Email Deliverability Risks & Best Practices

Why is email deliverability so important? It’s how your emails get to your recipients’ inboxes instead of ending up in the spam folder or being block-listed. And it’s more important than ever. Mailbox providers like Gmail and Yahoo now enforce stricter requirements for bulk senders—including authentication (like DMARC), one-click unsubscribe, and low spam complaint thresholds—while also using AI-driven filtering to evaluate engagement and sender behavior. The best practices below still apply, but they matter more than ever in today’s environment.

One important factor that impacts whether your emails are delivered or not is your sender score or sender reputation. Sender reputation is determined by factors like engagement metrics, complaint rates, proper authentication, consistent sending practices, high-quality content, list hygiene, and responsiveness to ISP feedback. Certain actions you take can damage this email sender reputation, so you need to be informed to avoid a couple danger zones.

In this post, I’ll walk through:

• Risky Email Deliverability Practices
• Deliverability Data: Outcomes of Risky Practices
• Email Deliverability Best Practices & Industry Trends
• Scoring Your Risks

Here’s the bottom line: there are consequences when you don’t observe email best practices and those consequences go beyond someone not opening one individual email. Each poorly targeted, spammy, or otherwise risky email can harm the long-term health of your email program. Always look for was to deliver relevance and use trustworthy email strategies.

12 Risky Email Deliverability Practices

1. Not Having Email Authentication

As of 2024, both Google and Yahoo require email authentication for bulk senders. That means always using an email domain authenticated by you. There are three pillars of email authentication, SPF, DKIM, and DMARC. These tools provide proof that an email message is genuine and that it’s coming from who it claims to be from. Email authentication acts as your digital ID card and helps Mailbox Providers (MBPs) and spam filtering systems recognize your legitimate email.

SPF, DKIM, and DMARC can be a little hard to understand so we have a whole post about email authentication to get you up to speed. But a good email service provider, like Higher Logic Thrive Marketing, should include steps during implementation to get you set up.

2. No Unsubscribe Mechanism

You want to have a clear, easy, compliant way for people to unsubscribe from your emails. I always tell people the worst thing that can happen to you is when someone marks you as spam – and if you don’t have an obvious way to unsubscribe, that’s the only thing recipients may feel like they CAN do. If someone wants to unsubscribe, let them, and make it easy for them. You’re only hurting yourself by hiding your unsubscribe link and ending up even worse off when someone marks you as spam.

3. Sending to Unengaged Individuals

Today, engagement is one of the most important signals mailbox providers use. AI-driven filtering systems analyze how recipients interact with your emails over time, including opens, clicks, replies, and deletions. If a large portion of your audience consistently ignores your messages, it can impact your ability to reach even your most engaged subscribers. Regularly cleaning your list and targeting active users helps protect your sender reputation and inbox placement.

A good rule of thumb if someone last engaged with your emails within the past…

• 0–90 days: Highly engaged (your safest, most valuable audience)
• 90–180 days: At-risk but still usable
• 180+ days: Likely hurting your deliverability
• If they haven’t engaged in 6–12 months suppress and stop mailing to them

If you receive pushback about this from leadership, keep in mind: You email list is only as strong as your weakest subscriber. If you send emails to recipients who aren’t engaged, those recipients will drag down your sender reputation and the rest of your list will suffer. ISPs and spam folders can see all that data, and they will notice if 20% of your recipients are not engaged and start filtering you out of the main inbox or even sending you to spam.

4. Failure to Clean Lists Regularly

To help you avoid risk #3, establish a process to regularly clean your email list. The first step is to ensure you have consent from the recipients on your email list. From there, I’d recommend taking a look at the last time those people engaged with you (this is pretty easy to monitor with Higher Logic Thrive Marketing’s engagement scoring feature). If they haven’t engaged with you for over three months, I’d move them into a re-engagement campaign before potentially suppressing them.

5. Sending to Purchased/Rented/Leased/Shared Lists

I sincerely hope this practice is dying out, but if not, here’s a reminder: purchased lists are not worth it. Even if you’re using list validation, buying, renting, or sharing an email list is a big no-no, and a risk you want to avoid. This practice is detrimental to your sender reputation and against Higher Logic’s rules of use.

Why? When you do this, you run the risk of taking down an entire sending system. You may feel like you’re fine if you just use list validation, but list validation has limits:

• Purchased email lists may not comply with data protection regulations like GDPR or CAN-SPAM. Even if the emails are validated, it isn’t checking for consent/affirmative opt-in. Sending unsolicited emails to these contacts can result in legal penalties and damage to your brand’s reputation.
• List validation can verify if email addresses are valid and active, but it cannot guarantee the quality or relevance of the contacts. Purchased lists often contain outdated or irrelevant contacts, which may be spam traps and/or can lead to low engagement rates and high bounce rates.
• Recipients from purchased lists are less likely to engage with your emails since they haven’t opted in to receive – and low-engagement contacts isn’t something list validation can filter for. This leads to low open and click rates, negatively impacting your sender reputation and deliverability.
• List validation tools can identify invalid email addresses, but they cannot detect other issues such as incorrect names, outdated job titles, or irrelevant industries. This can result in poorly targeted campaigns that fail to resonate with the audience.

You know what they say: if something seems too good to be true, it probably is. While list validation can help clean up a purchased email list, it does not address the fundamental issues of quality, compliance, and engagement. So even though it may be tempting to send marketing emails to purchased lists of contacts, it’s a major risk that you should avoid.

6. Volume Spikes

Sending out an email to a large group of addresses that you’ve never contacted before or haven’t contacted in over three months is an example of a volume spike. Organizations often do this without realizing it when they send out “happy holidays” emails. Contacting unengaged email addresses like this out of the blue can cause your deliverability rate to plummet. I recommend maintaining consistency in your sending. If you’re going to send to a list without recent engagement history, send the message more slowly and in smaller batches to gauge delivery rates before it causes harm to your sender reputation

7. Email Contains Mostly Images

Sending image-heavy or image-only emails is a huge red flag because it makes receivers think you’re using a technique called image mapping. Spammers use image mapping to try to hide text within an image because it can’t be scanned. If you want to use an image as the basis for your email, consider breaking up the image and putting some text beneath each image or putting the image into the header and putting text content into the body.

8. Exposed URLs

Using exposed URLs come up a lot as a reason for email bounces. If you include any type of tracking in your URLs and you hover over that URL, you’re going to see the tracking URL, which is typically seen as a phishing attempt by spam appliances.

You want to make sure you cover your URL with text or an image. Here’s an example of what this looks like:

Exposed URL | Read our blog post: https://blog.higherlogic.com/improve-my-email-deliverability

Recommended URL | Find out how to improve your email deliverability

9. Shortened Links

For dealing with long URLs, people often turn to third-party link-shortening services (bit.ly and tinyurl.com), which convert long URLs to shorter versions that lead to the same landing page. Here’s why you shouldn’t use link shorteners in your email marketing content:

• They’re typically block-listed by major block-list providers
• Spammers use these services to hide their destination URLs

10. Sending Too Frequently

I define sending too frequently as sending to the same list more than once per day. Here’s a common scenario of when you might see this. A sender makes a mistake on an email they’ve sent to their whole database – then they resend an email out with an “oops,” causing a spike in volume. It’s actually better for your deliverability in that situation to NOT send out the second email (unless you have a significant reason to). I suggest waiting until the next morning to correct it. If you absolutely must send that second email, some automated email campaign platforms give you the ability to send on a distributed option so the emails go out in a staggered fashion, which can help.

11. Sending Attachments

Wondering if you should send attachments in your next marketing or communications email? The only safe attachment is a text file (.txt). So if you’re attaching PDFs or any other file types, those can be marked as malicious and suspicious.

Consider these deliverability risks:

• Internet Service Providers (ISPs) may mark your attachment as spam
• Even if the message gets through, your subscriber may still think it’s spam
• Your messages may become too large
• Attachments get lost when the email is forwarded

Rather than sending attachments, host the file online and link to it in your emails. By linking to the attachment you can reduce risk, improve the user experience, implement tracking, and increase the chances people will open and read your messages.

12. Spam-like content characteristics in the subject and body of the message

The list of spam-like characteristics is ever-changing, so periodically research the latest. You can expect it will include things like dollar signs, all caps, or certain types of punctuation. Spam filters will flag emails with these characteristics.

Deliverability Benchmarks and Data: Risk Outcomes

If you’re using risky practices, you should expect a lower delivery rate. But how much lower?

As a reminder, email deliverability is the ability to reach the inbox, while email delivery assumes delivery unless proven otherwise.

Results may vary, so keep in mind that these are examples:

• Using a “free mail” domain (Yahoo, AOL, Gmail, etc.): 40% or less delivery rate
• Sending to individuals who haven’t opened in the past 3 months: 80% or less delivery rate
• Creating a large spike in volume (2+ sends in one day): 50% or less delivery rate
• Not properly warming a new IP address: 40% or less delivery rate
• Image mapping: 50% or less delivery rate

Eek! Those aren’t great, right? Read on for best practices to improve your email deliverability (and how to score your emails).

Email Deliverability Best Practices

We’ve talked a lot about the bad stuff: Here’s how to get those good results we want!

Best Practices to Follow for a Low-Risk Email

And here’s the good news: If you’re sending wanted mail, or emails that follow these best practices, your delivery score should be around 95%. Looks a lot better, right?

1. Meet modern sender requirements (authentication and compliance)

Mailbox providers like Gmail and Yahoo now require bulk senders to have proper authentication (including SPF, DKIM, and DMARC), offer one-click unsubscribe, and maintain low spam complaint rates. Failing to meet these standards can result in filtering or blocking, regardless of your content quality.

2. Ask for Consent

You want to send wanted emails. And in some countries, having affirmative consent is a requirement. To ensure your subscribers want to receive your emails, ask for their consent when they first sign up for your list, called double-opt in (DOI) or confirmed opt-in (COI). One idea for getting their consent is to send them a welcome email that asks them to take an action like clicking a link to verify their email.

3. Use Plain Text Emails

With plain text emails, there isn’t much to hide. Spam filters have an easier time accepting plain text emails because there are fewer places to hide nefarious elements. When using a tool like Higher Logic Thrive Marketing that lets you set up a text version with your HTML version, make sure you take some time to review and adjust the text version of your email. Some strict filters will only accept the text version, for example most .mil addresses only allow text emails to be received and some .gov and .edu addresses may have strict rules to only accept text versions of emails.

4. Have a Clear Unsubscribe Mechanism

This is the best practice version of one of our risks. Providing a clear unsubscribe mechanism and making sure it works is a great way to avoid becoming spam.

5. Proactively Unsubscribe

Ask your subscribers every so often if they’re still interested and want to stay on your list. Think of this like when Netflix or YouTube asks, “Are you still there?” This helps you maintain an engaged list. I recommend asking about every three months. (Getting pushback? Remember, your email list is only as strong as your weakest subscriber!)

6. Send Highly Targeted and Relevant Content

Sending very specific content to a small list is a great way to maintain an engaged audience and email deliverability. With good, integrated data you can segment your audience and send those specific groups highly targeted messaging.

Scoring Your Email Deliverability Risks

You can find free email testing tools to see how risky your emails are. They’ll check different elements of your email for spam risks and give you a score.

Another way to test your email deliverability is to create/use your own email account through Yahoo, AOL, Gmail, etc., and test sending your emails to those accounts (not from those accounts, remember, that’s a risk factor). You can then check where they landed, which will help you understand where your recipients will get them.

Here’s what you should test before sending your next email: 

• Email design
• Accuracy of links
• Proof your content
• Images displaying properly
• Font and text displaying properly
• Virtual inbox/deliverability testing
• Functional unsubscribe mechanism

Looking Ahead at Email Deliverability Trends

As email continues to evolve, artificial intelligence is playing an increasingly central role in how messages are filtered and delivered. Mailbox providers now evaluate patterns in engagement, sender behavior, and content relevance in real time—not just technical setup or formatting.

For senders, this means success depends on more than avoiding mistakes. It requires consistently delivering content that your audience wants to receive and interact with. The more you focus on relevance, trust, and engagement, the more likely your emails are to reach the inbox.