Deliverability Case Study: "Every Mail You Make"
This haunting parody of The Police's stalker-anthem-turned-wedding-staple reframes the obsessive surveillance of "Every Breath You Take" as the unblinking gaze of mailbox providers watching every move a sender makes. The narrator isn't a jealous ex — it's Gmail, Yahoo, and Microsoft, quietly logging your authentication failures, your bounce rates, and your unsubscribe friction. The song's melancholy works because it's true: in modern deliverability, you really are being watched, and the filters never forget.
Here is the technical breakdown of the surveillance, signals, and survival tactics woven through the song:
Verse 1: Authentication and the Watchful Eye
"Every SPF, every DKIM key you make / Every alignment break, every DMARC you fake / I'll be watching you"
- The Deliverability Context: The opening verse establishes the foundational trio of email authentication. SPF (Sender Policy Framework, RFC 7208) authorizes which IPs can send on behalf of your domain; DKIM (DomainKeys Identified Mail, RFC 6376) cryptographically signs your messages; and DMARC (RFC 7489) ties them together with an alignment check and a published policy. Mailbox providers genuinely do watch every one of these signals on every message.
- The "Alignment Break" Detail: DMARC requires that the domain in the visible "From" header aligns with either the SPF return-path domain or the DKIM
d= domain. Relaxed alignment permits subdomain matches (e.g., mail.brand.com aligning with brand.com); strict alignment requires exact matches. A break here means DMARC fails even when SPF and DKIM individually pass.
- The Fix: Publish DMARC at
p=none first to gather rua aggregate reports (via tools like Postmark DMARC, Dmarcian, or Valimail), identify legitimate sources failing alignment, then progress to p=quarantine and eventually p=reject. As of February 2024, Gmail and Yahoo bulk sender requirements mandate at least p=none with proper alignment for senders exceeding 5,000 messages/day.
Verse 2: Spam Filters and the Silent Judgment
"Every link you cloak, every header you wrote / Every reply-to spoof, every preview you quote / I'll be watching you"
- The Deliverability Context: Modern spam filters are no longer simple keyword scanners — they're machine learning systems evaluating hundreds of signals per message. Gmail's filter ingests engagement history, content embeddings, URL reputation (cross-checked against SURBL and URIBL on every link), header consistency, and historical complaint data tied to your domain.
-
URL Cloaking: Wrapping destination URLs in tracking redirects is normal, but if the redirect domain has poor reputation or chains through known-abused shorteners, the entire message inherits that taint.
-
Reply-To Mismatches: A
From of
news@brand.com paired with a
Reply-To pointing to a free webmail address is a classic phishing signature and will tank your content score.
- The Strategy: Monitor Google Postmaster Tools daily for domain reputation (Bad/Low/Medium/High) and spam rate. Keep user-reported spam below 0.10% — Gmail's warning threshold — and never let it touch the 0.30% danger zone, where filtering becomes severe and often irreversible for weeks.
Verse 3 & Bridge: List Hygiene and the Long Memory
"Since you sent to traps my list has lost its name / I keep bouncing, bouncing, bouncing, bouncing / Please suppress them"
- The Deliverability Context: Spam traps come in three flavors, each diagnosing a different hygiene failure. Pristine traps (addresses never opted in) catch list purchasers. Recycled traps (long-abandoned addresses repurposed by ISPs) catch senders who refuse to sunset unengaged subscribers. Typo traps (e.g.,
gmial.com) catch senders skipping real-time validation at signup.
- The Anti-Bounce Tactic: Hard bounces (5xx permanent rejections like
550 5.1.1 no such user) must be suppressed immediately and forever. Soft bounces (4xx deferrals) warrant retry with exponential backoff, then suppression after 3–5 consecutive failures or 72 hours.
- The Resolution: Implement a sunset policy — suppress subscribers with zero opens or clicks for 90–120 days, ideally preceded by a re-engagement campaign. Pair this with one-click unsubscribe (RFC 8058 with
List-Unsubscribe-Post), now mandatory for bulk senders to Gmail and Yahoo.
The filter never sleeps, never forgets, and never forgives carelessly — but it does forgive consistency, and every clean send is a quiet promise kept.
Every mail you make, every send you take, every list you shake — they'll be watching you. Mailbox providers monitor every signal your campaigns generate, from authentication headers to subscriber engagement, building a reputation profile that determines whether your next email lands in the inbox or the spam folder. The good news? When you know what's being watched, you can make every send count. Here's how to ensure every mail you make builds trust instead of suspicion.
Every Header You Fake, They'll Be Watching You
Authentication is the foundation of modern deliverability. Without it, you're a stranger knocking on the inbox door — and in 2024, that door stays firmly shut.
- Deploy SPF Without Breaking the 10-Lookup Limit: Sender Policy Framework (SPF) declares which IP addresses can send on behalf of your domain via a DNS TXT record. Watch your
include: mechanisms carefully — exceeding 10 DNS lookups triggers a permerror and silently invalidates your SPF entirely. Use SPF flattening tools or consolidate vendors when you approach the limit.
- Sign Everything With DKIM (2048-bit): DomainKeys Identified Mail (DKIM) cryptographically signs your messages with a private key, while receivers verify against a public key in your DNS. Use 2048-bit keys (1024 is considered weak), publish unique selectors per sending stream, and rotate keys at least annually.
- Enforce DMARC With Real Policy: Domain-based Message Authentication, Reporting, and Conformance (DMARC) ties SPF and DKIM to your visible From domain via identifier alignment. Start at
p=none to collect aggregate reports via the rua tag, then progress to p=quarantine and p=reject once your legitimate streams are passing. Without enforced DMARC, you can't qualify for BIMI logo display either.
Every Spam Trap You Take, Every List Mistake
Modern spam filters use machine learning trained on engagement, complaints, and trap hits. One bad batch can poison months of reputation work.
- Never Email a Purchased or Scraped List: Pristine spam traps are addresses that never opted in to anything — they exist solely to catch list buyers. A single hit on a Spamhaus pristine trap can land your sending domain on the SBL or DBL, and delisting requires admitting the violation. There is no recovery shortcut here.
- Validate Cold and Aging Lists Before Sending: Use real-time verification tools like ZeroBounce, NeverBounce, or Kickbox to scrub addresses before any campaign to a list older than 90 days. This catches typos, role accounts, and recycled traps (abandoned addresses ISPs reactivate to catch lazy senders) before they generate hard bounces.
- Stay Below the 0.10% Complaint Threshold: Gmail's 2024 bulk sender requirements mandate a spam complaint rate under 0.10% as measured in Postmaster Tools, with 0.30% triggering severe filtering. Monitor this daily — once you're flagged, recovery takes weeks of reduced volume to highly engaged users.
Every Bounce You Make, Every Click You Break
Engagement signals — both positive and negative — directly shape your domain reputation in Gmail Postmaster Tools and Microsoft SNDS.
- Suppress Hard Bounces Immediately and Permanently: A 5xx response (especially 550 "no such user") is a permanent rejection. Continuing to send to addresses that hard-bounced signals poor list hygiene and can push your domain reputation from Medium to Low overnight. Keep your rolling bounce rate below 2%.
- Implement RFC 8058 One-Click Unsubscribe: Since February 2024, Gmail and Yahoo require bulk senders (5,000+ daily) to include a
List-Unsubscribe header with List-Unsubscribe-Post: List-Unsubscribe=One-Click support. This converts would-be spam complaints into clean unsubscribes — a far better signal for your reputation.
- Sunset Unengaged Subscribers at 90–120 Days: Subscribers who haven't opened or clicked in 90–120 days drag down your engagement metrics and are statistically likely to hit recycled traps. Run a final re-engagement campaign, then suppress non-responders. Remember that Apple Mail Privacy Protection inflates opens — weight your sunset logic toward clicks.
Conclusion
Every authentication record, every bounce response, every complaint, and every unsubscribe is a data point feeding the algorithms that decide your fate. Treat deliverability as a continuous practice of proving you're a legitimate, wanted sender — because somebody really is watching you.
Your Every Mail You Make Checklist:
- Configure SPF (under 10 lookups), DKIM (2048-bit), and DMARC (
p=quarantine minimum) with passing alignment.
- Validate any list older than 90 days through a real-time verification service before sending.
- Monitor Gmail Postmaster Tools weekly; act immediately if complaint rate approaches 0.10%.
- Implement RFC 8058 one-click unsubscribe in the
List-Unsubscribe header.
- Suppress hard bounces permanently and unengaged subscribers after 90–120 days.
- Warm new IPs and sending domains gradually, starting with your most engaged segment.
Educational content. Email deliverability evolves rapidly. Platform rules (Gmail, Yahoo, etc.), engagement signals, and ESP behaviours change frequently, and real-world issues often involve conflicting signals, data quality problems, and failure modes that general best practices can’t anticipate. Content on this site is provided for informational purposes only and does not replace a thorough analysis by a qualified deliverability professional.
Terms of Use