Email Deliverability Guide: DNS Setup & Troubleshooting

✅ SendGrid setup and configuration

✅ Email list cleaning and bounce management

✅ Double opt-in and unsubscribe processing

🔧 Adding DNS records correctly

🔧 Fixing nameserver configuration issues

🔧 Monitoring domain reputation weekly

🔧 Progressing DMARC enforcement

Your brand from phishing/spoofing attacks

Your customers from malicious emails

Your domain reputation from being hijacked

Your email deliverability from degrading

Lists which IP addresses can send email from your domain

Prevents spammers from forging emails from your domain

Checks against the "Return-Path" (hidden envelope sender)

Adds a digital signature to your emails (invisible to recipients)

Uses cryptographic keys to prove emails came from your domain

Verifies the email wasn't altered in transit

Tells email providers what to do when SPF or DKIM fails

Provides daily reports on who's sending from your domain

Protects your domain from phishing and spoofing

Requires "alignment" - domains must match

Google Workspace: include:_spf.google.com

Microsoft 365: include:spf.protection.outlook.com

Mailchimp: include:servers.mcsv.net

HubSpot: include:_spf.hubspot.com

~all = "SoftFail" - Accept but mark suspicious (recommended to start)

-all = "Fail" - Reject emails not from listed sources (use after testing)

+all = "Pass all" - NEVER use, defeats the purpose!

After 2-4 weeks of monitoring with p=none

When your DMARC reports show 95%+ of legitimate email is passing

You've identified and fixed all authentication issues

Sends failed emails to spam/junk folder

pct=10 means only 10% of failures are quarantined at first

After 4-8 weeks of successful quarantine mode

When DMARC reports show 99%+ pass rate

You're confident ALL legitimate sources are authenticated

You want maximum brand protection

Completely rejects emails that fail DMARC

Failed emails never reach recipient (not even spam folder)

Strongest protection against phishing/spoofing

✅ Blacklist: 0 Errors (not blacklisted)

❌ Problems: 5 Errors, 4 Warnings

❌ Mail Server: 4 Errors, 2 Warnings

⚠️ DNS: 1 Error, 2 Warnings

DMARC record exists (good!)

But set to p=none (monitoring only)

Failed emails are still being delivered

SPF record is completely missing

Email providers can't verify sending authorization

Emails showing "via SendGrid" warnings or going to spam

DNS configuration shows one set of nameservers

But the parent zone (registrar) has different information

This causes DNS resolution delays and email delivery issues

DNS servers think they're using certain nameservers

But the parent zone has different information

This is a synchronization issue

Mail server hostname doesn't match its reverse DNS

Usually caused by using third-party mail forwarding

You're only RECEIVING mail through the forwarding service

You're SENDING through SendGrid (which has proper reverse DNS)

Verify MX records point to the correct mail server

Consider using a more established mail provider

"Via SendGrid" warnings disappear

Inbox placement improves from ~70% to ~85%

User complaints decrease

Email delivery becomes more reliable

No more intermittent bounces

Authentication check pass rate improves to 95%+

Inbox placement improves to 90%+

Domain reputation reaches "High" in Google Postmaster

Protection from domain spoofing activated

95%+ inbox placement rate

Strong sender reputation established

Consistent email performance

15-20% more emails reaching primary inbox

30-40% reduction in spam folder placement

Near-zero spoofed emails claiming to be from your domain

Block your emails entirely

Send all your emails to spam

Add warning messages to your emails

Increase scrutiny of your sending patterns

High spam complaint rates

Sending to spam traps (old/invalid email addresses)

Compromised email account sending spam

Poor list hygiene

Sudden volume spikes

Malware or phishing content

✅ Green = Not listed on that blacklist

❌ Red = Listed on that blacklist

Enter your domain at each blacklist's lookup tool

Most blacklists have their own checking systems

Problem is genuinely resolved

Not a repeat offender

Implemented proper authentication

Evidence of list cleaning

Barracuda uses automatic delisting for most IPs

Usually delisted within 24 hours if not reoffending

Repeated listings lead to longer listing times

Focus on fixing root cause to avoid re-listing

Monitor sending for 48 hours

Check you're not re-listed

Continue good sending practices

SpamCop uses automatic time-based removal

IPs are typically delisted within 24 hours if no new spam is reported

No manual removal request process

Focus on preventing new spam reports

Reduce spam complaint rate below 0.1%

Clean your email list

Remove unengaged subscribers

Your website was hacked

Malicious links in your emails

Shared hosting with spammer

Recent spam complaint spikes in Google Postmaster

High bounce rates in your sending data

Compromised email accounts

Sudden volume increases

Content issues

Recent sending patterns

Spam complaint rates

Bounce rates

Any suspicious activity

✅ Clean your email list (we can help)

✅ Remove compromised accounts

✅ Implement proper authentication (SPF, DKIM, DMARC)

✅ Reduce sending volume temporarily

✅ Review and improve email content

✅ Set up double opt-in (we handle this)

Wait for automatic expiry (24 hours)

No manual removal available

Find their removal page

Follow specific instructions

Be prepared to explain fixes

Check blacklist status daily for 1 week

Monitor spam complaint rates closely

Watch bounce rates

Verify authentication is working

Contact support if re-listed

MX Toolbox: https://mxtoolbox.com/blacklists.aspx (Checks 100+ lists)

MultiRBL: http://multirbl.valli.org/ (Checks 200+ lists)

Debouncer Blacklist Check: https://www.debounce.io/blacklistcheck/

✅ We automatically remove hard bounces

✅ We clean inactive subscribers regularly

✅ We implement double opt-in

✅ We never use purchased lists

Check Google Postmaster weekly

Keep spam rate below 0.1%

Monitor domain reputation

Alert us to any drops

SendGrid configuration

DKIM key management

Subdomain setup

Add DNS records correctly

Fix nameserver issues

Monitor DMARC reports

IP warmup for new domains

Gradual volume scaling

Traffic pattern management

Email template review

Spam filter testing

Subject line optimization

Avoid spam trigger words

Don't send to purchased lists

Keep content relevant to recipients

Listed on multiple major blacklists (3+)

Re-listed after removal

Spamhaus listing (most critical)

Can't identify the cause

Removal requests denied

Business-critical emails blocked

Investigate sending patterns

Review spam complaint data

Check for compromised accounts

Coordinate with blacklist operators

Implement additional authentication

SPF record validity

DKIM configuration

DMARC policy

Blacklist status

DNS health

✅ SPF: PASS

✅ DKIM: Records found

✅ DMARC: Policy exists

✅ Blacklist: No listings

✅ DNS: No critical errors

MX Toolbox shows DNS errors

Nameserver problems suspected

Recently changed DNS providers

Nameserver consistency

SOA record validity

MX record configuration

User reports a specific email didn't arrive

Need to verify authentication on actual emails

Debugging spam folder placement

Gmail: Three dots → Show original

Outlook: File → Properties → Internet headers

Apple Mail: View → Message → Raw Source

SPF: Should be PASS

DKIM: Should be PASS

DMARC: Should be PASS

Return-Path: Should align with your domain

Domain reputation (aim for "High")

Spam rate (keep below 0.1%)

Authentication pass rate (should be 100%)

High ✅ - Excellent, keep doing what you're doing

Medium ⚠️ - Warning, investigate spam complaints

Low ❌ - Problem, reduce sending or fix list quality

Bad 🚨 - Critical, emails likely blocked

If blacklisted → See "Getting Off Email Blacklists" section above

If authentication failing → Fix DNS records

If reputation low → Contact support

See detailed "Getting Off Email Blacklists" section above for:

Barracuda removal: https://www.barracudacentral.org/rbl/removal-request

Spamhaus removal: https://www.spamhaus.org/lookup/

Contact support for help with removal process

Fix any authentication issues first

If authentication passing, contact support for content review

Contact support to verify on our end after DNS propagation

Contact support to check SendGrid configuration

Verify subdomain is properly configured

Add all 3 CNAME records to your DNS

Turn OFF Cloudflare proxy for CNAMEs (critical!)

Add DMARC TXT record

Set up Google Postmaster Tools

Run MX Toolbox health check

Verify DNS propagation (re-run MX Toolbox after 24-48 hours)

Send test emails to Gmail, Outlook, Yahoo

Verify emails land in inbox (not spam)

Set up DMARC report email filter

Document your DNS setup

Review Google Postmaster every Monday

Check DMARC reports weekly

Monitor for pass rate 95%+

Plan DMARC enforcement timeline

Run MX Toolbox health check

Verify IntoDNS shows no issues

Check blacklist status (https://mxtoolbox.com/blacklists.aspx)

Review Google Postmaster trends

Monitor authentication pass rates

Monthly sync with support on deliverability

Document any DNS or configuration changes

Inbox placement: 95%+

Open rate: 20%+

Spam rate: <0.1%

Domain reputation: High

Inbox placement: 85-90%

Open rate: 15-20%

Spam rate: 0.1-0.3%

Domain reputation: Medium

Inbox placement: <85%

Open rate: <15%

Spam rate: >0.3%

Domain reputation: Low or Bad

SendGrid Domain Authentication

Google Email Sender Guidelines

SPF Record Explanation

DKIM Setup Guide

DMARC Policy Guide

2025 Email Deliverability Guide

Email Deliverability Tutorial

Postmark DMARC Digests (Free)

Dmarcian (Paid)

MX Toolbox Blacklist Check (Checks 100+ lists)

Barracuda Removal Request

Spamhaus Lookup & Removal

MultiRBL Checker (Checks 200+ lists)