Email deliverability has a specialised vocabulary that spans multiple technical domains: DNS, SMTP, cryptography, ISP policy, and commercial email operations. This glossary defines the terms used throughout the email deliverability field — from authentication protocols to ISP-specific reputation signals — with definitions written for practitioners who need to understand both the technical meaning and the operational relevance of each term.
A–B: ARF, ARC, Bounce, BIMI, Backscatter
Abuse Reporting Format (ARF): The standard format for ISP feedback loop complaint messages. When a Gmail or Yahoo user marks an email as spam, the ISP generates an ARF report (defined in RFC 5965) and sends it to the sender's registered FBL address. ARF reports contain a copy of the reported message and the complaint metadata. Senders use ARF report processing to identify and suppress the complaining recipient.
ARC (Authenticated Received Chain): An email authentication standard (RFC 8617) that preserves authentication status across forwarding hops. When an email is forwarded or processed through a mailing list, the original DKIM signature may break. ARC allows the forwarding server to add a signed chain of custody record that attests to the original authentication state — enabling the final destination to evaluate the pre-forwarding authentication even after the original signature has been invalidated.
Backscatter: Non-Delivery Reports (NDRs or bounce messages) sent to a forged sender address by mail servers that received and processed spam using the recipient's domain in the From address. A mail server that accepts and then bounces a message to a spoofed From address sends the bounce to an innocent third party — the backscatter. Backscatter from a domain indicates that the domain's From address is being used in spam without DMARC enforcement to prevent it.
BIMI (Brand Indicators for Message Identification): An email specification that allows inbox providers to display a brand's verified logo next to authenticated emails. BIMI requires DMARC at enforcement level (p=quarantine or p=reject) and a Verified Mark Certificate (VMC) or Common Mark Certificate (CMC) for Gmail logo display. Supported by Gmail, Yahoo Mail, Apple Mail, and La Poste. Not yet supported by Microsoft Outlook.
Blacklist (also blocklist): A database of IP addresses or domains that have been identified as sources of spam or malicious email. Major blocklists include Spamhaus SBL/XBL/PBL, Barracuda BRBL, SORBS, and Cisco Talos. ISPs and corporate email gateways query blacklists to decide whether to accept or reject connections from listed IPs. Being listed on a major blacklist causes immediate delivery failures at organisations that use that specific blacklist as an input.
Bounce: An email that cannot be delivered to its destination. Hard bounce: a permanent delivery failure caused by an invalid or non-existent email address (SMTP 5xx response). Hard-bounced addresses must be immediately added to the sender's suppression list — continuing to send to hard-bounce addresses damages sender reputation. Soft bounce: a temporary delivery failure caused by conditions like a full mailbox, server unavailability, or temporary rate limiting (SMTP 4xx response). The MTA retries soft-bounced messages according to its retry schedule.
C–D: CAN-SPAM, DKIM, DMARC, Deferral, Domain Reputation
CAN-SPAM Act: The US federal law (Controlling the Assault of Non-Solicited Pornography And Marketing Act, 2003) that sets requirements for commercial email. Key requirements: identify the message as an advertisement, include a valid physical mailing address, provide an opt-out mechanism, honour opt-out requests within 10 business days. CAN-SPAM does not require opt-in consent before sending — it is a permission-optional framework unlike GDPR.
CMC (Common Mark Certificate): A BIMI certificate type introduced in 2023 that does not require a registered trademark. CMC requires proof of 12+ months of public logo use. Gmail accepts CMC for logo display (but not the verified checkmark, which requires VMC). CMC made BIMI accessible to organisations without trademark registrations.
Complaint rate: The percentage of messages marked as spam by recipients. Measured at Gmail through Postmaster Tools (spam rate), at Yahoo via FBL reports, and at Microsoft via JMRP. Google's published threshold: keep Gmail spam rate below 0.10% (recommends below 0.05% for optimal deliverability). Complaint rates consistently above 0.10% cause progressive spam folder routing and domain reputation degradation.
DKIM (DomainKeys Identified Mail): An email authentication standard (RFC 6376) that uses public-key cryptography to allow the sending domain to sign outbound messages. The receiving server looks up the public key in the sender's DNS and verifies the DKIM signature. DKIM provides proof that a message was sent by a server authorised by the domain and has not been altered in transit. DKIM signing must use the sender's own domain (d=brand.com) to satisfy MAGY requirements — signing with an ESP's shared domain (d=esp.com) is insufficient.
DMARC (Domain-based Message Authentication, Reporting and Conformance): An email authentication protocol (RFC 7489) that uses SPF and DKIM authentication results to enforce a domain's policy for how receiving servers should handle emails that fail authentication. DMARC policies: p=none (monitor only), p=quarantine (deliver to spam folder), p=reject (discard the message). DMARC is required for MAGY compliance and provides protection against domain spoofing and phishing.
Deferral: A temporary rejection of a message by the receiving server, indicated by an SMTP 4xx response code. Unlike a permanent rejection (5xx), a deferred message is retried by the sending MTA according to its retry schedule. Common causes: ISP rate limiting, server load, temporary unavailability. High deferral rates at a specific ISP indicate that the sending IP is being throttled — the sender is attempting to send faster than the ISP's rate limit for that IP allows.
Domain reputation: An ISP's assessment of a sending domain's trustworthiness based on engagement signals, complaint rates, and authentication history associated with messages sent from that domain. Google Postmaster Tools reports domain reputation as High, Medium, Low, or Bad. Domain reputation (d=brand.com from DKIM alignment) is increasingly the primary deliverability signal at Gmail, more important than IP reputation for senders using shared ESP infrastructure.
E–F: ESP, Engagement, FBL, FCrDNS, From Address
Email Service Provider (ESP): A company that provides email sending infrastructure and software as a service. Types: transactional ESPs (Postmark, Mailgun, Amazon SES) optimised for one-to-one triggered email; marketing ESPs (Klaviyo, Mailchimp, Brevo) optimised for bulk campaigns and marketing automation; hybrid ESPs that serve both use cases. ESP selection criteria include custom DKIM support, IP pool quality, bounce processing, delivery reporting, and uptime SLA.
Engagement signals: Actions taken by email recipients that indicate interest and satisfaction with the sender's email. Positive signals: opens, clicks, replies, moves to inbox from spam, adds to address book. Negative signals: marking as spam, deletions without opening, unsubscribes. ISPs — particularly Gmail — use engagement signals as a primary input to their per-sender and per-user inbox placement decisions. Strong engagement signals sustain High domain reputation; consistently poor engagement degrades reputation over time.
FBL (Feedback Loop): A system by which ISPs forward spam complaint reports to registered senders. When a recipient marks an email as spam, the ISP sends an ARF-format complaint report to the sender's registered FBL address. Senders use FBL reports to identify complainers and add them to suppression lists. Major FBL providers: Yahoo JMRP (formerly CFL), Microsoft SNDS/JMRP. Gmail does not offer a traditional FBL — its complaint data is available through Google Postmaster Tools aggregate spam rate data.
FCrDNS (Forward-Confirmed reverse DNS): A DNS configuration requirement where the PTR record for a sending IP resolves to a hostname, and that hostname resolves in forward DNS back to the same IP. All three must be consistent: IP → PTR → hostname → A/AAAA record → same IP. FCrDNS failure is one of the most common causes of SMTP connection rejection at Microsoft 365 and is identified in Google's 2025 DMARC rejection data as a leading cause of email delivery failures.
From address: The email address displayed in the sender field of an email. For DMARC alignment purposes, the From header domain must align with either the DKIM signing domain (d= in the DKIM signature) or the SPF-authenticated MAIL FROM domain. Gmail and other ISPs require that the From address domain matches the domain that has been authenticated — using a Gmail From address for commercial bulk sending is not permitted under MAGY requirements.
G–I: GDPR, Hard Bounce, IP Warming, ISP, Inbox Placement
GDPR (General Data Protection Regulation): The EU data protection regulation (effective May 2018) that governs the processing of personal data of EU residents. For email marketing: requires explicit, specific, informed consent for promotional communications; establishes rights including the right to erasure (deletion from email lists on request); requires data processing agreements with email service providers; applies to any organisation targeting EU residents regardless of where the organisation is located.
Hard bounce: See Bounce above. The key operational requirement: hard-bounced addresses must be permanently suppressed — never mailed again. Continued sending to hard-bounced addresses generates repeated 5xx responses that ISPs track as a reputation signal indicating poor list hygiene, and can contribute to spam trap hits if the address has been reclaimed as a trap.
Inbox placement rate: The percentage of delivered emails that reach the primary inbox (as opposed to spam folder, promotions tab, or other folders). Distinct from delivery rate — an email can be delivered (server accepted it) but not reach the inbox (it went to spam). The global average inbox placement rate is approximately 83.5% (Validity 2025). Inbox placement is the metric that most directly reflects commercial deliverability performance.
IP reputation: An ISP's assessment of a sending IP address's trustworthiness based on historical sending behaviour from that IP. IP reputation is tracked primarily through SNDS at Microsoft and SenderScore at Validity. In 2026, Gmail has de-emphasised IP reputation in favour of domain reputation — domain reputation is the primary deliverability signal at Gmail for senders using authenticated custom domains. IP reputation remains critically important for Microsoft 365 delivery and for connection-level acceptance at most ISPs.
IP warming (also domain warming): The process of gradually increasing sending volume from a new IP address or domain over several weeks to build positive reputation with ISPs before attempting high-volume sending. ISPs apply more aggressive spam filtering to high-volume sends from unknown IPs — warming introduces the new IP to ISPs incrementally, allowing reputation signals to accumulate before full production volume is reached.
ISP (Internet Service Provider, in email context: mailbox provider): An organisation that operates email inboxes for end users. Major ISPs for commercial email: Google (Gmail), Microsoft (Outlook.com, Microsoft 365), Apple (iCloud/Apple Mail), Yahoo (Yahoo Mail, AOL). Each ISP operates its own spam filtering algorithms, authentication requirements, and reputation systems. Deliverability management requires monitoring and optimising for each major ISP's specific requirements.
J–M: JMRP, List-Unsubscribe, MAGY, MTA, MX Record
JMRP (Junk Mail Reporting Program): Microsoft's sender feedback loop. Registered senders receive complaint reports when Microsoft 365 or Outlook.com users mark their email as junk. JMRP enrollment is required to receive Microsoft complaint data for reputation management. JMRP is also an enrollment signal that Microsoft uses to identify legitimate senders.
List-Unsubscribe: An email header (RFC 2369) that tells email clients the unsubscribe endpoint for the message. Two formats: List-Unsubscribe: <mailto:unsubscribe@domain.com> and List-Unsubscribe: <https://domain.com/unsubscribe>. MAGY compliance requires one-click unsubscribe via the RFC 8058 List-Unsubscribe-Post header for bulk senders. Gmail displays the "Unsubscribe" option in the inbox when the List-Unsubscribe header is present.
MAGY: An acronym for the four major consumer mailbox providers: Microsoft, Apple, Google, and Yahoo. The MAGY bulk sender requirements (authentication, one-click unsubscribe, spam rate thresholds) are the primary compliance framework for commercial email in 2025-2026. Meeting MAGY requirements is a prerequisite for reliable inbox placement at the ISPs that handle the vast majority of global consumer email.
MTA (Mail Transfer Agent): The software that routes and delivers email between mail servers using the SMTP protocol. Examples: PowerMTA (commercial), Postfix (open source), Exim (open source), Sendmail (open source). The MTA is the core infrastructure component of self-hosted email sending. MTA configuration controls connection pooling, retry logic, rate limiting, bounce processing, and delivery reporting.
MX record (Mail Exchange record): A DNS record that specifies the mail server responsible for accepting email for a domain. The MX record contains a hostname (typically mail.domain.com or something similar) and a priority value. Sending servers query the recipient domain's MX record to determine where to deliver email. Missing or misconfigured MX records cause delivery failures for inbound email (including bounce notifications and FBL reports) to the affected domain.
N–R: Open Rate, PTR, PowerMTA, Reputation, RFC
Open rate: The percentage of delivered emails that generate an open event (tracked via a 1×1 pixel image loaded when the email is opened). Open rate is significantly distorted by Apple Mail Privacy Protection (MPP) and Gmail Gemini AI summary card auto-opens in 2026 — estimated 35-50% of reported opens in many programmes are machine-generated, not human. Open rate should be supplemented with click rate, reply rate, and conversion metrics for accurate engagement assessment.
Postmaster Tools (Google Postmaster Tools / GPT): Google's free reporting dashboard for senders to monitor domain reputation, IP reputation, and spam rate for email delivered to Gmail. The primary monitoring tool for Gmail deliverability management. Reports domain reputation as High/Medium/Low/Bad and shows daily spam rate percentage. Gmail Postmaster Tools v2 (launched 2025) replaced the v1 interface and modified the data available — spam rate and authentication data are still available, though the specific reputation tier display changed.
PowerMTA: A commercial MTA software made by Momentum (formerly Port25 / Message Systems). The leading commercial MTA for high-volume email sending. Features: per-domain Virtual MTA (VMTA) configuration for IP and reputation isolation, per-domain domain blocks for ISP-specific delivery controls, structured accounting log for real-time delivery event data, advanced bounce classification, and DKIM signing integration. Standard choice for enterprise email infrastructure at volumes above 1-2M monthly messages.
PTR record (Pointer record): A reverse DNS record that maps an IP address to a hostname. For email sending, every sending IP must have a PTR record that resolves to a valid hostname, and that hostname must resolve back to the same IP in forward DNS (FCrDNS). PTR records are set by the IP hosting provider — the domain owner cannot set them directly. Missing or broken PTR records cause connection-level rejection at Microsoft 365 and are a common cause of B2B delivery failures.
RFC (Request for Comments): The technical standards documents published by the IETF (Internet Engineering Task Force) that define internet protocols and standards. Email standards are defined in RFCs: RFC 5321 (SMTP), RFC 5322 (Internet Message Format), RFC 7208 (SPF), RFC 6376 (DKIM), RFC 7489 (DMARC), RFC 8617 (ARC), RFC 8058 (one-click unsubscribe). Understanding the relevant RFCs provides authoritative definitions of how email authentication and delivery protocols work.
S–T: SPF, SMTP, Soft Bounce, Spam Trap, TLS, Throttle
SMTP (Simple Mail Transfer Protocol): The standard protocol for sending email between mail servers. SMTP uses TCP port 25 for server-to-server communication, port 587 (STARTTLS) or 465 (SSL/TLS) for client-to-server submission. SMTP response codes: 2xx (success), 4xx (temporary failure — retry), 5xx (permanent failure — do not retry). Understanding SMTP response codes is essential for diagnosing delivery failures from MTA accounting logs.
SNDS (Smart Network Data Services): Microsoft's IP reputation monitoring portal for email senders. SNDS provides per-IP status data (Green/Yellow/Red) based on complaint rate and spam trap hit data from Outlook.com and Microsoft 365 tenants. SNDS enrollment is required for Microsoft-specific IP reputation monitoring. SNDS status is the primary diagnostic tool for Microsoft delivery problems. All dedicated sending IPs should be registered in SNDS.
SPF (Sender Policy Framework): An email authentication standard (RFC 7208) that specifies which mail servers are authorised to send email on behalf of a domain. The domain owner publishes a DNS TXT record listing authorised IP addresses and includes for other domains. Receiving servers check whether the connecting IP is in the sender's SPF record. SPF is evaluated against the MAIL FROM (envelope sender) domain, not the From header domain. SPF has a 10 DNS lookup limit — exceeding this limit causes permerror, which can affect deliverability.
Spam trap: An email address used by ISPs, blacklist operators, and anti-spam organisations to identify senders with poor list hygiene. Two types: pristine traps — email addresses that were never owned by a real person (hitting these indicates address harvesting or purchasing), and recycled traps — previously valid email addresses that were abandoned, taken over by the monitoring organisation, and now serve as traps (hitting these indicates sending to old, unverified lists). Spam trap hits contribute to blacklist listings and reputation damage.
TLS (Transport Layer Security): The encryption protocol used to secure SMTP connections between mail servers. TLS 1.2 and 1.3 are the current required versions — SSLv2, SSLv3, TLS 1.0, and TLS 1.1 are deprecated and should be disabled. MAGY requirements mandate TLS for all commercial email SMTP connections. MTA-STS (Mail Transfer Agent Strict Transport Security) is an additional mechanism that allows receiving domains to publish a policy requiring TLS for all incoming connections.
Throttle / Throttling: An ISP's practice of limiting the rate at which it accepts email from a specific IP or domain. Indicated in SMTP logs as 4xx responses with rate-limit messaging (e.g., "421 Too many connections from your IP"). Throttling is not a permanent rejection — it means the ISP is accepting email from this sender but at a lower rate than the sender is attempting to deliver. The correct response to throttling is to slow the injection rate to match the ISP's acceptance rate rather than retry at the same speed.
U–Z: Unsubscribe, VMTA, Warmup, Webhook, WHOIS
Unsubscribe: The process by which a recipient removes themselves from a mailing list. CAN-SPAM requires honouring opt-out requests within 10 business days. GDPR requires prompt processing of erasure requests. MAGY requirements for bulk senders mandate one-click unsubscribe via the List-Unsubscribe-Post header (RFC 8058) that must be processed within 2 business days. A recipient who unsubscribes rather than marking as spam is a better outcome for deliverability — unsubscribes do not generate complaint signals that affect sender reputation.
VMC (Verified Mark Certificate): A certificate issued by DigiCert or Entrust (the only authorised certificate authorities as of 2026) that verifies a brand's legal ownership of a trademark for a specific logo. VMC is required for the Gmail verified checkmark badge in BIMI and is accepted for BIMI logo display at Gmail, Yahoo, and Apple Mail. VMC requires a registered trademark — brands without trademark registrations must use CMC instead.
VMTA (Virtual MTA): A PowerMTA concept for creating logically separate sending channels within a single MTA installation. Each VMTA can use a different sending IP, different EHLO hostname, different DKIM signing key, and different domain block configuration. VMTAs enable multi-client sending isolation (different clients on different VMTAs with different IPs) and sending stream separation (marketing, transactional, and cold email on separate VMTAs to prevent reputation contamination between streams).
Warmup: See IP warming above. Domain warming refers to the same gradual volume increase process for a new sending domain rather than a new IP. In 2026, domain reputation is increasingly the primary deliverability signal at Gmail — domain warmup (building domain reputation through gradual volume increase with high-engagement audiences) is as important as IP warmup for senders using authenticated custom domains on shared ESP infrastructure.
Webhook: An HTTP callback that delivers real-time event notifications from an email sending system to the sender's application. ESPs like Postmark, Mailgun, and SendGrid deliver delivery events (delivered, bounced, deferred, complained) via webhooks to the sender's endpoint. Webhook-based event processing enables real-time suppression of bounced and complained addresses — more current than batch export-based suppression update workflows.
Whitelist / Safe sender list: A list of senders that an ISP or individual user has explicitly designated as trusted — their email bypasses spam filtering and is always delivered to the inbox. ISP-level whitelisting (return path certification, Microsoft SNDS Trusted Sender) is available for high-volume senders meeting specific quality criteria. Individual user-level whitelisting (adding to contacts, marking as "not spam") generates positive per-user reputation signals that benefit the sender's reputation scoring at Gmail's personalised filtering layer.
This glossary covers the core terminology of the email deliverability field as of 2026. The email authentication landscape continues to evolve — new standards (MTA-STS, DANE, AI-based filtering) add terminology regularly. Bookmark this reference and check the authentication and deliverability guides throughout this site for the operational context that puts each term into practice.