Module 2 · Chapter 1

How email deliverability works

10 min read

When you click "send," your email does not teleport into the recipient's inbox. It passes through a chain of servers, checks, and filters — each one deciding whether to pass it along, flag it, or reject it entirely. Understanding this journey is the foundation of deliverability.

This chapter walks through every step an email takes from the moment you hit send to the moment it appears (or does not appear) in your prospect's inbox. Once you understand the system, the rest of this module — SPF, DKIM, warm-up, inbox rotation — will make intuitive sense.

The journey of an email in seven steps

Step 1: Compose and send

You write your email in a client (Gmail, Outlook, or via your outreach platform). When you click send, the email client connects to your email provider's outgoing mail server. This server is called the Mail Transfer Agent (MTA). Think of it as the post office that accepts your letter and routes it to the right destination.

At this point, your email provider may already apply its own checks. Google Workspace, for example, has sending rate limits. If you try to send 2,000 emails in an hour from a single Gmail account, Google will throttle or temporarily block your sending ability.

Step 2: DNS lookup

Your MTA needs to figure out where to deliver the email. It looks up the recipient's domain (the part after the @ sign) in the Domain Name System (DNS). Specifically, it queries the MX (Mail Exchange) records to find the mail server responsible for receiving email for that domain.

For example, if you are emailing [email protected], the MTA queries DNS for acme.com's MX records and gets back something like "mail.google.com" (if they use Google Workspace) or "outlook.com" (if they use Microsoft 365).

Step 3: Connection to recipient server

Your MTA connects to the recipient's mail server using the SMTP (Simple Mail Transfer Protocol) protocol. This is a handshake: your server says "I have an email for [email protected]," and the recipient's server decides whether to accept the connection.

Right here, the first layer of filtering happens. The recipient's server checks your sending IP address against known blacklists (like Spamhaus, Barracuda, and SpamCop). If your IP is blacklisted, the connection is refused and the email bounces. This is why sending from shared IP addresses (common with cheap email providers) can be risky — someone else's bad behavior can land your IP on a blacklist.

Step 4: Authentication checks

Once the connection is accepted, the recipient's server runs authentication checks. These are the big three: SPF, DKIM, and DMARC.

  • SPF (Sender Policy Framework): Checks whether the sending server is authorized to send email on behalf of your domain. It is like a bouncer checking if you are on the guest list.
  • DKIM (DomainKeys Identified Mail): Verifies that the email content has not been tampered with in transit. It is a digital signature that proves the email is authentic.
  • DMARC (Domain-based Message Authentication, Reporting, and Conformance): Tells the recipient's server what to do if SPF or DKIM fail. Quarantine it? Reject it? Do nothing?

We will set up all three in the next chapter. For now, just know that failing these checks is one of the most common reasons cold emails end up in spam — and it is entirely preventable.

Step 5: Spam filter analysis

After passing authentication, the email hits the spam filter. This is where things get sophisticated. Modern spam filters (especially Google's and Microsoft's) use a combination of signals to assign a "spam score" to every incoming email:

  • Sender reputation: Based on the sending domain's history. New domains with no history start with a neutral or slightly negative reputation.
  • Content analysis: Scans for spam trigger words, suspicious links, heavy HTML, and patterns associated with bulk email.
  • Engagement history: Do recipients typically open, reply, or mark as spam? Gmail in particular uses engagement signals heavily — if your previous emails were ignored or marked as spam, future emails from you are more likely to be filtered.
  • Sending patterns: Sudden spikes in volume, sending at unusual hours, or sending identical content to many recipients all raise red flags.

Key insight

Spam filters are not a single gate you pass or fail. They assign a cumulative score based on dozens of signals. Your goal is not to "beat" the filter but to accumulate enough positive signals (good reputation, authentication, engagement) that the negative signals (new domain, cold outreach) are outweighed.

Step 6: Inbox placement

Based on the spam score, the recipient's mail server makes one of four decisions:

  • Primary inbox: The email lands front and center. This is where you want to be.
  • Promotions/Updates tab: In Gmail, emails deemed promotional land in the Promotions tab. Open rates here are 50–70% lower than the Primary tab.
  • Spam folder: The email is delivered but hidden. Most people never check spam.
  • Rejected/bounced: The email is refused entirely. It never reaches the recipient's server.

Step 7: Recipient engagement

The story does not end at delivery. What the recipient does with your email feeds back into the system. Opens and replies signal to email providers that your messages are wanted. Marking as spam signals the opposite. This creates a feedback loop: good engagement improves your reputation, which improves future deliverability, which leads to more engagement.

This feedback loop is why warm-up works (more on that in Chapter 5) and why sending to unverified lists is so destructive. Every bounce, every spam complaint, and every ignored email erodes the reputation you are building.

The three pillars of deliverability

Now that you understand the journey, you can see that deliverability rests on three pillars:

Authentication

SPF, DKIM, DMARC prove you are who you say you are

Reputation

Domain and IP history determine how providers treat you

Content

What you send, how you format it, and how recipients engage

Each pillar is necessary but not sufficient on its own. Perfect authentication with a terrible reputation still lands in spam. Great content sent from an unauthenticated domain gets filtered. You need all three working together.

Why deliverability is harder for cold email

Cold email faces an inherent deliverability disadvantage compared to marketing email or transactional email:

  • No prior relationship. Recipients have never received email from you before, so there is no positive engagement history.
  • New domains. Cold outreach best practice is to use dedicated domains, which means starting with zero reputation.
  • Higher spam complaint rate. Some recipients will mark your email as spam simply because they did not ask for it.
  • Volume patterns. Sending to many unique recipients who have never interacted with you looks similar to spam behavior.

This is exactly why the rest of this module exists. The techniques we cover — authentication, domain setup, warm-up, rotation, and monitoring — are designed to overcome these disadvantages systematically.

Watch out

Deliverability is not a "set it and forget it" task. Email providers constantly update their algorithms, blacklists change, and your reputation fluctuates based on ongoing sending behavior. Treat deliverability as an ongoing practice, not a one-time setup.

In the next chapter, we will set up the authentication layer — SPF, DKIM, and DMARC — step by step. These three records form the foundation of everything else in this module.