Email Deliverability Checklist (2024+) – SPF, DKIM, DMARC & Headers
A concise checklist aligned to what Gmail, Yahoo, and Microsoft expect: SPF, DKIM, DMARC, and key headers so you can fix issues before they affect inbox placement.
If sending fails with SMTP errors (e.g. 535 5.7.3), check SMTP AUTH migration.
Checklist
- SPF record present and valid (syntax, ≤10 lookups, no permerror).
- DKIM signing enabled and selector(s) resolving.
- DMARC record present; p=none minimum, with rua for reports.
- DMARC alignment: From domain aligns with SPF or DKIM (relaxed or strict).
- List-Unsubscribe header in bulk/marketing mail (mailto and/or https).
- List-Unsubscribe-Post: List-Unsubscribe=One-Click if you support one-click.
- No multiple SPF or DMARC records for the same domain.
- Consistent sending domain (avoid mixing many domains without each configured).
Run a deliverability scan
We check all of the above in one scan. No signup required.
FAQ
What do Gmail and Yahoo require in 2024?
SPF and/or DKIM, DMARC with at least p=none (and often quarantine/reject for bulk), and List-Unsubscribe (and List-Unsubscribe-Post for one-click) for marketing/bulk. They also expect consistent domain alignment and low spam rates.
Do I need both SPF and DKIM?
Best practice is both. DMARC can pass with either SPF or DKIM in alignment. Having both gives redundancy and helps with forwarding and different sending paths.
What order should I fix things?
SPF first (so it’s valid and under 10 lookups), then DKIM (signing), then DMARC (start p=none with rua, then move to quarantine/reject). Add List-Unsubscribe for bulk. Then monitor and fix issues from reports.
Is this checklist enough for Microsoft?
Microsoft (Outlook, etc.) follows similar rules: SPF, DKIM, DMARC matter. List-Unsubscribe helps. They also use their own reputation and filtering; the checklist covers the main technical bars.
Related reading
Read-only checks. We don't send email or modify DNS. How we check