Email deliverability for SaaS: a founder's guide to inbox placement
Email deliverability for SaaS is one of those things that nobody thinks about until it breaks. Your onboarding sequence is live, your trial conversion emails are set up, and then you notice that activation is softer than it should be. Half the time, the emails are landing in spam and you never knew. This guide covers the technical foundation (SPF, DKIM, DMARC), the behavioral signals that protect your sender reputation, and the underrated point that behavior triggered, segmented sending is one of the most effective deliverability strategies you have.
Deliverability is a silent conversion killer.
Most SaaS teams discover they have a deliverability problem by noticing a downstream symptom: activation rates that plateau, trial conversion that underperforms, or churn that arrives faster than the data would predict. The emails that were supposed to prevent those outcomes were landing in spam the whole time.
Deliverability is not binary. It is a reputation score maintained by each inbox provider, shaped by your authentication setup, your sending behavior, and how your recipients respond to your mail. Get the technical foundation right and then protect your reputation with relevant, segmented sending, and most of your mail reaches the primary inbox without you ever having to think about it again.
The good news is that for a typical SaaS product, inbox placement is not complicated to achieve. The technical setup takes an afternoon. The behavioral habits are a natural byproduct of building a proper lifecycle email automation system rather than blasting campaigns to your whole list.
SPF, DKIM, and DMARC: what each one does.
Email authentication is three DNS records that prove you are who you say you are. Google and Yahoo have required all three for bulk senders since 2024. If you send through Resend, AWS SES, Mailgun, or any SMTP relay, your ESP's documentation will give you the exact DNS values to add. The concepts are worth understanding so you know what you are setting up and why. See our integrations page for DNS setup guides specific to each supported provider.
SPF: tell receivers which servers you trust.
SPF is a DNS TXT record on your sending domain. It lists every mail server or service authorized to send email on your behalf. When a receiving server gets your message, it checks whether the sending IP is in your SPF record. A soft fail (~all) marks non-matching messages as suspicious; a hard fail (-all) rejects them outright. If you send through Resend, AWS SES, or Mailgun, each provider will give you the exact include: value to add. Keep the record to ten or fewer lookups or SPF breaks silently.
DKIM: cryptographically sign every message.
DKIM adds a cryptographic signature to the headers of every email you send. Your ESP generates a public/private key pair. The private key signs outgoing messages; the public key lives in a DNS TXT record at a selector subdomain like mail._domainkey.yourdomain.com. Receiving servers use the public key to verify that the message body and headers have not been tampered with in transit. A 2048-bit DKIM key is the current best practice. DKIM is what survives email forwarding, where SPF can break.
DMARC: define what happens when authentication fails.
DMARC is a policy record that ties SPF and DKIM together. It tells receiving servers what to do when a message fails both checks: none (monitor only), quarantine (send to spam), or reject (block entirely). Start with p=none and monitor the aggregate reports (rua) that inbox providers send back. Once you have confirmed that all your legitimate sending infrastructure passes authentication, move to p=quarantine and then p=reject. DMARC aggregate reports are genuinely useful, they show you every IP that sent mail claiming to be from your domain.
One practical note on DMARC alignment: for DMARC to pass, the domain in your From header must align with either the SPF domain (relaxed or strict) or the DKIM signing domain. If your ESP sends from a subdomain like mail.yourapp.com but your From address is you@yourapp.com, check that your DMARC policy uses relaxed alignment (adkim=r; aspf=r, which is the default) so subdomain sends still pass. See the Resend integration guide for a concrete example of how to configure this correctly.
The four signals that shape your sender reputation.
Authentication proves you own your domain. Sender reputation is the score that inbox providers assign based on how you behave. A clean authentication setup with poor sending habits will still land your email in spam. These are the signals that matter most.
Spam complaint rate.
The most punishing signal. Google's current guidelines flag senders who exceed 0.10% spam complaints, and reaching 0.30% can cause widespread inbox placement problems. Every irrelevant blast that hits a user who forgot they signed up is a potential complaint. Triggered, segmented email dramatically reduces this risk because the message is expected and relevant.
Hard bounce rate.
A hard bounce means the address does not exist or permanently rejects mail. Continuing to send to hard-bounced addresses tells inbox providers that your list hygiene is poor. Suppress hard bounces immediately and never retry them. Most ESPs do this automatically, but verify that your suppression list is active.
Engagement rate.
Opens and clicks are positive signals; unopens from the same address repeated over dozens of sends are negative ones. Gmail in particular uses engagement history when deciding whether to place your next message in the primary tab, promotions, or spam. Emailing a segment of disengaged users through the same sending domain as your transactional email puts your receipts and password resets at risk.
Volume consistency.
Sudden spikes from a new sending domain or IP look suspicious to inbox providers. If you are spinning up a new domain or ESP, warm it gradually: start with a few hundred messages per day to your most engaged users, then double every few days until you reach your target volume. The same principle applies if you have been quiet for months and then want to send a reactivation campaign.
List hygiene is not optional.
A list full of dead addresses and disengaged contacts is a liability, not an asset. The math is simple: when 30% of your list never opens anything, your effective engagement rate is suppressed, and that suppressed rate is what inbox providers measure.
Hard bounces must be removed immediately and permanently. Most ESPs handle this automatically, but make sure your suppression list is active and that bounces from one campaign cannot be retried by the next. Check this explicitly when you first connect an ESP.
For inactive subscribers, set a sunset policy. A reasonable default: if a user has not opened an email in 90 days, send one re-engagement message. If they do not respond, suppress them. Some of those people are still active customers who just read email in a preview pane without triggering opens, so cross-check against product login events before suppressing paying users. GetFluxly's unified customer profiles make this straightforward: you can build a segment of users who have not received an open event in 90 days but who did log in within the last 30, and keep them in the flow.
The hardest list hygiene decision is what to do with free tier users who signed up, never activated, and have been silent for six months. The honest answer is: suppress them. They are dragging down your deliverability for everyone else.
Behavior triggered sending is your best deliverability defense.
Here is the point that most deliverability guides miss: how you send is as important as what you set up in DNS. Behavior triggered, segmented email is inherently better for deliverability than broadcast campaigns because you are sending to fewer people, and the people you are sending to actually wanted to hear from you at that moment.
When a user hits a usage limit, they get one email about upgrading. When they invite a teammate, they get an onboarding nudge for collaboration features. When they have not logged in for a week during their trial, they get a check-in. None of these emails go to anyone they are not relevant to. That relevance produces higher open rates, lower spam complaints, and a sender reputation that compounds over time.
Contrast that with a blast campaign to your entire list: a large portion of recipients will not recognize why they are getting the email, will not open it, and a small fraction will mark it as spam. Do that a few times and your sender score starts degrading, which hurts your transactional email too.
GetFluxly's automations are built around this model. Flows trigger on real product events, run on the customer profile, and exit the moment the user takes the target action. The result is a sending pattern that inbox providers see as high-engagement, low-complaint, and highly consistent, which is exactly what you want. Read more about setting up this kind of system in our guide to reducing SaaS churn with email automation.
How to know if you have a deliverability problem.
Three places to check. First, your DMARC aggregate reports. Set up a free DMARC reporting inbox (or use a service like Postmark's DMARC Digests) and read the weekly summaries. They tell you every sending source that used your domain and whether authentication passed. Failing reports you do not recognize usually mean someone is spoofing your domain or you have a forgotten mail service you forgot to add to SPF.
Second, Google Postmaster Tools. If you send any volume to Gmail addresses, register your domain at Postmaster Tools and monitor the spam rate and domain reputation charts. A reputation drop shows up here before it shows up in your open rates.
Third, your send outcome data. GetFluxly surfaces email send outcomes back into the customer profile, so you can see bounces and complaints attributed to individual users and automation flows rather than looking at aggregate ESP reports that hide which segment caused the problem. See the analytics overview for how outcome data flows back into profiles.
Email deliverability for SaaS, answered.
What is email deliverability and why does it matter for SaaS?
Email deliverability is the rate at which your emails actually reach the recipient's inbox rather than spam or being silently dropped. For SaaS products it matters because your most critical messages, things like password resets, trial expiry warnings, and onboarding nudges, all depend on inbox placement. A deliverability problem is often invisible until your activation rate or trial conversion rate drops without an obvious cause.
What DNS records do I need to set up for email authentication?
You need three: SPF (a TXT record on your sending domain that lists which servers are allowed to send on your behalf), DKIM (a TXT record containing a public key that your ESP uses to sign every message), and DMARC (a TXT record that tells receiving servers what to do when SPF or DKIM fail, and where to send failure reports). All three are required by Google and Yahoo for bulk senders as of 2024.
Does behavior triggered email help deliverability?
Yes, meaningfully. When you email only the users who took a specific action, your list is smaller and more relevant. Smaller, relevant sends produce higher open rates and lower spam complaint rates, which are the two engagement signals that inbox providers use to judge sender reputation. Blasting your whole list with a campaign that most recipients ignore is one of the fastest ways to erode your sender score.
What is a good spam complaint rate to aim for?
Google's sender guidelines (as of June 2026) state that senders should keep their spam complaint rate below 0.10% and avoid reaching 0.30%. Even a brief spike above 0.30% can trigger deliverability problems that take weeks to recover from. The easiest way to stay below that threshold is to only email people who asked to hear from you, and to make unsubscribing easy.
How often should I clean my email list?
At a minimum, suppress hard bounces immediately and remove them permanently. For inactive addresses, consider suppressing anyone who has not opened an email in 90 to 180 days after a re-engagement attempt. Sending to a list full of unengaged or dead addresses drags down your engagement metrics and signals poor list hygiene to inbox providers.
Deliverability is infrastructure. Set it up correctly once, build your sending behavior around relevance and product signals, and it runs in the background protecting every email you send. The founders who treat it as an afterthought discover the problem at the worst possible time, usually when they are trying to figure out why trial conversion is underperforming.
Send behavior triggered email that protects your sender reputation.
GetFluxly connects to Resend, Mailgun, AWS SES, or any SMTP relay you already run. Start free today. The Hacker tier is $0 forever. Paid plans start at $39/mo, and every new account gets a 14-day trial with Growth-level access. No credit card required.