not need to make any significant changes at all. Let me walk you through what I know so far.

Super smart nerd friends may want to complain that I'm significantly oversimplifying things here and there in my description of intent and current state. If so, they're probably right! There's a lot of complex stuff here going on, and it is tough to condense it down to a short explanation. Forgive me in advance if I seem to gloss over something important.

And keep in mind that the specification is not yet finalized. Things are subject to change.

So keep that all in mind as you watch or listen to my explanation, and my email address is in the video, if you've got any feedback or additional questions that you'd like to bring to my inbox.

Now hiring: Adobe

2026-04-19T12:46:00.003-05:00

Adobe is looking for an email deliverability consultant! Could that be you? Maybe so, if you've got at least 2-4 years of email deliverability experience, outstanding presentation and communication skills, know your way around deliverability tools and are able to read deliverability data from internal data sources and third party tools.

Click on through to learn more and/or to apply.

I am told that this is a remote role, anybody in the US or Canada is eligible.

The Case for Reactivation (and Sunsetting)

2026-04-19T11:59:00.004-05:00

We often talk about the importance of "keeping a clean house" when it comes to deliverability. But list hygiene isn't just about bouncing bad addresses; it’s about managing the entire subscriber lifecycle to ensure mailbox providers see you as a sender people actually want to hear from.

Jessica Fern Hunt, a very smart deliverability consultant over at Twilio, recently shared a must-read post on LinkedIn regarding the "Case for Reactivation Campaigns."

Jessica highlights a truth that many marketers still struggle with: engagement is a deliverability signal. If you are carrying a large percentage of disengaged subscribers who haven't opened an email in six months, you aren't just paying to store dead weight. You are actively hurting your chances of reaching the inbox for your active subscribers. When mailbox providers see low engagement rates, they start to view your mail as "unwanted," and that’s a fast track to the spam folder.

Reactivation (or "winback," or "re-engagement") campaigns remain, in this modern era of increasing complexity around deliverability, a vital component of subscriber lifecycle management. If you want to maximize your inbox placement, you have to be willing to let go of the folks who have moved on.

Check out Jessica’s full post here for more insights on building a "genuine digital relationship" with your audience.

Weird DKIM failures? Check your header lengths

2026-04-09T13:33:00.003-05:00

If you’re running into issues with DKIM signatures failing when sending to Microsoft domains, but working fine elsewhere, one thing to check is that your various email headers aren’t too long or wrapped improperly. Postmark’s blog post from January touches on this very issue; ActiveCampaign’s Postmark platform previously generated list-unsubscribe headers that were quite long; so long as to cause a specific issue with DKIM email authentication at Microsoft.

Did the sending email platform violate the RFC by generating too long of headers? I’m not entirely sure, and that’s not really the point. Sometimes things can fall within the RFC requirements or guidelines just fine but still do not match the reality of how a mailbox provider has implemented things. The goal in sharing this info? Not to accuse either Postmark or Microsoft of doing something wrong, but to offer up a potential solution, some actionable advice, if you run into a similar issue.

Long story short, if you generate really long headers, like, in this case, the list-unsubscribe header, or possibly even others, and you’re seeing DKIM signatures failing to validate at Microsoft, shortening those headers is something you should consider testing. Postmark did, and it solved their problem.

And they were kind enough to share this with the world (here) – kudos to them!

Interview with Sam Masiello

2026-04-07T12:41:00.000-05:00

It was a pleasure to sit down for a special edition of the Valimail “Ask Al” video series for a Q&A with an old friend and industry veteran, Sam Masiello. Sam and I go way back to the early days of anti-spam and email security, but his career has since evolved into a security leadership role.

In our conversation, we trace Sam’s journey from hosting his own messaging network at age 13 to his involvement in the affinity email space. For those of us in the DMARC world, Sam’s history is particularly interesting: he was the first general manager of Return Path’s DMARC product, helping to bring that technology to market during its infancy. (I love talking to people about the history of the various technologies that are so important to protecting email today.)

He shares some great insights on the "fake it till you make it" moments of his career and the often-difficult transition from a purely technical expert to a C-level executive who must "speak the language of the business." We also took a bit of a detour into Sam’s life outside of the office, talking about basketball and volleyball officiating, and the positive impact it has had on his life and even his business skills.

Check out the full interview above (or here on Youtube) to hear more about Sam’s "snowball" philosophy on staying ahead of threats and his thoughts on using A.I. to manage the firehose of security data and keeping informed on the latest threats.

(And don’t forget to check out the whole Ask Al video series from Valimail, aka “Your Email Authentication and Deliverability Questions Answered,” over on Youtube!)

Relief for marketers? Washington email law amended

2026-04-05T08:00:00.021-05:00

If you've been following the legal landscape for email marketing, you're likely aware of the "litigation gold rush" happening in Washington State. Thanks to a strict interpretation of the Washington Commercial Electronic Mail Act (CEMA), even the smallest technical inaccuracies in a subject line could trigger a wave of lawsuits. (Mickey Chandler blogged about this back in February over on his Spamtacular blog. Smart guy. You should hire him. But I digress.)

Back to the law: There is finally some (relatively) good news to report. Recent amendments to the law have been signed into effect, aimed at curbing the predatory nature of these filings and providing a bit more breathing room for legitimate senders.

What changed? The update introduces two key shifts that help mitigate risk for email marketers:

Knowledge Standard: Liability now requires that a sender "knew or reasonably could have known" that a subject line contained false or misleading information.
Reduced Damages: Statutory damages have been lowered from $500 per violation to $100 per violation. While this can still add up to big money in a class action, it significantly lowers the "bounty" that has driven so many recent cases.

Others are saying yay, the problems with this law have now been addressed. I'm not so sure about that, in my layperson's view. The law still doesn't require a recipient to prove they were actually harmed or even that the misleading info was "material" to their decision to open the email.

And I feel like this law might be leading some law firms to salivate a bit; as recently it seems that a number of the ads I was seeing on social media seemed to be from law firms looking to invite email recipients to report violations, perhaps hoping that people will enable or join class action litigation.

But, still, smart folks are saying that this is an improvement.

For a deep dive into the specifics of these changes and what they mean for your compliance strategy, I highly recommend reading the full breakdown over at JD Supra:

Positive Industry Changes to WA's Email Law

Disclaimer: I'm not a lawyer, just a loudmouth blogger with an opinion.

When Gmail broke the rules: What a two-day glitch taught us about user intent

2026-04-04T08:30:00.014-05:00

Steven Lunniss, Director of Deliverability for email marketing provider Cordial, was able to answer a very important question back in January, thanks to an unexpected glitch.

The question: What happens to engagement and subscriber sentiment when your email messages are unexpectedly redirected from the promotions tab to the primary inbox?

The glitch: On January 24th and 25th, something went awry at Gmail. Google's filtering was suddenly placing messages in the primary inbox, where they would have been placed in the promotions tab (or maybe even the spam folder, depending on the sender).

The outcome: Engagement increased. But while engagement saw a lift, it wasn't much of a lift. And along with that engagement lift came an even greater boost in unsubscribes.

Steve calls this forced engagement. I think of it as a sender forcing messages in front of recipients that aren't always interested -- or when they are interested, they're interested on their own terms. (Meaning, they know where to go to find your emails when they're ready -- in the promotions tab.)

TL;DR, forcing your way to the primary inbox can have unexpected (and unhappy) consequences.

Read the whole story over on the Cordial blog.

Industry: Apple to enter B2B mailbox space, Amazon exits

2026-04-03T12:23:00.001-05:00

Here’s a quick update on recent comings and goings in the business mailbox provider space.

Amazon to wind down Workmail offering

Amazon just announced that they are shutting down their corporate mailbox solution Workmail. The service officially ends just about a year from now, on March 31, 2027.

Amazon announced Workmail back in 2015. I blogged about it then, but never really ran into it much between then and now. Not to say that it had absolutely zero adoption; I see amazonaws.com in the MX records of just over 14,000 of the top ten million domains, according to my January 2026 DNS snapshot. But I never really ran into it very much out in the deliverability world.

Updated Apple Business offering launches soon

At the same time, Apple has announced that they’ve got a new business mailbox offering. Starting April 14th, their updated “Apple Business” launches with new support for corporate email inboxes and more; combining email and calendaring into their device, domain and even brand management functionality. Meaning, I think that Apple Business Connect, which includes BIMI-like logo functionality, will be managed as part of this suite as well.

I have lots of questions. I read that the Apple offering will be free, but there’s free and then there’s free. I don’t think this is a standalone email service; will there be some sort of overall cost or verification requirement for a business to register – and what constitutes a business, if so?

And will this be hosted on the regular, existing iCloud mailbox infrastructure? Seems possible; it already does have calendar support and custom email domain support. Apple iCloud is lightly represented in the top ten million domains data today, with just over 5,500 domains pointing their MX records at icloud.com, according to my January 2026 snapshot.

I am looking forward to the upcoming April 14, 2026 launch date, so that I can investigate further and learn more about Apple’s new offering. Stay tuned.

DELIVTERMS: Hashbusting

2026-04-01T10:24:00.001-05:00

It is time to clarify another technical concept here on Spam Resource, in our series DELIVTERMS, where we decode email and related acronyms and terms, helping you better understand the messaging ecosystem that surrounds you. Today, the word we’re defining is: hashbusting.

If you have ever seen an email that ends with a strange block of gibberish, a string of random numbers, an unexpected excerpt from Mary Shelley's Frankenstein, or even invisible text hidden in the HTML, you have likely encountered hashbusting. It is an old-school spammer trick that some ignorant or unethical email marketers still use to try to outsmart modern spam filters.

What is Hashbusting?

At its core, hashbusting is the practice of inserting unique, randomized content (often, but not always, hidden from the recipient) into an email message. The goal is to ensure that every single message in a campaign is technically "unique." The hope is that spam filters (or categorization filtering) will be confused or overwhelmed, and less able to successfully fingerprint a bunch of messages accurately.

Historically, spam filters used content hashing to identify bulk mail. If a filter saw 100,000 identical messages, it was easy to flag them as a single bulk blast. By "busting" that hash with random strings of code or text, senders hoped to trick the filter into seeing each message as an individual, one-to-one communication.

Today, senders often use these "tricks" to try to force a specific result, such as:

Moving an email from the Promotions tab to the Primary inbox.
Trying to bypass a spam folder placement.
Avoiding "duplicate content" triggers (i.e. being flagged as bulk).

The Modern Version: Tab/Category Placement

Hashbusting goes way back; it used to be a very simple thing where spammers would append paragraphs of garbage text, sometimes from a dictionary file or public domain books, to the end of the email messages, to confuse filtering. With the modern version of this, the intent is generally more subtle.

“I can get you into the primary inbox!” “Never land in the promotions tab again!” Buy my tool, buy my service. You’ve probably seen these, the loud, self-described deliverability experts on Linkedin, crowing about how they’ve “cracked the code” and that they’ll give you special code that unlocks a guaranteed path to the primary inbox, with every send. Except...

They don’t work. Or rather, sometimes, they do work. Until they don’t work any more. It’s an arms race. They found a way to trick the filters. Today. The filters will very likely catch up tomorrow. It is not sustainable.

And It’s a Bad Practice

While it might sound like a "clever hack," hashbusting is actually a big ole’ red flag. Avoid it, because:

Mailbox Providers See Through It: Modern filters at Gmail, Microsoft, and others are incredibly sophisticated. They don't just look at the "hash" of a message; they look at sender reputation, engagement patterns, and infrastructure. If a filter catches you using hashbusting techniques, it is a clear signal that you are trying to manipulate the system.
Negative Reaction: When a mailbox provider (MBP) notices you are intentionally trying to obfuscate your content, they take a dim view of it. Instead of getting your mail into the inbox, you are more likely to earn a "suspicious sender" label or other special, unhappy treatment, which can lead to aggressive filtering or outright blocking.
It Looks Unethical: From a brand perspective, hashbusting is a bad look. It suggests that your content isn't strong enough to earn its way into the inbox on its own merits. Instead of building a relationship based on permission and value, you’re resorting to "black hat" tactics.

The Better Path

Resorting to tricks and hacks to get email delivered is rarely a winning strategy. If you have to hide random code in your footer to get past a filter, you don't have a deliverability strategy. You’re just playing a risky game.

Authentic brands don't need to hide. High deliverability comes from sending wanted messages to engaged subscribers from a properly authenticated email domain. Focus on those well-known best practices for long term success. Avoid busting hashes.

Want to learn more about email technology and deliverability terminology? For more definitions like this, check the DELIVTERMS section here on Spam Resource.

Dan Stevens: Why I Built a Flat-Rate ESP in 2026

2026-03-23T07:00:00.001-05:00

My friend Dan Stevens (who founded email verification platform Kickbox and hired me there once upon a time) has rejoined the email community! After seeing him announce unMTA, I invited him to author a guest post here to share thoughts about his new venture and what his goals are. Take it away, Dan!

Here's what pisses me off about traditional ESP pricing: it's built for the generic sender… circa 2009. If there are two things I've learned in my years in email, it's that not all senders are the same, and it's not 2009 anymore.

Seventeen years ago, the cost of operating an ESP at scale was legitimately expensive. Hardware was expensive. Bandwidth was expensive. The pricing models reflected that. But infrastructure costs have come down dramatically, and the pricing hasn't followed. The margins on per-message fees at most ESPs are, frankly, obscene.

The worst part is what that model actually subsidizes. Running a shared sending platform means dealing with senders who cut corners, buy lists, or "accidentally" mail a segment they shouldn't have. That costs the platform in reputation, in remediation, in support. And who pays for that? The good senders, through inflated per-message pricing that has to cover the operational cost of cleaning up after the bad ones. You're not just paying to send your mail. You're paying for the platform's abuse desk.

Meanwhile, shared sending infrastructure means your reputation is tangled up with whoever else happens to be on the same IPs. You can do everything right and still take a deliverability hit because your neighbor decided to blast a purchased list on a Tuesday afternoon.

These aren't new complaints. But I got tired of just complaining about them.

Infrastructure is the hard part

A Mail Transfer Agent (MTA), even a great one, is just an MTA. It's the infrastructure around it that transforms it into an ESP.

unMTA is built on KumoMTA, which handles the core MTA piece incredibly well. It's fast, flexible, and free. But a great MTA and a full ESP are still very different things.

BYOIP and BGP. PTR records across hundreds of IPs. DKIM management. IPv6 configuration. Per-customer isolation. IP warming. Bounce processing. Monitoring. DNS architecture for SPF, DKIM, and DMARC. Feedback loop processing. The list goes on, and every item on it is load-bearing. Miss one and your deliverability suffers.

Email infrastructure is a pain no matter how you slice it. I've done it. It's a full-time job, and that's if you already know what you're doing. If you're a sender evaluating build vs. buy, the build side is almost always more expensive and time-consuming than you expect going in. I've watched teams burn six figures and six months trying to stand up what they thought would be a straightforward sending operation.

unMTA sits on the buy side of that equation. You get the control and isolation of running your own infrastructure without the operational burden of actually running it.

What unMTA is

Every unMTA customer gets their own dedicated MTA (or MTA cluster), running on modern, fast hardware and networks.

The IPs are unMTA's, purpose-acquired address space, not inherited from some previous webhost tenant. Full IPv6 support. Proper authentication configured from the start. Nobody else is on your IPs.

That said, dedicated IPs within a shared CIDR aren't invisible to each other. Mailbox providers evaluate reputation at the range level, not just the individual IP. Dedicated IPs are better isolation than a shared sending pool, but they're not the same as having your own ASN and disconnected address space. This is why we're choosy about who we let on the network. The unMTA team manages and monitors who sends on our infrastructure the same way we manage the network itself. If your next-door neighbor is blasting a crypto scam, dedicated IPs don't help, so we don't let that neighbor on in the first place.

The pricing is flat-rate, unmetered. Just like it would be if you were running this in your own data center: nobody is charging you per message. Your throughput is limited by the hardware (which is fast) and the speed the receiving mail servers will accept your mail. That's it.

Who this is for

unMTA is for senders doing hundreds of thousands to hundreds of millions of messages per month who've hit the ceiling of shared infrastructure. Maybe you're on a major ESP and you're tired of your reputation being influenced by other senders on the platform. Maybe you've looked at building your own and realized the operational cost doesn't make sense. Maybe you're an agency and you need to put clients on isolated infrastructure without standing it up yourself.

This is not a platform for lead gen. It's not for cold outreach to purchased lists. It's not for anyone who thinks "unmetered" means "send whatever I want to whoever I want." That's not us being picky for the sake of it. It's a direct consequence of the architecture.

What I expect to learn

The unmetered model is something I believe in, and it's also something I know could be a Pandora's box if not managed carefully.

When you remove the per-message cost lever, you change sender behavior. Much of that change is positive. But some of it requires guardrails. Unmetered doesn't mean unmanaged. We're building this for senders who already have good practices, not for people who need the threat of a bill to keep them honest.

I'm also curious what the market teaches me about where the real pain points are. I've been in this industry long enough to have strong opinions, but also long enough to know that strong opinions need to get tested against reality. Some of my assumptions will be right. Some won't. I'd rather build in the open and adapt than pretend I've got it all figured out from day one.

If any of this resonates, I'd love to hear from you. You can find us at unmta.com.

Choosing the Right Subdomain

2026-03-21T14:08:15.530-05:00

What happens if you choose the wrong subdomain? Does everything explode and the submarine sinks to the bottom of the ocean? Not really, but there are indeed some considerations around choice of subdomain for your various types of email messages.

I recently tackled this topic in my Valimail "Ask Al" video series. If you're the type of person who prefers to watch and listen rather than read, I’ve embedded the video here for you. Or, if you’re all about that written content, stick with me and we’ll dive into it together below.

And this is a question I get surprisingly often. IT administrators frequently need to configure a specific subdomain to point toward an Email Service Provider (ESP). Sometimes the platform requires it for technical reasons; other times, it’s just a best practice for organization and auditing.

But before we talk about what to pick, we have to talk about what not to pick.

Avoid Lookalike Domains

I cannot stress this enough: Stay away from cousin domains or lookalikes. If your main domain is example.com, consider:

Real subdomains: e.example.com, m.example.com, news.example.com, potato.example.com.
Lookalike/Cousin domains (avoid): example-email.com, examplemail.com, marketing-example.com, example.net.

Why does this matter? When you use a lookalike domain, you are training your customers to trust something that is "almost" your brand. You are effectively lowering the bar for phishers and bad actors who love to spin up convincing "close-but-not-quite" domains. Stick to your actual organizational domain. Your real domain.

There are a lot of lookalike domains configured in various email service providers today. That’s usually because a lot of those configurations were initially set up years ago, and nobody has gone back to update it since. Remember that just because you see it out in the wild, does NOT mean it’s still a best practice.

Why Use a Subdomain at All?

If you're wondering why you can't just send everything from your top-level domain (example.com), there are three big reasons:

Clarity and Auditing: Using e.example.com for marketing makes your logs and tracking much cleaner. You’ll always know exactly where that traffic originated.
Technical Necessity: Many ESPs require a dozen or more DNS entries. If you try to put these at the top level, they often conflict with existing records (like your website or corporate email). A subdomain gives you a "clean room" to work in.
Reputation Segmentation: A subdomain provides a buffer. While spam filters are smart enough to link a subdomain to the main organizational domain, having a dedicated subdomain for bulk mail can help insulate your critical corporate/executive communications if your marketing reputation takes a temporary hit.

But, ultimately, YMMV. If it’s possible to send as the top level of your domain, and authenticate everything correctly, that’s not inherently evil. Especially if you’re a small sender and not juggling a bunch of different email send platforms. So, keep all of this in mind and decide on what makes the most sense for you.

Naming That Subdomain

When it comes to the actual name, keep it flexible and neutral.

Don't Box Yourself In: Avoid names like marketing.example.com or sales.example.com. What happens when you start sending transactional receipts, product updates, or customer education from that same platform? Suddenly, a "marketing" label feels inaccurate.
Avoid "Spammy" Keywords: This should go without saying, but don't use blast.example.com or spam.example.com. You don't want a recipient to look at the "From" address and immediately think "unwanted junk."
Keep it Short: Mobile email client real estate can be limited. Shorter subdomains might actually look cleaner in the "From" field. My guidance? Go for choices like m.example.com, e.example.com, or msg.example.com.

Related Bits and Bobs

Once you’ve picked your subdomain name, you’re not quite done. There are a few other things you should keep in mind.

Warm It Up: You cannot go from zero to 100,000 emails overnight on a new subdomain. You need a controlled ramp-up plan. (I highly recommend checking out Jennifer Nespola Lantz’s guide to IP warming for the specifics).
Watch Your DMARC Records: Some ESPs will automatically create a DMARC record for your new subdomain. I've seen cases where they set it to p=reject without an aggregate reporting (RUA) address. If this happens, it can mess things up. If you see a conflicting record, ask your ESP to remove it.
Google Postmaster Tools: Don't forget to register the new subdomain here. It’s the best way to get direct feedback from Gmail regarding your reputation and complaint rates.

There you have it. Not too complicated, I hope. Just remember to use your real domain, pick something short and simple, and remember to configure everything and warm it up properly.

And don't forget to follow my Ask Al video series (aka "Your Email Authentication and Deliverability Questions Answered). Find it here on Youtube.

Podcast Fun: 175 Years of Email Experience (and counting)

2026-03-19T16:58:33.424-05:00

I recently sat down with a bunch of new friends to sit for a podcast recording. The podcast, Email’s Not Dead, is “about how we communicate with each other and the broader world through modern technologies.” Joining me on this adventure? Jonathan Torres, Eric Trinidad, Thomas “T-Bird” Knierien, and Alison Gootee, all from Sinch Mailgun.

We covered everything from the "scary" side of AI summaries to the positive trust signals of BIMI.

That included touching on helping marketers work their way through the “freak out” around those A.I.-generated email summaries, where and how things can go wrong, and why not everybody wants a robot in their inbox.

We also talked about cutting through the misconceptions some marketers have around being “owed” placement in the primary inbox. Hacks are bad; respect the network. How those hacks bite you and what the path is to real long term inbox success.

And finally, we talked about BIMI, the inbox logo standard that builds on email authentication and trust. What is it, how it helps boost engagement, and adoption trends over time.

Whether you want to hear about my first double opt-in email in 1998 or why I’m currently "doing weird stuff with data" at Valimail, you can catch the full episode over on the Sinch Mailgun website.

Thanks to the friendly friends at Sinch Mailgun for inviting me on to chat with them. I had a blast! I hope folks enjoy listening to our discussion.

Cool Tool: Sender Audit by Simon Bressier

2026-03-18T12:00:00.000-05:00

Looking for an easy way to validate that your email is configured correctly? While technical compliance is only part of the deliverability equation (don’t forget our old friends reputation and engagement), it’s still very, very important to make sure you get it right: DNS configured correctly, authentication and headers, too. Sender Audit is a tool that can help you with that, and more! Created by Simon Bressier, this free web-based utility provides a comprehensive health check for your email sending infrastructure.

Sender Audit acts as a "pre-flight check" for your emails. By sending a single test message to a unique address generated by the site, the tool performs a deep-dive analysis of your technical configuration and content.

Authentication Validation: It verifies that your SPF, DKIM, and DMARC records are not only present but correctly configured according to the latest RFC standards.
Blacklist Monitoring: The tool automatically checks your sending IP and domain against major industry blacklists to ensure you aren't being blocked before you even hit "send."
Anti-Spam Filter Simulation: Using industry-standard engines like SpamAssassin and Rspamd, Sender Audit shows you exactly how recipient servers perceive your mail. It flags common issues like suspicious tracking pixels or formatting errors that trigger spam filters.
DNS Hygiene: It ensures your DNS syntax is perfect, helping you avoid the small technical "gotchas" that often lead to hard bounces.

Unlike some overly complex enterprise tools, Sender Audit is straightforward and fast. It gives you a clear "Pass/Fail" look at your deliverability health, making it an essential resource for small business owners, marketers, and mail administrators who want to ensure their messages actually reach their audience.

Head on over to the Sender Audit website to test your emails today!

Meet Jason Morrow, Senior Email Designer & Developer

2026-03-17T16:58:02.063-05:00

Hey, you! Are you looking for work? It’s rough out there, I know. I want to help, if I can. Every now-and-then I’m going to share a post that highlights the name and focus areas of a smart expert in the email space who is looking for work. My goal is to assist with a bit of extra exposure and maybe, if we're lucky, it could even bring potential job leads. Want in? Contact me.

Today, I’m featuring Jason Morrow! Wondering what Jason can do for you? Read on! -- Al Iverson

If you’re looking for someone who can both design and build email — and understands the realities of rendering quirks, dark mode behavior, modular systems, and scalable architecture — Jason is worth a conversation.

Jason brings 10+ years of experience creating visually compelling, conversion-focused email programs across acquisition, onboarding, retention, and lifecycle marketing. Most recently at The Washington Post, he led responsive HTML email design and development in high-volume environments — translating strategy into modular systems that were visually polished, technically precise, and built to perform consistently across Outlook, Gmail, Apple Mail, and mobile clients.

He’s equally comfortable shaping typography and hierarchy in Figma as he is hand-coding table-based layouts with inline CSS. From dynamic content implementation in Iterable to cross-client QA in Litmus, Jason blends strong visual craft with engineering rigor.

He’s currently exploring new remote opportunities across:

Email design & development
Lifecycle / CRM execution
Digital campaign production
Performance-driven creative (email + paid social)

If your team needs someone who understands both the creative vision and the technical execution — and can move quickly without sacrificing quality — Jason would love to connect.

Find him on LinkedIn here, or visit jasonmorrow.com to see his portfolio and learn more.

Friday Fun: Clint Eastwood by Gorillaz

2026-03-13T09:11:00.005-05:00

Well, since this song was originally released (in 2001) the future has indeed been movin' on. I don't know that I have any sunshine in a bag, but even lacking that, it was still great fun to see Gorillaz on SNL last week, and I rather enjoyed this little bit of time travel back to their first album, which was released (checks notes) twenty five years ago! Hope you enjoy the beat.

Fun with Gmail Tabs via IMAP

2026-03-11T07:00:00.015-05:00

Like Gmail tabs? Want their categories to trickle down into your email client, if you’re not using Gmail's email client? Do you ever wish that the categories would show up as IMAP folders in Thunderbird? If you’ve answered yes to any of these questions, this clever hack might be the one for you.

As noted here and elsewhere, Gmail tabs aren’t directly exposed to IMAP. There is no “Promotions” folder that shows up automatically when using a third party email client. Unless…you do this!

Just create a filter for each category match, and map it to a particular label. Create the labels as needed, and now those will map to folders in your email client.

Matches: category:Purchases
Do this: Apply label "Tabs/Purchases"
Matches: category:Reservations
Do this: Apply label "Tabs/Reservations"
Matches: category:Forums
Do this: Apply label "Tabs/Forums"
Matches: category:Updates
Do this: Apply label "Tabs/Updates"
Matches: category:Promotions
Do this: Apply label "Tabs/Promotions"
Matches: category:Social
Do this: Apply label "Tabs/Social"
Matches: category:Primary
Do this: Apply label "Tabs/Primary"

This can also come in handy if you’re an email geek like me, who signs up for a bunch of email marketing messages and/or newsletters, and you want to see where they’re landing.

Have fun!

Litmus Live Recap: Where are we headed in 2026?

2026-03-09T15:47:00.008-05:00

I had a lot of fun joining Validity's Guy Hanson and Danielle Gallant recently, in our Litmus Live session, where we spoke to the topic of where email marketing is headed in 2026. And we covered a lot in that 30 minutes: deliverability trends, AI in the inbox, the future of metrics, and what creative changes marketers should expect this year.

A few themes came up again and again: Deliverability is not getting easier. AI summaries in inboxes like Gmail are going to force marketers to rethink what makes an email worth reading. Metrics are getting fuzzier as opens become less reliable. And AI tools are making it easier than ever to generate email code that looks good at first glance but may break across real inboxes.

The full session video is embedded above and also available on YouTube if you want to watch the whole discussion. Enjoy!

(Thank you Guy, Danielle, and the Validity team for the invite! This was a great discussion.)

Yahoo Mail: Reducing storage?

2026-03-06T07:00:00.000-06:00

Back in September 2025, I posted about receiving notice from Yahoo that they were apparently reducing the amount of space granted to Yahoo Mail user mailboxes from 1 terabyte to 20 gigabytes. (In hindsight, I now realize that this specific new limit might be US-specific.) While a lot of email senders were concerned about this change, wondering if it will result in more bounces due to full mailboxes; things did seem to work out find. The world, as it turned out, did not end.

Fast forward to now ... or at least, to a few weeks ago, when Simon Harper (publisher of the great All About Email newsletter) posted that he had received notice in his own (UK-based) Yahoo mailbox that overall space allocated for his account would be reduced to 15 gigabytes.

As he notes in his Linkedin post, he came to learn that this wasn't a new or additional reduction of available storage; it was clarified to him that this was just a part of the ongoing rollout of storage space adjustment across the global Yahoo Mail ecosystem.

TL;DR? Yahoo isn't yet again reducing available storage for Yahoo Mail mailboxes -- but part of the originally announced storage adjustments may still be rolling out, and these new storage limits may vary by different geographics regions or countries.

Is email broken right now?

2026-03-02T09:30:00.000-06:00

January and February were not kind to many email senders and mailbox providers. Glitches were to be found and experienced. Google accidentally misclassified a bunch of emails at one point. Yahoo and Apple seemed to be accidentally rejecting non-spam messages for a time. And Microsoft definitely had a higher-than-usual number of issues reported by senders. Indeed, Microsoft acknowledged that something is up by adding a warning banner across the top of their sender support form at some point in February.

And that’s just four mailbox providers. But, significant ones, the biggest ones, the “MAGY” top tier.

But, does it mean that email is busted? No, I don’t think that it does.

Glitches come, glitches go

If you’ve been doing this long enough, you know that glitches happen. We might have had a slightly rougher than usual couple of months – maybe. But every one of these mailbox providers, and many others, have accidentally blocked people before. I can think of a couple of times in the past that Gmail glitched enough to reject mail to legit recipients with “user unknown” errors. (Cleaning that up in the bounce logic of the email marketing platform I worked on was a challenge!) Just doing a quick scan of my own blog, shows that in the past few years, I’ve blogged about: iCloud private relay issues. Yahoo inbound delivery delays. Microsoft throwing 451 4.7.500 server busy delays. SNDS verification emails not sending. FBL emails not sending. GPT downtime. Broken spam filters. Unexplained IPv6 deferral issues. And more.

It is not just mailbox providers, either. I’ve seen Spamhaus accidentally typo which IPs they’re blocklisting, and I’ve seen other blocklists break DNS badly enough to unintentionally, but effectively, “blocklist the whole world.”

In other words, receiving mail at scale is tricky and has more moving parts than you will ever imagine.

We all have issues

If you’re a big email sender, you already know that email is tricky from your side. Especially if you’ve ever emailed the wrong list. Messed up segmentation. Accidentally forgot to apply the exclusion list. Dug too deep into an old database. Sometimes you’ve hit the wrong button. I know I have, and not just that one time where I accidentally sent a client’s test email to the full database of 80,000 people.

We’re human, we err on occasion, and even if we’re not making an error, we might be making a choice in execution that somebody else might not agree with. Or we’re testing a hypothesis to see how it works out. Some things have to be tested in the real world. Sometimes, code must be tested in production.

The new reality: It is getting harder

Email, overall, is getting more complex, and mailbox providers, in their increasing efforts to keep the really bad stuff out of the inbox, are becoming more restrictive about what you must do (and must not do) to get your wanted mail to the inbox. Email auth is a must. Broken infrastructure is no longer allowed. Spammers enter at your own risk. Bad guys are launching badder and badder threats at the inbox at lightning speed, thanks to A.I.

So, systems must continually be hardened. And as those systems are hardened, the more likely it is that a few innocent bystanders could get caught up in it all, along the way.

Which means ... sender requirements are evolving, are tightening. Be careful and be sure to keep up.

And it also means ... glitches happen sometimes. That evolution requires change and updates and updates are made by humans, and humans occasionally make mistakes.

Yahoo: New sending IP ranges

2026-03-01T07:00:00.017-06:00

Yahoo has added new, additional sending IP addresses for their outbound email, as they recently announced on the Mailop list and elsewhere.

Head on over to the “Outbound Mail Servers” page on the Yahoo Sender Hub, or pick apart their SPF record, to find the most up-to-date list of their sending IP ranges.

In what context does this matter? It is perhaps not as important for email senders, but for those running spam filters and blocklists, either standalone or in the context of a mailbox provider, many folks often create and cache mailbox provider-specific allowlists for various reasons; sometimes to exempt large domains from certain types of blocking. Meaning, a list of all of Yahoo's sending IP addresses might be useful for somebody looking to special case mail from Yahoo Mail. It's something I did myself back when running a blocklist, not wanting to needlessly trigger listings of large, shared infrastructure in use by one of the top webmail providers.

Wondering what domains Yahoo Mail hosts email inboxes for? I’ve got a list of most of them here.

Dead domain: goo.jp

2026-02-28T06:00:00.012-06:00

If you're sending mail to subscribers in Japan, you need to know that the Goo mail service is no more.

Goo has been around rather a long time. Owned by NTT Docomo, it has existed in some form or another since May 1999, though I'm not exactly sure when email service was first provider.

And now, it's shutting down. As Docomo indicates here, users of the goo.jp email domain will no longer have access to those mail accounts as of February 26, 2026. In theory mail to those subscribers will be rejected; and there's no mention of an email forwarding option. Even if mail does not bounce back, email senders may want to suppress this domain going forward, as it sounds like it'll be for naught.

The state of DMARC in 2026

2026-02-27T06:00:00.007-06:00

Are you curious about the current state of DMARC in 2026? Want to learn more about the adoption of email authentication and domain protection, who out there are putting their best foot forward to prevent phishing and spoofing of their important email domains? It's something that I am most definitely curious about! So, as a fun project for Valimail, we've published an updated "State of DMARC" report. This report covers a dozen different industries:

Arts and Recreation
Education and Training
Financial Services
Health Care
Higher Ed
Information Technology
Manufacturing
Marketing, Consulting and Services
Online Retail
Transportation and Logistics
Travel & Hospitality
US Government

And for each industry, we break down the current rate of DMARC adoption (and policy) across the top X domains in each. (X varies, based on how deeply we were able to identify top entities in each segment.) This leads to an overall snapshot based on more than 14,000 domains, that we're able to slice and dice to identify what types of companies best understand DMARC, and which ones have further to go before reaching domain protection parity.

If you're a data nerd like me and curious how this all shakes out, please head on over to the report to unlock and review the entire thing, for free.

Microsoft rate limiting issues?

2026-02-26T15:51:00.001-06:00

Seeing rate limiting deferrals at Microsoft OLC (Outlook Consumer/Hotmail) domains?

Specifically with this error message: 451 4.7.650 The mail server [IP Address] has been temporarily rate limited due to IP reputation. For e-mail delivery information, see https://aka.ms/postmaster (S775)

If so, it might not just be you. Many email senders are reporting issues as of late, and Microsoft has updated their email sender support request form with this note: “We are aware of an issue that may result in certain IP addresses being temporarily rejected at higher rates. We are actively investigating the issue. Please continue to submit tickets if you are experiencing this problem.”

Thus, per their recommendation, do continue to submit a ticket if you’re having trouble delivering mail, if you're seeing what seems to be unexpected reputation-related rate limiting when sending to Microsoft-hosted mailboxes.

I’m not sure if this is only specific to error code S775, so that’s a question I can’t answer at the moment.