®
Jesse Hanley
Founder & CEO, Bento
Hey everyone!
The top priority this year is ensuring compliance with the latest email marketing standards as outlined by Gmail, Yahoo, and leading blocklist providers like Spamhaus.
All inbox and blocklist providers are asking (and soon enforcing) that marketers get their act together or risk not landing in the inbox.
This checklist below is a friendly guide to ensure your email marketing program is compliant and that you are in the best position to keep running without issues. It should also protect you and others from potential attacks.
We strongly recommend spending a few days to review the checklist and address as many items as you can. If you need personal help, book a call with our team. We are always happy to help no matter the size of your account.
Book a free deliverability sessionThe Deliverability Checklist
Work through each category. Critical items should be addressed first, then High Impact, then everything else.
Bad actors love to abuse sign-up forms by automatically submitting emails via bots. Implement a CAPTCHA such as Cloudflare Turnstile or use a WAF service like Cloudflare or Wafris to detect and block automated attempts before they reach your server.
Bento: For all Bento-provided forms, we use Cloudflare WAF and Managed Challenges. If you use a third-party plugin, make sure it has similar protections.
Limit the number of form submissions per day per IP address to stop spammers from flooding your sign-up forms. Also consider a global rate limit to stop distributed attacks across multiple IPs.
Bento: For all Bento-provided forms, we use Cloudflare WAF to rate limit by IP. If you use a third-party, check with their support about rate limiting.
Spammers often abuse authentication forms to create bulk accounts. Implement rate limits on sign-ups, invitations, and password resets per IP per day.
Don't allow personalization fields (first_name, last_name) in initial emails. These can be abused to inject malicious links or spam content.
Bento: We provide AI detection that catches most of these attacks, but we recommend restricting personalization until the user is verified.
If you deal with a high volume of sign-ups, consider using StopForumSpam.com to detect known bad IP addresses and emails.
Every form should clearly tell users what emails they will receive after submission. Only send emails that match what the user consented to.
Use a validation service to check email addresses at the point of entry. This catches misspellings and obvious spam addresses before they hit your list.
Bento: We provide an API to check email validity before submission. Contact support for access.
Many bots look for simple single-field forms. Making forms multi-step where the input is hidden behind an interaction reduces automated sign-ups significantly.
Honeypot fields are invisible to real users but get filled by bots, making it easy to detect and block automated submissions.
Bento: We strongly recommend SaaS providers and WordPress users implement honeypot fields on their sign-up forms.
Block submissions that happen impossibly fast (under 1 second). Real humans take time to fill out forms.
Bento: This tactic has worked well for us at Bento on our own sign-up forms.
Confirmed Opt-In requires users to verify their email before receiving further emails. It is the best way to ensure subscribers actually want your emails and is highly encouraged by blocklist providers like Spamhaus.
Bento: Bento provides multiple ways to implement COI. We recommend booking a call with our team to craft a program specific to your needs.
Once an email hits your platform, run MX record checks and advanced validation. Misspelled, malformed, or undeliverable addresses should be unsubscribed immediately.
Bento: Bento's Spam API monitors new sign-ups and proactively unsubscribes them if they meet spam criteria.
Don't overwhelm new subscribers. Ask yourself whether the user actually wants each email you're about to send.
Your first email should set expectations about what the subscriber will receive, how to unsubscribe, and how to contact you.
Only email people who have explicitly opted in and expect your emails. Confirmed Opt-In is the gold standard here.
Bento: We provide easy ways to segment out unengaged users. Contact support if you need help.
Segment your list by engagement and focus on users who actively interact with your emails and business.
Bento: Limit how often you email your entire list. Always segment out uninterested users.
Subject lines should accurately represent your email content. Avoid emojis, clickbait, or misleading phrases that trigger spam filters.
Bento: Bento provides a free headline grader that flags unclear subject lines.
Keep email body content clear and easy to understand. Don't use manipulative language or excessive HTML.
Bento: We recommend using the plain text editor where possible for better deliverability.
Place an unsubscribe link in both the header and footer of every email. Easy unsubscription reduces spam reports.
Bento: Use {{ visitor.unsubscribe_url | hyperlink: 'Unsubscribe' }} anywhere in your email. Bento enforces at least one unsubscribe link.
Let users choose what types of emails they receive. Not every subscriber wants every type of email.
Provide a clear way for users to reach you, especially for reporting abuse. Quick response prevents escalation.
Physical address and contact details are legally required in many countries and build trust with recipients.
Remove inactive users and addresses that never open your emails. A clean list protects your sender reputation.
Bento: Bento makes it easy to bulk unsubscribe unengaged users.
Link shorteners (bit.ly, etc.) are heavily used by spammers. Avoid them in emails entirely.
All links in your emails should use HTTPS. Insecure HTTP links erode trust and can trigger spam filters.
Reducing tracking can improve deliverability and user trust. Weigh the tradeoff against engagement data.
Bento: Bento lets you easily toggle tracking off. The downside is less engagement data.
Build an automated process that contacts inactive users and removes them if they still don't engage. This keeps your list healthy over time.
Bento: Use a Time Trigger automation in Bento to automatically contact and remove unengaged users.
Sending from healthy, reputable IP addresses matters. Choose a provider that actively monitors sender quality and works with you on issues.
Bento: All new Bento customers are manually approved before sending. We monitor reputation and are available to work on programs together.
DKIM records verify that your email providers are authorized to send email from your domain. Use aboutmy.email to verify your setup.
Bento: We provide step-by-step guides inside your account, and we are happy to walk you through it on a call.
Configure your ReturnPath domain correctly so email providers can verify you authorized the sending server. Use aboutmy.email to verify.
Bento: We provide easy guides inside your account and are happy to help on a call.
DMARC ensures all emails from your domain are authenticated and prevents unauthorized servers from spoofing your domain.
Bento: We provide easy guides inside your account and are happy to help on a call.
Brand Indicators for Message Identification displays your logo in email clients. Requires a trademark registration first.
Your domain WHOIS records should be accurate, current, and public. Anonymous WHOIS is viewed negatively by blocklist providers.
Every email you send should have a real inbox for replies. Whether a custom Reply-to or a monitored inbox, make sure replies reach a human.
When migrating, import only clean lists. Ensure unsubscribed, bounced, and spam-marked addresses are handled correctly by the new provider.
Send slowly and in batches when starting on a new platform. This gives your new IP addresses time to build reputation.
Bento: We provide batch sending tools to help you warm up gradually.
Frequently Asked Questions
Ready to improve your deliverability?
Start your 30-day free trial with built-in deliverability tools.
Free30-day trial·No credit card required·Book a demo