Deliverability Case Study: "First Blast"
Track 01 of Click Through opens the album's central irony: the most dangerous sender is the confident one. Marcus Deliverino has ten thousand names, a crafted subject line, and zero authentication — and he's focused entirely on the wrong problem. The three standards he dismisses in four lines (SPF, DKIM, DMARC) are not optional refinements. They are the foundation every mailbox provider uses to decide whether to accept mail from your domain at all.
Verse 1: The Warm-Up Myth
"No warm-up needed — I know this game"
When a new domain or IP sends its first campaign, it has no reputation history. Mailbox providers — Gmail, Yahoo, Outlook — apply aggressive filtering to unknown senders. A new domain blasting ten thousand emails immediately triggers rate-limiting, deferred delivery, and spam folder placement at every major provider.
The purpose of a warm-up sequence is to build a positive sending history before volume escalates. A standard protocol starts with hundreds of sends per day to your most engaged subscribers (those most likely to open and click), increases volume gradually over two to four weeks, and monitors bounce rates, complaint rates, and Postmaster data at each step. Marcus skips all of it. The 40% bounce rate in the bridge is the direct consequence: a cold domain hitting a cold or poorly acquired list with no engagement history.
Verse 2: The Authentication Dismissal
"SPF — I'll deal with that later / DKIM — comes when I'm greater / DMARC — that's a different day"
Each of these is dismissed in exactly one line. Each dismissal is a compounding error:
- SPF (Sender Policy Framework): A DNS record listing which mail servers are authorized to send email for your domain. Without it, receiving servers have no way to verify that your message originates from a legitimate source. Many providers silently downgrade unauthenticated mail.
- DKIM (DomainKeys Identified Mail): A cryptographic signature attached to each outgoing message, verified against a public key in your DNS. DKIM proves that the message content was not modified in transit and ties the send to your domain's reputation. Without it, you cannot benefit from the positive engagement signals your subscribers generate.
- DMARC (Domain-based Message Authentication, Reporting, and Conformance): A policy layer on top of SPF and DKIM that tells receiving servers what to do when authentication fails — none, quarantine, or reject — and instructs them to send aggregate reports back to you. Without a DMARC record, you have no visibility into who is sending mail using your domain and no enforcement mechanism to stop them.
Gmail and Yahoo began requiring DMARC records for bulk senders in February 2024. Marcus's "deal with that later" is no longer a viable strategy.
Bridge: The Metrics He Dismissed
"Forty percent bounced — these filters are mean / Point-three complaints — I'll shake that off"
Marcus reads these numbers as evidence of external hostility. They are evidence of internal failures:
- A 40% bounce rate on a first send indicates the list was either purchased, harvested, or very old. A legitimate opt-in list of recent subscribers will typically bounce at under 2%. Forty percent means the majority of addresses are invalid, abandoned, or role accounts that will never deliver.
- A 0.3% complaint rate is not a filter being mean — it is the Gmail enforcement threshold for bulk senders. At 0.3%, Gmail begins applying domain-level filtering that suppresses all mail from that domain, not just the campaign that triggered it. Marcus shaking this off is the setup for Track 05's domain collapse.
The Promotions tab obsession in the outro is the album's central misdirection. Tab placement is determined by per-user engagement signals, not sender tricks. A sender without authentication, with a 40% bounce rate and a 0.3% complaint rate, will not reach the Promotions tab. They will not reach any tab.
Most deliverability failures begin before the first send. Authentication and warm-up are not optimizations — they are the baseline infrastructure every legitimate sender must have in place before a single campaign goes out.
Email Authentication: The Non-Negotiable Foundation
Authentication is not optional. Gmail and Yahoo require it for bulk senders; other providers use it to make filtering decisions. The three standards work together:
- Set up SPF first. Add a TXT record to your domain's DNS that lists your authorized sending IPs or ESP's servers. Use a single SPF record — multiple records cause failures. Test with
dig TXT yourdomain.com and validate at MXToolbox.
- Enable DKIM. Your ESP generates a key pair; you add the public key to your DNS as a TXT record. DKIM ties your engagement history to your domain — without it, positive signals from your subscribers don't compound into sender reputation credit.
- Deploy DMARC. Start with
p=none to collect reports without affecting delivery, then review reports for two to four weeks before moving to p=quarantine or p=reject. DMARC reports reveal unauthorized senders using your domain — a critical security benefit beyond deliverability.
- Verify alignment. Your From domain must align with your SPF and DKIM domains for DMARC to pass. A mismatch is the most common authentication failure.
Domain Warm-Up: Building Reputation Before Volume
A new domain or IP has no sending history. ISPs treat the unknown conservatively. The warm-up process establishes that history before you need it.
- Start small, with your best subscribers. Send the first two weeks to your most recently engaged list segment — people who opted in recently and have strong open and click history. These subscribers produce the positive signals that build your reputation baseline.
- Increase volume gradually. A typical warm-up doubles or increases volume by 50% every two to three days: Day 1–3: 500 sends. Day 4–6: 1,000. Day 7–9: 2,500. Continue until you reach your target volume. The actual ramp depends on your list size and engagement rates.
- Monitor at every step. Set up Gmail Postmaster Tools before your first send. Watch domain reputation (should reach High before you scale), spam rate (must stay below 0.10%), and delivery errors. A reputation drop at any stage means you escalated too fast — pause and hold volume for several days before increasing again.
- Never blast a cold domain. Sending full volume on day one is the single fastest way to earn a permanent reputation penalty. Recovery from a cold-blast blocklisting can take months.
Your Authentication Baseline Checklist
- SPF record published in DNS — single record, includes all sending sources
- DKIM enabled and DNS record propagated — verify with your ESP's tools
- DMARC record deployed — start at
p=none, move to enforcement after reviewing reports
- Gmail Postmaster Tools set up and monitoring domain reputation before first send
- Bounce rate below 2% on first send — any higher indicates list quality problems that warm-up alone will not fix
Educational content. Email deliverability evolves rapidly. Platform rules (Gmail, Yahoo, etc.), engagement signals, and ESP behaviours change frequently, and real-world issues often involve conflicting signals, data quality problems, and failure modes that general best practices can’t anticipate. Content on this site is provided for informational purposes only and does not replace a thorough analysis by a qualified deliverability professional.
Terms of Use