Email Deliverability Glossary

An allowlist is a list of trusted senders, IP addresses, or domains that a mail system permits to bypass some or all filtering. Recipients can allowlist senders by adding them to contacts, and providers maintain internal allowlists for sources with proven reputation. While an allowlist improves delivery for approved senders, it is not a substitute for good practices, since most providers still apply spam and security checks even to trusted entries.

Authenticated Received Chain is a protocol that preserves email authentication results as a message passes through intermediaries such as mailing lists and forwarders. Because forwarding can break SPF and modify content enough to invalidate DKIM, ARC lets each handler record the authentication state it observed in a verifiable chain. A receiver that trusts the forwarder can then honor those earlier results, reducing the false rejections that DMARC enforcement would otherwise cause for legitimately forwarded mail.

A blacklist is a register of IP addresses, domains, or senders deemed responsible for spam or abuse, used by mail systems to block or filter their traffic. Listings may be triggered by spam-trap hits, complaint spikes, poor authentication, or compromised infrastructure. Being listed can sharply reduce inbox placement, so senders monitor major lists continuously and follow each operator's documented delisting steps once the underlying problem is fixed. Many operators now prefer the term blocklist.

A bounce is an automated notification that a message could not be delivered to a recipient. The receiving system returns a status code and reason, which senders classify as either permanent or temporary. Tracking bounces is essential to list hygiene, because repeatedly mailing addresses that bounce signals carelessness to mailbox providers and degrades sender reputation. Well-run programs process bounce feedback automatically and suppress problem addresses before they cause further harm.

Brand Indicators for Message Identification is a specification that lets a brand display its verified logo beside authenticated messages in supporting mailbox clients. BIMI requires an enforced DMARC policy and a logo published in DNS, often paired with a Verified Mark Certificate. By rewarding strong authentication with visible branding, it improves recipient trust and recognition while giving senders another incentive to maintain clean, fully authenticated email programs.

The bulk folder, also called the spam or junk folder, is where mailbox providers place messages they accept but judge unwanted or low-trust. Mail routed here is technically delivered yet rarely seen, so heavy bulk-foldering quietly undermines a program even when delivery metrics look healthy. Causes include weak authentication, poor engagement, complaint history, or spam-like content. Recovering inbox placement usually requires improving reputation signals rather than changing any single message.

Complaint rate is the proportion of recipients who mark a sender's messages as spam, usually measured against messages delivered. Mailbox providers treat it as one of the most direct reputation signals, and even a small percentage can trigger filtering. Major providers publish thresholds, often around one tenth of a percent, that senders should stay well below. Keeping complaints low depends on clear permission, relevant content, easy unsubscribing, and prompt removal of anyone who objects.

A dedicated IP is a sending address used by a single sender, so its reputation reflects only that sender's behavior. This gives full control and isolation from other senders' problems, which suits high-volume programs with consistent traffic. The tradeoff is responsibility: a dedicated IP must be warmed up and kept active, because low or erratic volume leaves providers with too little data to assign a stable, trusted reputation.

Deliverability rate generally describes how successfully a sender's mail reaches recipients, and the term is used at two levels. Delivery rate counts messages accepted by receiving servers rather than bounced, while true deliverability focuses on whether accepted messages land in the inbox. Because a high acceptance rate can mask heavy bulk-foldering, careful senders pair delivery figures with inbox placement data to understand the full picture rather than assuming acceptance equals being seen.

A DNS-based Blocklist is a list of IP addresses or domains, published over DNS, that are associated with spam, malware, or other abuse. Mail servers query these zones in real time during the SMTP conversation and may reject, defer, or score a message based on whether the sender appears. DNSBLs are a fast, lightweight defense, but listings can be noisy, so reputable operators publish clear delisting procedures.

Domain reputation reflects how mailbox providers judge the trustworthiness of the domains in your email, including the visible From domain and any authenticated signing domains. Unlike IP reputation, it follows the brand across infrastructure changes, so it cannot be reset simply by moving to a new address. Providers weigh engagement, complaint rates, authentication, and content history. As filtering grows more identity-centric, domain reputation increasingly determines whether messages reach the inbox.

Domain-based Message Authentication, Reporting and Conformance is a policy layer built on top of SPF and DKIM. It tells receiving servers what to do when a message fails authentication and the visible From domain does not align, with options to monitor, quarantine, or reject. DMARC also requests aggregate and forensic reports, giving senders visibility into who is mailing as their domain and helping shut down spoofing and phishing abuse.

DomainKeys Identified Mail attaches a cryptographic signature to outgoing messages so receivers can confirm that key headers and the body were not altered in transit. The sending server signs with a private key, and the receiver validates that signature using a public key published in DNS. A passing DKIM check proves the message is authentically associated with the signing domain, which strengthens deliverability and satisfies one of the authentication methods DMARC evaluates.

Double opt-in is a subscription method in which a new sign-up must confirm their address by clicking a link in a verification email before being added to the active list. This extra step proves the address is valid and that the owner genuinely consented, which sharply reduces typos, spam-trap captures, and fraudulent sign-ups. Although it slightly lowers raw sign-up counts, double opt-in produces a cleaner, more engaged list and stronger long-term deliverability.

Email authentication is the set of standards that prove a message genuinely comes from the domain it claims, rather than a forger. The core trio is SPF, which authorizes sending servers, DKIM, which cryptographically signs messages, and DMARC, which sets policy and reporting when alignment fails. Properly configured authentication is now a baseline requirement at major mailbox providers, protecting brands from spoofing and phishing while giving legitimate senders the trust signals needed for reliable inbox placement.

An Email Service Provider is a platform that sends email on behalf of its customers, handling infrastructure such as sending servers, authentication, bounce and complaint processing, list management, and reporting. ESPs let senders reach large audiences without operating their own mail servers, and reputable ones enforce acceptable-use policies to protect shared reputation. Choosing an ESP with strong deliverability practices and clean IP pools materially affects whether a sender's mail consistently reaches the inbox.

Engagement describes how recipients interact with mail, through opens, clicks, replies, and positive actions like moving a message out of spam. Mailbox providers weigh these signals heavily when deciding inbox placement, rewarding senders whose audiences clearly want their mail. Conversely, sending repeatedly to recipients who never engage drags down reputation. Modern deliverability strategy therefore emphasizes mailing engaged subscribers, segmenting by activity, and sunsetting persistently inactive contacts to keep overall engagement strong.

A feedback loop is a service offered by mailbox providers that forwards a report to the sender whenever a recipient marks one of their messages as spam. By subscribing to these loops, senders learn which subscribers are complaining and can promptly suppress them. Acting on feedback-loop data protects reputation, because unaddressed complaints push providers toward bulk-foldering or blocking. Enrolling in every available loop is a baseline expectation for any sender operating at meaningful volume.

Greylisting is an anti-spam technique where a receiving server temporarily rejects mail from unfamiliar senders with a soft failure, asking them to retry later. Legitimate mail servers follow the standard and resend after a short delay, while many spam tools never retry, so the message is filtered out. The tradeoff is added latency on first contact. Once a sender proves it retries correctly, the server typically remembers it and delivers future mail promptly.

A hard bounce is a permanent delivery failure, returned when an address is invalid, the domain does not exist, or the recipient has been disabled. Because the problem will not resolve on its own, hard-bounced addresses should be removed from active mailing immediately and added to a suppression list. Continuing to send to them inflates bounce rates, wastes sending resources, and tells mailbox providers that a sender is not maintaining accurate, permission-based lists.

A honeypot is a decoy resource, such as a hidden email address or a concealed form field, planted to detect and trap abusive behavior. Hidden addresses published only where harvesters scrape will receive mail solely from those who collected them improperly, exposing bad acquisition practices. In web forms, an invisible field that humans never fill but bots do helps block automated sign-ups. Honeypots are closely related to spam traps used by blocklist operators.

Inbox placement rate measures the share of delivered messages that actually reach the primary inbox rather than the spam or bulk folder. It is a sharper deliverability signal than raw delivery, because a message can be accepted by a server yet still hidden from the recipient. Senders estimate this rate using seed lists and provider panels, then use it to judge whether reputation, content, or authentication problems are quietly diverting mail away from the inbox.

IP reputation is the trust score that mailbox providers and filtering systems assign to a sending IP address based on its observed behavior. Signals include complaint volume, spam-trap hits, bounce rates, sending consistency, and authentication results. A strong reputation earns inbox placement, while a damaged one leads to throttling, bulk-foldering, or outright blocking. Because reputation is tied to the address, senders on dedicated IPs control their own standing more directly than those sharing pooled addresses.

List hygiene is the ongoing practice of keeping a mailing list accurate and engaged by removing invalid, bouncing, complaining, and inactive addresses. Regular cleaning lowers bounce and complaint rates, reduces the risk of hitting recycled spam traps, and concentrates sending on recipients who actually want the mail. Good hygiene combines automated bounce and complaint processing with deliberate re-engagement and sunsetting of dormant contacts, all of which protect sender reputation and sustain strong inbox placement over time.

List-Unsubscribe is an email header that advertises a standardized way for recipients to opt out, which mailbox clients can surface as a native unsubscribe button. Paired with the one-click variant, it lets recipients leave a list without visiting a landing page. Major providers now require this header for bulk senders, because an easy, trustworthy opt-out reduces spam complaints. Honoring these requests promptly is essential, since ignoring them invites complaints and reputation damage.

A Message Transfer Agent is the software responsible for routing and relaying email between servers using SMTP. It accepts messages from clients or other servers, queues them, applies policy such as authentication and rate control, and hands them to the next hop toward the recipient. The MTA's configuration, including reverse DNS, TLS, and retry behavior, directly affects deliverability, making it a central component in any sending architecture.

MTA Strict Transport Security is a standard that lets a domain require encrypted, authenticated SMTP connections for inbound mail. The domain publishes a policy, discoverable over HTTPS and signaled in DNS, telling sending servers to use TLS with a valid certificate and to refuse delivery if encryption cannot be established. This closes the gap left by opportunistic TLS, where an attacker could strip encryption, and it is commonly paired with TLS-RPT to gain visibility into enforcement.

An MX record is a DNS entry that names the mail servers responsible for accepting email for a domain, each with a priority value that orders delivery attempts. Sending servers look up the recipient domain's MX records to decide where to connect. Correct MX configuration is fundamental to receiving mail, and misconfigured or missing records cause widespread delivery failures. Multiple records with different priorities provide redundancy so mail still flows if the primary server is unreachable.

An open relay is a mail server misconfigured to accept and forward messages from any sender to any recipient without authentication. Spammers actively hunt for open relays to launder large volumes of mail and obscure their origin, so listed open relays are quickly blocklisted. Every modern MTA should require authentication or restrict relaying to known networks. Discovering that infrastructure is acting as an open relay is an urgent security and reputation problem to close immediately.

A PTR record maps an IP address back to a hostname, enabling reverse DNS lookups. Receiving mail servers frequently check that a sending IP has a valid PTR record and that it matches the forward DNS of the announced hostname. Missing or generic reverse DNS is a common reason mail is rejected or scored as suspicious, so operators of sending infrastructure should ensure every outbound IP resolves to a consistent, properly delegated hostname.

A Realtime Blackhole List is one of the earliest forms of DNS-based blocklist, originally created to share the addresses of known spam sources so other operators could refuse their mail. Today the term is often used interchangeably with DNSBL. Servers look up a sender's IP against the zone and act on a match. Because criteria vary widely between operators, senders should confirm exactly why a listing occurred before requesting removal.

A seed list is a curated set of test inboxes across many mailbox providers that senders include in a campaign to observe how it is treated. By checking where seed messages land, whether inbox, bulk folder, or missing, and how authentication renders, teams estimate inbox placement before and during a send. Seed lists complement provider feedback and panel data, but because seed accounts have no real engagement, results are an indicator rather than a perfect mirror of subscriber experience.

Sender Policy Framework is an email authentication standard that lets a domain owner publish, in DNS, the list of mail servers permitted to send messages on its behalf. Receiving servers compare the sending IP against that published record and decide whether the message passes, fails, or returns a neutral result. SPF helps mailbox providers detect spoofing and forged envelope senders, and it forms one of the three pillars that DMARC relies on for alignment.

Sender reputation is the overall trust mailbox providers place in an email sender, derived from both the sending IP and the sending domain. It is shaped by complaint rates, spam-trap hits, bounce levels, authentication, engagement, and consistency over time. A strong reputation earns inbox placement and resilience to occasional mistakes, while a damaged one invites throttling and blocking. Because reputation is cumulative and slow to rebuild, protecting it through disciplined sending practices is central to long-term deliverability.

Sender Score is a reputation rating, expressed on a 0 to 100 scale, that estimates the trustworthiness of a sending IP address based on observed mailing behavior. Higher scores correlate with better inbox placement, while low scores often accompany filtering and blocks. Operated as a free benchmarking service, it draws on signals such as complaint rates, trap hits, and volume patterns. Senders treat it as a useful directional indicator rather than the single authority on their reputation.

A shared IP is a sending address used by multiple senders, typically pooled by an email service provider. Reputation is collective, so each participant benefits from the established history of the pool but is also exposed to the behavior of others sharing it. Shared IPs suit lower-volume senders who cannot generate enough traffic to warm and sustain a dedicated address, though reputable providers actively police pool membership to limit the impact of any bad actor.

SMTP TLS Reporting is a mechanism that lets a domain receive daily summaries about the success or failure of encrypted delivery attempts to its mail servers. By publishing a DNS record naming a reporting address, the domain asks sending systems to report TLS negotiation problems and policy failures. These reports help operators detect misconfigured certificates, downgrade attacks, or broken MTA-STS policies that would otherwise silently disrupt secure mail flow, making TLS-RPT a natural companion to MTA-STS.

A soft bounce is a temporary delivery failure caused by transient conditions such as a full mailbox, an unavailable server, or a message exceeding size limits. Sending systems usually retry soft-bounced messages for a period before giving up. Persistent soft bounces against the same address, however, often indicate an abandoned account and should eventually be treated like permanent failures. Monitoring soft-bounce patterns helps senders distinguish brief outages from addresses that are quietly decaying.

A spam score is a numeric value that a content filter assigns to a message based on rules and signals it considers suspicious, such as risky phrases, broken authentication, or unbalanced text-to-image ratios. When the accumulated score crosses a threshold, the message is filtered or rejected. Reviewing the individual rules that contributed to a score helps senders identify and fix specific content or configuration problems rather than guessing why a message was flagged.

A spam trap is an email address operated by mailbox providers or blocklist operators specifically to catch senders with poor list practices. Pristine traps never opted in to anything, while recycled traps are former real addresses reactivated after long dormancy. Because legitimate, permission-based programs should never reach a trap, hitting one is a strong signal of purchased lists, scraping, or weak hygiene, and it can directly trigger blocklisting and reputation damage.

SpamAssassin is a widely deployed open-source spam filter that evaluates messages against a large library of rules, combining header checks, content heuristics, blocklist lookups, and authentication results into an overall score. Many hosting providers and mail servers run it as a frontline filter. Because its rule names and points are visible in scan output, senders often use a SpamAssassin report to diagnose exactly which content or configuration issues are pushing a message toward the spam threshold.

A suppression list is a record of addresses a sender must never email again, including unsubscribes, hard bounces, spam complainers, and known traps. Before each send, the mailing list is checked against it so suppressed addresses are excluded automatically. Maintaining an accurate suppression list is both a deliverability safeguard and, for opt-outs, a legal requirement under anti-spam regulations. Failing to honor it leads to complaints, repeated bounces, and avoidable reputation harm.

Throttling is the deliberate limiting of how much mail a receiving server will accept from a sender over a given period. Mailbox providers throttle senders whose reputation is unproven or declining, returning temporary deferrals that slow delivery. Senders also self-throttle to respect provider limits and protect reputation during high-volume campaigns. Encountering throttling is a cue to reduce pace, verify authentication, and improve engagement rather than pushing harder and risking escalation to outright blocking.

Transport Layer Security encrypts the connection between mail servers so messages cannot be read or tampered with in transit. In email, STARTTLS is the command that upgrades a plaintext SMTP session to an encrypted one when both servers support it. Opportunistic TLS is common, but because it can be stripped by an attacker, complementary policies such as MTA-STS exist to require encryption. Strong transport security protects confidentiality and is increasingly expected by receiving systems.

Warm-up is the practice of gradually increasing sending volume on a new IP address or domain so mailbox providers can build a positive reputation before full-scale mailing. Starting with small batches to the most engaged recipients and scaling up over days or weeks signals legitimate, demand-driven behavior. Skipping warm-up and blasting high volume from a cold address commonly triggers throttling and bulk-foldering, because providers have no history on which to base trust.