Blogs
Mar 11, 2025
A technical guide designed for software developers, including technical requirements and best practices ensuring product-to-user emails reach the inbox.
Motivation
Your application's carefully crafted notifications are useless if they never reach your users. With spam filters becoming increasingly sophisticated and email service providers enforcing stricter rules, developers need to understand email deliverability from a technical perspective.
This guide outlines the critical technical practices that will significantly improve your email deliverability rates and keep your notifications out of the spam folder.
The Easy Solution
NotificationAPI implements most of these best practices out of the box. It's simply a better approach than figuring these out on your own and risking getting your email accounts banned.
Alternatively, let's learn how to do it yourself:
Technical Requirements for Email Deliverability
1) Authentication Protocols: The Technical Foundation
Email authentication protocols are non-negotiable for modern email delivery. They verify that your emails actually come from you and haven't been tampered with in transit.
SPF (Sender Policy Framework)
SPF is a DNS record that identifies which mail servers are permitted to send email on behalf of your domain.
Without proper SPF records, receiving servers may reject your emails or flag them as spam because they cannot verify if the sending server is authorized.
DKIM (DomainKeys Identified Mail)
DKIM adds a digital signature to your emails that verifies they haven't been altered during transmission.
DKIM signatures help email clients verify the authenticity of your messages and improve deliverability.
DMARC (Domain-based Message Authentication, Reporting & Conformance)
DMARC builds on SPF and DKIM, providing instructions on what to do with emails that fail authentication and offering reporting capabilities. The example below tells email services to place 100% of messages that don't comply with our DKIM/SPF in the spam folder:
A proper DMARC implementation is now practically mandatory for reliable email delivery to major providers like Gmail, Yahoo, and Outlook.
NotificationAPI automatically sets your DKIM, SPF, and a reasonable DMARC policy.
2) Required Unsubscribe Mechanisms
Visible Unsubscribe Link
Every notification email must include a clearly visible unsubscribe link, typically in the footer. This is not just a legal requirement (CAN-SPAM Act, GDPR) but a technical necessity.
When users can't find an unsubscribe link, they're more likely to mark your email as spam, which damages your sender's reputation. Even a small percentage of spam reports can severely impact overall deliverability.
In NotificationAPI, you can simply do this by adding `{{notificationapi:unsubscribe_url}} to the bottom of your emails.
List-Unsubscribe Email Header
As of February 2024, Google and Yahoo require bulk senders to implement the List-Unsubscribe header. This header provides a standardized way for email clients to enable one-click unsubscribe functionality.
The header should include both a mailto: and an HTTP or HTTPS URL option when possible. The mailto: option must process unsubscribe requests within 2 days, while the HTTP(S) option should process them immediately.
NotificationAPI has this functionality built-in.
3) List Hygiene and Consent
Proper Opt-In Mechanisms: Opt-in is a legal requirement in many jurisdictions.
Regular List Cleaning: Do not send to email addresses that haven't engaged with your emails in the past 3-6 months. Inactive subscribers can harm your deliverability metrics.
Suppression List: You must also maintain a "suppression list" that has all the email addresses that bounced or complained about you and check any outgoing email against them. Sending emails to these addresses further damages your sender's reputation with email services. NotificationAPI has already implemented this list for you.
4) Email Content Considerations
Sender and Reason Clarity
Many people forget your company's brand name or whether they even signed up. If they don't recognize your email, they are likely to report it as spam, which will damage your domain reputation and prevent them and others from receiving your emails.
The email's human-readable "from name", subject line, and the beginning of your email should clearly state:
who you are
why you are contacting the recipient, especially if they haven't received an email from you before or in a while
You can read more about this here.
NotificationAPI allows you to dynamically set the From Name, From Address, Subject, and the content of your email notifications.
Link Quality and Domain Consistency
Email filters heavily scrutinize links in messages, as malicious links are a primary vector for phishing attacks.
Avoid broken links: Modern spam filters crawl links in your emails to verify they're legitimate. Broken links or links that redirect to error pages significantly increase the chance of your email being flagged as spam.
Use branded domains for all links: Links to generic service URLs (like Amazon S3 bucket addresses, default Firebase authentication pages, or URL shorteners) are major spam triggers. Always use your own branded domain for:
Asset hosting (images, PDFs, etc.)
Authentication flows
Landing pages
For mission-critical emails, implement a pre-send validation system that checks all links against these criteria.
Content and Structure
Email clients scan content for spam indicators. Avoid:
Overly complex HTML/CSS structure - visually simpler emails are better
Excessive use of capital letters or exclamation points
Spam trigger words like "free", "guarantee", "no obligation"
Image-only emails without sufficient text, appropriate text-to-image ratio
Deceptive subject lines that don't match content
Conclusion
Email deliverability is fundamentally a technical challenge that requires proper implementation of authentication protocols, unsubscribe mechanisms, and consent management. By following these best practices, you can significantly improve the chances of your product-to-user emails reaching the inbox rather than the spam folder.
Remember that email deliverability is an ongoing process, not a one-time setup. Continuously monitor your metrics and adapt to the evolving landscape of email provider requirements.