Improving email deliverability

Deliverability is the probability that an email you send through 10ex actually lands in the recipient’s inbox. It is not a single setting you flip on. It is the cumulative result of who you send from, how you authenticate, how fast you ramp, who you send to, and what the message contains.

This guide covers the discipline end to end. It applies to everything 10ex sends on your behalf: Nova sequences, Orion one-offs, and anything you launch from the Email Sequencer. 10ex sends through your own connected mailbox (Gmail or Outlook), so your domain’s reputation is what’s on the line, and these are the levers you control.

The short version

If you read nothing else:

1. Authenticate your sending domain. Set up SPF, DKIM, and DMARC before your first send. This is the single highest-impact thing you can do.
2. Warm up new domains and mailboxes. Never go from 0 to 500 sends/day on a cold domain. Ramp over 2–4 weeks.
3. Send to people who want to hear from you. Clean, consent-based, ICP-matched lists beat scraped volume every time.
4. Stay under provider limits. 10ex self-paces, but you set the ceiling. Don’t raise it past what your domain can bear.
5. Watch the signals. Bounce rate, spam-complaint rate, and reply rate are your early-warning system. React before reputation craters.

Why deliverability is your problem, not just ours

10ex does not send from a shared 10ex IP pool. Every email goes out through your connected Gmail or Outlook account (Connectors). The upside: your messages live in your Sent folder and replies come straight back to your inbox. The cost: the sending reputation that mailbox providers track — for your domain and your IP — is yours to build and yours to protect.

That means the controls below are not optional hardening for paranoid teams. They are the baseline for getting your mail delivered at all.

Authenticate your sending domain

Domain authentication proves to receiving mail servers that a message claiming to be from you@yourcompany.com was actually authorized by yourcompany.com. Without it, modern providers (Gmail, Outlook, Yahoo) will quietly route you to spam or reject you outright.

There are three records, and you want all three.

SPF

SPF (Sender Policy Framework) is a DNS TXT record listing the servers permitted to send mail for your domain. Because 10ex sends through Gmail or Outlook, your SPF record must authorize the provider you connected.

• Google Workspace: include include:_spf.google.com
• Microsoft 365: include include:spf.protection.outlook.com

A typical record looks like v=spf1 include:_spf.google.com ~all. Keep it to a single SPF record per domain — multiple SPF records is itself a failure. Watch the 10-DNS-lookup limit; exceeding it invalidates the whole record.

DKIM

DKIM (DomainKeys Identified Mail) attaches a cryptographic signature to every outgoing message. Receivers fetch your public key from DNS and verify the signature, confirming the message wasn’t tampered with and genuinely came from an authorized signer.

Enable DKIM in your mailbox provider’s admin console and publish the key it gives you:

• Google Workspace: Admin console → Apps → Google Workspace → Gmail → Authenticate email. Generate the key, add the CNAME/TXT record, then click Start authentication.
• Microsoft 365: Defender portal → Email & collaboration → Policies → DKIM. Enable signing for your domain and publish the two CNAME records.

DMARC

DMARC ties SPF and DKIM together and tells receivers what to do when a message fails both. Publish a TXT record at _dmarc.yourcompany.com.

Start in monitoring mode so you can see what’s failing without blocking legitimate mail:

v=DMARC1; p=none; rua=mailto:dmarc-reports@yourcompany.com

Once your reports show clean SPF/DKIM alignment, tighten the policy to p=quarantine and eventually p=reject. A published DMARC record — even at p=none — is now a hard requirement for sending volume to Gmail and Yahoo (see below).

Verify before you send

10ex surfaces a domain-auth check per send in the Email Sequencer: SPF, DKIM, and DMARC each show a pass/fail badge. Don’t launch a sequence with any of them red. If you’ve just published DNS records, give them time to propagate (minutes to a few hours) and re-run the check.

Warm up new domains and mailboxes

A brand-new domain or mailbox has no sending history, so providers have no reason to trust it. Blasting volume from a cold address is the fastest way to land in spam and stay there.

Warm-up means ramping send volume gradually so providers build a positive reputation for you.

• Start small. 10–20 sends/day in week one.
• Ramp gradually. Roughly double each week, watching bounce and complaint rates as you go.
• Prioritize engaged recipients early. Send your first warm-up batches to people likely to open and reply (existing contacts, warm leads). Early positive engagement teaches providers your mail is wanted.
• Reach steady state over 2–4 weeks. Only push toward your daily ceiling once reputation is established.

If you’re sending from a freshly registered domain, consider letting it age a few weeks before sending at all, and run real two-way conversations through the mailbox so it looks like a human inbox, not a cannon.

Send within limits

Volume spikes look like spam. Both 10ex and the underlying providers enforce ceilings.

How 10ex paces sends

Nova self-paces to under 50 sends/hour by default, and the cadence is configurable. The Email Sequencer spaces messages within a batch rather than firing them all at once. You set the daily ceiling; 10ex respects it. Raising the ceiling past what your warmed domain can bear is on you.

Provider ceilings

Your connected mailbox has its own hard limits, independent of 10ex:

These are caps, not targets. A warmed domain sending to a clean list rarely needs to approach them. If you need more volume than one mailbox supports, distribute across multiple authenticated mailboxes rather than hammering one.

Back off on rate limits

If a provider returns a rate-limit response, retry with exponential backoff rather than immediately resending. 10ex’s agents handle provider-side 429s internally — you don’t need to build retry logic for agent sends. If you’re calling the API directly, treat the wait as min(2^n, 60) seconds where n is the consecutive-failure count.

Keep your list clean

The recipients you send to shape your reputation more than almost anything else. Sending to dead, unconsented, or trap addresses is the fastest path to the spam folder.

• Send to people who expect you. Consent-based, ICP-matched lists outperform scraped volume every time. Use Marcus or Prospector to find ICP-matched leads and build a Segment over them rather than importing a bulk dump.
• Validate addresses before sending. Remove malformed and obviously invalid addresses up front. High bounce rates from bad addresses tank your reputation fast.
• Suppress hard bounces immediately. Never re-send to an address that hard-bounced. 10ex tracks bounces per lead; honor them.
• Honor unsubscribes instantly. Once someone opts out, they must never receive another message. This is both a reputation signal and a legal requirement (CAN-SPAM, GDPR, CASL).
• Prune dormant contacts. If a contact hasn’t engaged in 90+ days, either move them to a low-frequency re-engagement track (see the email playbook) or drop them. Sending to people who never open trains providers to deprioritize you.
• Avoid spam traps. Old, scraped, or purchased lists are riddled with trap addresses planted specifically to catch senders with poor list hygiene. Hitting them is a near-guaranteed blocklisting.

Write mail that doesn’t look like spam

Content filters score every message. You don’t need to game them — you need to not trip them.

• Establish history first. A prior, genuine exchange with a recipient dramatically reduces the odds of being flagged. This is why Nova’s per-lead personalization and warm-up sequencing matter.
• Personalize meaningfully. Generic blasts get filtered; relevant, specific messages don’t. Nova’s sequence_personalizer reads each lead’s context and tailors the opener — let it.
• Balance text and images. Image-only emails are a classic spam signal. Keep a healthy text-to-image ratio and never send a single-image email.
• Watch the links. Too many links, mismatched display-vs-target URLs, and link shorteners all raise suspicion. Link to your own authenticated domain.
• Skip spammy phrasing. All-caps subject lines, excessive punctuation (!!!), and trigger phrases (“FREE”, “ACT NOW”, “100% guaranteed”) hurt. Write like a person emailing a person.
• Include a real unsubscribe and a physical address. A working one-click unsubscribe and a postal address in the footer are required for bulk mail and reduce complaints.
• Test before you scale. Send a draft to a few seed inboxes across providers (a Gmail, an Outlook, a Yahoo) and confirm it lands in the inbox before launching to the full segment.

Provider-specific requirements

Gmail and Outlook publish their own sender requirements. Meeting them is mandatory once you cross their volume thresholds.

Google (bulk senders to Gmail)

If you send roughly 5,000+ messages per day to Gmail addresses, Google requires:

• Full domain authentication: SPF and DKIM and DMARC, all aligned.
• Valid forward and reverse DNS (PTR) records for your sending IPs.
• One-click unsubscribe in the message headers, with opt-outs honored within two days.
• A spam-complaint rate kept below 0.3% (and ideally under 0.1%). Crossing the threshold gets you throttled or blocked.

Even well under 5,000/day, meeting these requirements is good practice — Gmail rewards authenticated, low-complaint senders regardless of volume.

Microsoft / Outlook

Outlook weighs sender reputation heavily, and it’s especially sensitive to engagement:

• It tracks your reply and engagement ratios. Sending high volume with few replies drives your reputation score down.
• Recipients adding you to their safe-senders list is a strong positive signal — worth asking engaged contacts to do.
• Sudden volume spikes from a low-reputation domain are penalized hard. Warm up properly.

Yahoo and others

Yahoo’s requirements mirror Google’s: authentication, easy unsubscribe, and a low complaint rate. Following the Google checklist above keeps you compliant across the major consumer providers.

Monitor the signals

Deliverability degrades quietly. By the time mail is obviously landing in spam, your reputation is already damaged. Watch these continuously:

The Email Sequencer surfaces per-send deliverability signals (warm-up status, domain-auth check, throttling state). Watch bounce and complaint rates in particular — if either climbs, pause the sequence, fix the list or the content, and resume. Don’t push through a degrading trend.

Read your DMARC aggregate reports (the rua address you set above). They tell you which sources are sending as your domain and whether they pass authentication — your best signal that something is misconfigured or being spoofed.

Troubleshooting

When mail isn’t landing, work through this in order:

1. Re-check domain auth. Re-run the SPF/DKIM/DMARC check in the Sequencer. A lapsed or mistyped DNS record is the most common cause. Confirm records propagated.
2. Send through the native client. Compose and send the same message directly from Gmail/Outlook to a test address. If that lands in spam, the problem is your domain/mailbox reputation, not 10ex.
3. Check blocklists. Look up your sending domain and IP against the major blocklist databases (Spamhaus, Barracuda, and similar). A listing requires a delisting request and fixing whatever caused it.
4. Test without link tracking. Temporarily disable open/click tracking. Tracking rewrites links, which can trip filters; if deliverability improves without it, that’s your culprit.
5. Confirm the address isn’t already flagged. A recipient who previously marked you as spam will keep routing you to spam. Suppress and move on.
6. Inspect the content. Run the message through the content checklist above. Strip images-only layouts, trim links, soften subject lines.

A persistent provider-side block (a hard reject with a reputation or policy code) almost always points to domain reputation or a mail-server misconfiguration that needs your domain administrator to resolve — it’s not something a content tweak will fix.

Common questions

Do I need SPF, DKIM, and DMARC, or is one enough? All three. SPF and DKIM are the authentication mechanisms; DMARC is the policy that ties them together and is now a hard requirement for sending volume to Gmail and Yahoo. One without the others leaves gaps that providers penalize.

I just connected a brand-new domain. Can I launch a 500-person sequence today? No. Warm up first. Start at 10–20 sends/day and ramp over 2–4 weeks. A cold domain blasting 500 sends is the fastest route to spam, and recovering reputation is far slower than building it.

My SPF/DKIM check is red but I published the records. DNS takes time to propagate — minutes to a few hours. Re-run the check after propagation. If it’s still red, confirm you have exactly one SPF record, you’re under the 10-lookup limit, and the DKIM key matches what your provider’s console shows.

My bounce rate spiked mid-sequence. What do I do? Pause immediately. A bounce spike means stale or invalid addresses, and every hard bounce damages reputation. Clean the segment (validate addresses, suppress bounces), then resume.

Why does Outlook hate my mail when Gmail delivers fine? Outlook weighs reply/engagement ratios harder than Gmail. High-volume, low-reply sending drags down your Outlook reputation specifically. Tighten your targeting, lift reply rate, and ask engaged contacts to add you as a safe sender.

Related

• Email playbooks: cold, nurture, and re-engagement sequence patterns
• Nova: email sequences and Orion: one-off outreach
• Connectors: connecting and authenticating Gmail or Outlook
• Marketing → Email Sequence: the sending surface
• Rate limits: backoff behavior for direct API sends