Understanding email deliverability in 2024

For most Ecommerce businesses, email is still a core channel for reach - whether it be for abandoned carts, welcome sequences, BFCM campaigns and new products.

And for email marketing to work, you need to make sure that your messages are ending up in people’s inboxes.

From February 2024, the big email providers - Google, Yahoo and Microsoft are turning rules which were once considered best practices, into requirements. Google alone processes 15 billion junk emails a day. Senders who aren’t sticking to these requirements will face major email deliverability issues.

What are the changes and why have they been proposed?

Many bulk senders still bypass crucial steps which make it increasingly harder for Google, Yahoo and Microsoft to protect their users from spam or phishing attacks. These ‘nice to have’ rules which provide proper email authentication are now becoming compulsory. The changes mainly target those sending 5,000+ emails a day, but it’s in the best interest of smaller volume senders to comply with these rules anyway to avoid the risk.

Here’s what you need to do in response to these changes

  • Authenticate your email using DKIM, SPF and DMARC (we’ll explain this later)
  • Enable easy one-click unsubscribe buttons
  • Honour unsubscribes within two days
  • Send emails to people who want them and keep spam rates to under 0.3%


For those who are unfamiliar with how emails are sent and received, let’s start with the analogy of snail mail and post offices.

How emails are sent (simplified)

  • Person A wants to send a message to Person B
  • Person A sends the message to an outgoing email server, similar to a post office
  • The outgoing server (Post Office A) sorts the message and sends it to the incoming email server (Post Office B)
  • Post Office B then sends Person A’s message to its final destination - Post Office B

SPF - Sender Policy Framework

With SPF, Person A can define which post offices are allowed to send the message on your behalf. Authorised post offices could include your website domain, or an email service provider like Mailchimp.

The purpose of SPF is to prevent email spoofing - i.e. someone pretending that they’re Person A

When Post Office B gets a message from a post office which isn’t on the list of authorised post offices, then Post Office B will reject the message and not deliver it to Person B

DKIM - Domain Keys Identified Mail

Think of DKIM as a unique signature that’s attached to your message - much like the old fashioned wax seal.

The DKIM assures Person B that the message is authentic and hasn’t been tampered with on its journey from Person A.

If Post Office B receives a message with the seal missing or doesn’t match Person A, then they’ll discard the message.

DMARC - Domain-based Message Authentication, Reporting and Conformance

DMARC is Person A’s instruction to Post Office A on how to handle suspicious messages. It’s like a note that’s attached to your letter, instructing what to do if the wax seal is broken, or if the message came from an unauthorised post office.

At the moment, the new minimum requirements don’t need you to specify anything and you can let the receiver (Post Office B) decide. But based on where everything is heading, it’s possible that by the end of 2024, stricter policies might be in place to place the responsibility on the senders to instruct mail servers to reject messages or quarantine them (i.e. send to spam).

What about spam filters?

Another separate gatekeeper after the receiving server is your email program - e.g. Gmail, Outlook

These programs have spam filters built-in, which looks at things like the content of the message, links, your IP address and blacklists

Spam filters aren’t changing from February, but they are still important to consider in this context.

What you need to do to comply with the new requirements

SPF, DKIM and DMARC are all configured on your DNS (Domain Name System) server. A DNS server is like the postal address directory.

If Person A wants to know where to address their message to Person B, they need to consult the town’s address book - the DNS server.

The server contains the list of addresses of every resident in the town - the addresses being the domain names and corresponding IP addresses.

When Person A sends a message, Post Office A checks the address book (DNS server) to not only find out where to deliver it to, but also access the information to properly authenticate the message - your SPF, DKIM and DMARC records.

To access your DNS server and configure these records, you can log in to your website domain provider (e.g. GoDaddy).

Other helpful tips to prevent your emails being marked as spam

  • Only send to recipients who have opted-in
  • Keep your lists clean (remove inactive or bounced subscribers)
  • Have a regular sending schedule
  • Avoid the overuse of spam terms in the subject line or email body
  • Avoid overuse of caps
  • Use exclamation marks sparingly
  • Don’t use too many images
  • Run spam tests before sending

📌 If you want more of this, don't forget to subscribe to our newsletter - Deals & Data, where we share the latest M&A industry news, macro trends and insights in our weekly roundup.

Back to blog