®
Work through the full checklist.
Start with Critical items, then High Impact, then the rest. Most teams can make real progress in a few focused sessions.
Bad actors love to abuse sign-up forms by automatically submitting emails via bots. Implement a CAPTCHA such as Cloudflare Turnstile or use a WAF service like Cloudflare or Wafris to detect and block automated attempts before they reach your server.
Bento tip. For all Bento-provided forms, we use Cloudflare WAF and Managed Challenges. If you use a third-party plugin, make sure it has similar protections.
Limit the number of form submissions per day per IP address to stop spammers from flooding your sign-up forms. Also consider a global rate limit to stop distributed attacks across multiple IPs.
Bento tip. For all Bento-provided forms, we use Cloudflare WAF to rate limit by IP. If you use a third-party, check with their support about rate limiting.
Spammers often abuse authentication forms to create bulk accounts. Implement rate limits on sign-ups, invitations, and password resets per IP per day.
Don't allow personalization fields (first_name, last_name) in initial emails. These can be abused to inject malicious links or spam content.
Bento tip. We provide AI detection that catches most of these attacks, but we recommend restricting personalization until the user is verified.
If you deal with a high volume of sign-ups, consider using StopForumSpam.com to detect known bad IP addresses and emails.
Every form should clearly tell users what emails they will receive after submission. Only send emails that match what the user consented to.
Use a validation service to check email addresses at the point of entry. This catches misspellings and obvious spam addresses before they hit your list.
Bento tip. We provide an API to check email validity before submission. Contact support for access.
Many bots look for simple single-field forms. Making forms multi-step where the input is hidden behind an interaction reduces automated sign-ups significantly.
Honeypot fields are invisible to real users but get filled by bots, making it easy to detect and block automated submissions.
Bento tip. We strongly recommend SaaS providers and WordPress users implement honeypot fields on their sign-up forms.
Block submissions that happen impossibly fast (under 1 second). Real humans take time to fill out forms.
Bento tip. This tactic has worked well for us at Bento on our own sign-up forms.
Confirmed Opt-In requires users to verify their email before receiving further emails. It is the best way to ensure subscribers actually want your emails and is highly encouraged by blocklist providers like Spamhaus.
Bento tip. Bento provides multiple ways to implement COI. We recommend booking a call with our team to craft a program specific to your needs.
Once an email hits your platform, run MX record checks and advanced validation. Misspelled, malformed, or undeliverable addresses should be unsubscribed immediately.
Bento tip. Bento's Spam API monitors new sign-ups and proactively unsubscribes them if they meet spam criteria.
Don't overwhelm new subscribers. Ask yourself whether the user actually wants each email you're about to send.
Your first email should set expectations about what the subscriber will receive, how to unsubscribe, and how to contact you.
Sending from healthy, reputable IP addresses matters. Choose a provider that actively monitors sender quality and works with you on issues.
Bento tip. All new Bento customers are manually approved before sending. We monitor reputation and are available to work on programs together.
DKIM records verify that your email providers are authorized to send email from your domain. Use aboutmy.email to verify your setup.
Bento tip. We provide step-by-step guides inside your account, and we are happy to walk you through it on a call.
Configure your ReturnPath domain correctly so email providers can verify you authorized the sending server. Use aboutmy.email to verify.
Bento tip. We provide easy guides inside your account and are happy to help on a call.
DMARC ensures all emails from your domain are authenticated and prevents unauthorized servers from spoofing your domain.
Bento tip. We provide easy guides inside your account and are happy to help on a call.
Brand Indicators for Message Identification displays your logo in email clients. Requires a trademark registration first.
Your domain WHOIS records should be accurate, current, and public. Anonymous WHOIS is viewed negatively by blocklist providers.
Every email you send should have a real inbox for replies. Whether a custom Reply-to or a monitored inbox, make sure replies reach a human.
When migrating, import only clean lists. Ensure unsubscribed, bounced, and spam-marked addresses are handled correctly by the new provider.
Send slowly and in batches when starting on a new platform. This gives your new IP addresses time to build reputation.
Bento tip. We provide batch sending tools to help you warm up gradually.
Only email people who have explicitly opted in and expect your emails. Confirmed Opt-In is the gold standard here.
Bento tip. We provide easy ways to segment out unengaged users. Contact support if you need help.
Segment your list by engagement and focus on users who actively interact with your emails and business.
Bento tip. Limit how often you email your entire list. Always segment out uninterested users.
Subject lines should accurately represent your email content. Avoid emojis, clickbait, or misleading phrases that trigger spam filters.
Bento tip. Bento provides a free headline grader that flags unclear subject lines.
Keep email body content clear and easy to understand. Don't use manipulative language or excessive HTML.
Bento tip. We recommend using the plain text editor where possible for better deliverability.
Place an unsubscribe link in both the header and footer of every email. Easy unsubscription reduces spam reports.
Bento tip. Use {{ visitor.unsubscribe_url | hyperlink: 'Unsubscribe' }} anywhere in your email. Bento enforces at least one unsubscribe link.
Let users choose what types of emails they receive. Not every subscriber wants every type of email.
Provide a clear way for users to reach you, especially for reporting abuse. Quick response prevents escalation.
Physical address and contact details are legally required in many countries and build trust with recipients.
Remove inactive users and addresses that never open your emails. A clean list protects your sender reputation.
Bento tip. Bento makes it easy to bulk unsubscribe unengaged users.
Link shorteners (bit.ly, etc.) are heavily used by spammers. Avoid them in emails entirely.
All links in your emails should use HTTPS. Insecure HTTP links erode trust and can trigger spam filters.
Reducing tracking can improve deliverability and user trust. Weigh the tradeoff against engagement data.
Bento tip. Bento lets you easily toggle tracking off. The downside is less engagement data.
Build an automated process that contacts inactive users and removes them if they still do not engage. This keeps your list healthy over time.
Bento tip. Use a Time Trigger automation in Bento to automatically contact and remove unengaged users.
Bento includes deliverability infrastructure out of the box.
Monitoring, validation, batching controls, and spam protection are built into Bento because good deliverability should not depend on a stack of extra tools.
- Reputation monitoring
- Spot sender issues before the next campaign goes out.
- Email validation
- Catch invalid, disposable, and risky addresses early.
- Batch sending controls
- Warm up new reputation more safely and pause when needed.
- Spam detection
- Reduce bad sign-ups and protect list quality before damage spreads.
Keep reading where the checklist gets specific.
Use the docs for setup help, then compare your process against inbox provider guidance from Google and Spamhaus.
Bento Deliverability Docs
Start with Bento’s docs for approvals, authentication, and deliverability workflows.
Double Opt-In Guide
Set up confirmed opt-in and reduce complaint risk before you scale.
Warmup Guide
Ramp volume carefully when moving to a new provider or domain.
Spamhaus' Marketing Email FAQ
Best practices straight from the biggest blocklist provider.
Google's Sender Guidelines
Official requirements for sending to Gmail and Google Workspace.
FAQ
Frequently Asked Questions
Answers to the implementation, pricing, and switching questions teams usually ask before moving their sending stack.
Ready to improve your deliverability?
Start your 30-day free trial with built-in deliverability tools.