Email deliverability has a specialised vocabulary that spans network engineering, cryptography, regulatory compliance, and marketing analytics. This glossary defines 100+ terms used throughout email infrastructure and deliverability management — from the RFC-defined protocols that authenticate email to the ISP-specific metrics that measure inbox placement. Use this reference to decode unfamiliar terms in deliverability reports, vendor documentation, and technical discussions.
Authentication Terms
ARC (Authenticated Received Chain): RFC 8617. An email authentication mechanism that allows an intermediary server (such as a mailing list or forwarding service) to preserve the authentication state of a message that has been modified in transit. ARC adds three headers (ARC-Seal, ARC-Authentication-Results, ARC-Message-Signature) at each intermediary hop, allowing the final recipient to evaluate the message's authentication history before any forwarding modifications occurred.
BIMI (Brand Indicators for Message Identification): An email standard that allows a brand's verified logo to appear in the inbox next to sender information when the email passes DMARC authentication and a valid BIMI DNS record is published. Requires DMARC at p=quarantine or p=reject. Logo display at Gmail and Apple Mail also requires a VMC or CMC certificate.
CMC (Common Mark Certificate): A certificate type for BIMI that authenticates a brand's logo without requiring a registered trademark. Requires proof of at least 12 months of public logo use. Accepted by Gmail (but not for the verified checkmark, which requires a VMC), Yahoo, and Apple Mail.
DANE (DNS-based Authentication of Named Entities): RFC 6698, RFC 7672. An extension of DNSSEC that allows domain owners to publish TLS certificate information in DNS (via TLSA records), enabling email servers to verify the authenticity of TLS certificates without depending on traditional Certificate Authority infrastructure.
DKIM (DomainKeys Identified Mail): RFC 6376. An email authentication protocol that cryptographically signs outbound email using a private key held by the sending domain. The signature is included in the DKIM-Signature email header. Receiving servers verify the signature against the public key published in the sending domain's DNS records. DKIM verifies that the email was not modified in transit and that the signing domain authorised the message.
DKIM selector: A label used to identify which DKIM public key to use for verification. A domain can have multiple DKIM selectors (each with its own key pair), allowing different sending systems to sign with different keys. The selector is specified in the DKIM-Signature header as s=selectorname and corresponds to a DNS record at selectorname._domainkey.domain.com.
DMARC (Domain-based Message Authentication, Reporting, and Conformance): RFC 7489. An email authentication protocol that builds on SPF and DKIM by defining what receiving servers should do with email that fails authentication (none, quarantine, or reject) and providing reporting mechanisms. DMARC alignment requires that the From: domain aligns with either the SPF-authenticated MAIL FROM domain or the DKIM signing domain (d=). DMARC policy levels: p=none (monitor only), p=quarantine (send to spam), p=reject (block delivery).
DMARC aggregate report (RUA): An XML report sent by ISPs to a domain's designated DMARC reporting address, summarising authentication results for email claiming to be from that domain. Contains per-source statistics on DMARC pass/fail rates, SPF/DKIM alignment, and disposition.
DMARC forensic report (RUF): A per-message failure report sent to the domain's designated forensic reporting address when an individual email fails DMARC. Contains message headers and authentication results. Many major ISPs have stopped sending forensic reports due to privacy concerns.
DNSSEC (Domain Name System Security Extensions): RFC 4033-4035. An extension to DNS that adds cryptographic signatures to DNS records, allowing resolvers to verify that DNS responses have not been modified in transit. Protects against DNS cache poisoning attacks that could substitute fraudulent authentication records.
FCrDNS (Forward-Confirmed reverse DNS): A validation check where a sending IP's PTR (reverse DNS) record resolves to a hostname, and that hostname then resolves back to the same IP address in forward DNS. Required by Microsoft and preferred by most major ISPs for outbound email servers. Also called "double-reverse DNS."
MTA-STS (Mail Transfer Agent Strict Transport Security): RFC 8461. A standard that allows email domain owners to publish a policy declaring that their inbound mail servers support TLS and that sending servers should refuse to deliver mail to the domain over unencrypted connections. Provides protection against TLS downgrade attacks on inbound email delivery.
PTR record (Pointer record): A DNS record that maps an IP address to a hostname — the reverse of an A record. Required for all commercial email sending IPs. The PTR hostname must match the hostname used in the EHLO/HELO command and must resolve back to the same IP (FCrDNS). Set by the IP hosting provider, not the domain owner.
SPF (Sender Policy Framework): RFC 7208. An email authentication protocol that specifies which IP addresses are authorised to send email on behalf of a domain. The receiving server checks the sending IP against the SPF record published in the MAIL FROM domain's DNS. SPF results: pass, fail, softfail, neutral, none, permerror, temperror.
TLS-RPT (TLS Reporting): RFC 8460. A reporting protocol that allows domain owners to receive reports about TLS failures on inbound email to their domain, including MTA-STS policy failures and DANE verification failures.
VMC (Verified Mark Certificate): A certificate type for BIMI that requires a registered trademark for the brand logo. Issued by Certificate Authorities (DigiCert, Entrust). Required for the Gmail verified checkmark. Accepted by all BIMI-supporting providers. More expensive than CMC due to the trademark verification requirement.
Reputation and ISP Terms
Domain reputation: An ISP's assessment of a sending domain's trustworthiness, based on engagement signals (open rate, click rate, complaint rate) and authentication history. Gmail Postmaster Tools makes domain reputation visible in four tiers: High, Medium, Low, Bad. Domain reputation is portable across IP addresses when DKIM signing uses the sender's own domain.
IP reputation: An ISP's assessment of a specific sending IP address's trustworthiness, based on complaint rates, spam trap hits, bounce rates, and sending patterns. IP reputation is IP-address-specific and does not transfer to a new IP. Monitored through Microsoft SNDS, Cisco Talos IP Reputation, and various blocklist services.
FBL (Feedback Loop): A service offered by ISPs that provides complaint notifications to enrolled senders when their users mark email as spam. Yahoo FBL (via CFL), Microsoft JMRP (Junk Mail Reporting Program), and several smaller ISPs operate FBLs. Allows senders to identify complaining addresses and suppress them. Gmail does not operate a traditional FBL — complaint data is available through Postmaster Tools.
SBL (Spamhaus Block List): A blocklist operated by Spamhaus containing IP addresses of known spam senders. Listed IPs face rejection or spam filtering at major ISPs that query Spamhaus. Self-service delisting available at spamhaus.org for IPs with corrected issues. One of the most widely used and respected IP blocklists globally.
DBL (Domain Block List): The Spamhaus Domain Block List — a blocklist of domain names (not IPs) associated with spam. DBL listing causes emails containing the listed domain (in the From address, subject, body links, or headers) to be filtered more aggressively at ISPs querying Spamhaus.
SNDS (Smart Network Data Services): Microsoft's sender reputation portal, available at postmaster.live.com. Provides per-IP reputation data (Green/Yellow/Red) based on complaint rates and spam trap hits from Outlook.com and Microsoft 365 users. Available to senders who register their sending IPs.
Spam trap: An email address used by ISPs and blocklist operators to identify spam senders. Pristine spam traps are addresses that have never been used for legitimate correspondence — any email to a pristine trap indicates the sender acquired the address illegitimately. Recycled spam traps are previously valid addresses that have been repurposed as traps after being abandoned — email to recycled traps indicates poor list hygiene (failure to remove stale addresses).
Postmaster Tools (Gmail): A Google-operated dashboard (postmaster.google.com) that provides sending domain reputation, spam rate, and authentication data for domains sending to Gmail. The primary visibility tool for Gmail deliverability management. Requires verification of domain ownership. V2 interface launched in 2025, replacing the V1 reputation tier display with complaint rate data.
Deliverability Metrics
Inbox placement rate: The percentage of sent emails that land in the recipient's primary inbox (as opposed to spam folder or promotions tab). Measured through seed testing. Distinct from email delivery rate — an email can be "delivered" (accepted by the receiving server) while still landing in spam. The most commercially meaningful deliverability metric.
Email delivery rate: The percentage of emails accepted by the receiving mail server (not bounced). Includes emails delivered to spam folders. Does not measure inbox placement. Calculated as (emails sent - bounces) ÷ emails sent.
Hard bounce: A permanent delivery failure — the email address does not exist, the domain does not accept email, or the recipient's server permanently rejects mail from the sender. Hard bounced addresses must be immediately suppressed and never contacted again. Hard bounce rate is a primary list quality indicator.
Soft bounce: A temporary delivery failure — the recipient's inbox is full, the server is temporarily unavailable, or the message is too large. Soft bounces are retried by the sending MTA. Addresses that generate repeated soft bounces over multiple retry cycles should be treated as hard bounces and suppressed.
Complaint rate: The percentage of sent emails that recipients mark as spam. Google's published threshold: below 0.10% for Gmail compliance, below 0.05% for optimal inbox placement. Monitored through Gmail Postmaster Tools, Yahoo FBL, and Microsoft JMRP. The most direct reputation damage signal available to senders.
Open rate: The percentage of delivered emails "opened" as measured by tracking pixel loads. Significantly inflated by Apple Mail Privacy Protection (which pre-loads all email images) and Gmail Gemini AI (which auto-opens emails to generate summaries). No longer a reliable engagement metric as of 2025-2026.
Click rate: The percentage of delivered emails from which at least one link was clicked. Not inflated by MPP or Gemini AI — clicks require human action. The primary reliable engagement metric in the MPP/Gemini era.
Seed testing: Sending email to a set of known test addresses ("seeds") at various ISPs and email clients to observe where the email lands (inbox, spam, missing). Used to measure inbox placement rate across ISPs. Commercial seed testing services include GlockApps, Litmus, Email on Acid, and Validity Everest.
MTA and Infrastructure Terms
MTA (Mail Transfer Agent): Software that routes and delivers email between servers using SMTP. Commercial MTAs include PowerMTA (Port25), Momentum (MessageSystems). Open-source MTAs include Postfix, Exim, and qmail. Distinct from an MUA (Mail User Agent — the email client the user reads email in).
VMTA (Virtual MTA): A logical subdivision within a physical MTA that uses a specific IP address and configuration. PowerMTA supports multiple VMTAs per server, each with its own IP address, bounce handling, and sending parameters. VMTAs enable per-client IP isolation in multi-tenant ESP environments.
SMTP (Simple Mail Transfer Protocol): The protocol used for email transmission between mail servers. SMTP operates on port 25 (server-to-server), port 587 (submission with authentication), and port 465 (SMTPS, submission over TLS). RFC 5321 is the current SMTP specification.
4xx response: A temporary SMTP error code indicating the delivery attempt should be retried. Examples: 421 (service temporarily unavailable), 450 (mailbox unavailable), 451 (local error in processing). Messages generating 4xx responses are queued for retry according to the MTA's retry schedule.
5xx response: A permanent SMTP error code indicating delivery failed and should not be retried. Examples: 550 (mailbox unavailable — hard bounce), 552 (message too large), 553 (mailbox name invalid). Messages generating 5xx responses should be immediately processed as hard bounces and the address suppressed.
Domain block: In PowerMTA, a configuration section that defines sending parameters for a specific destination domain (mail rate, connection limits, retry schedules). Allows per-ISP optimisation of sending behaviour. Equivalent concept exists in other commercial MTAs.
Accounting log: A structured per-message delivery event log generated by PowerMTA and other commercial MTAs. Records injection timestamp, delivery timestamp, SMTP response, queue time, and other per-message metadata. The primary diagnostic tool for deliverability investigation in self-hosted infrastructure.
List Management Terms
Double opt-in (confirmed opt-in): A subscription process where a new subscriber must confirm their email address by clicking a confirmation link sent to the address they provided. Produces lower sign-up volume but significantly higher list quality — lower bounce rates, lower complaint rates, and higher engagement compared to single opt-in.
Global suppression list: A database of email addresses that must not be sent to — including hard bounced addresses, unsubscribers, complaint reporters, and addresses manually excluded. Must be maintained across all sending systems and applied before every campaign injection. Critical for CAN-SPAM and GDPR compliance.
List hygiene: The practice of regularly removing invalid, inactive, and risky email addresses from the sending list. Reduces hard bounce rates, complaint rates, and spam trap hits. Typically performed through email verification services and engagement-based suppression.
Sunset policy: A rule that automatically removes or suppresses contacts who have not engaged (opened, clicked) within a defined period. Typical sunset windows: 90-180 days for consumer email, 180-365 days for B2B email. Keeps the active list focused on engaged contacts who generate positive reputation signals.
RFM (Recency-Frequency-Monetary): A segmentation framework that scores contacts on three dimensions: how recently they engaged, how frequently they engage, and the commercial value they have generated. Applied to email programmes to prioritise high-engagement, high-value contacts for more frequent sends and lower-quality contacts for reduced frequency or suppression.
Compliance and Legal Terms
CAN-SPAM: The Controlling the Assault of Non-Solicited Pornography and Marketing Act, US federal law governing commercial email. Requires: physical mailing address, functional opt-out mechanism processed within 10 business days, clear identification of commercial messages, and accurate header information. Federal enforcement only — no private right of action (unlike some state laws).
CASL (Canada's Anti-Spam Legislation): Canada's email marketing law, generally stricter than CAN-SPAM. Requires express or implied consent before sending commercial email. Express consent: the recipient explicitly asked to receive email. Implied consent: existing business or personal relationship. CASL allows private right of action for violations.
CEMA (Commercial Electronic Mail Act): Washington State's email marketing law (RCW 19.190). Pre-dates CAN-SPAM and was preserved after CAN-SPAM's preemption of most state laws. Allows private right of action with statutory damages of $500-$1,000 per email violation. Actively litigated by plaintiffs' attorneys against commercial senders.
GDPR (General Data Protection Regulation): EU regulation governing personal data processing, including email marketing data. Requires a valid lawful basis for processing (typically consent or legitimate interests for marketing email). Grants data subjects rights including access, deletion, and portability. Applies to any organisation processing EU residents' data regardless of the organisation's location.
List-Unsubscribe: An email header that tells email clients how to offer a one-click unsubscribe option. Two forms: List-Unsubscribe: <mailto:unsub@domain.com> (generates an unsubscribe email) and List-Unsubscribe: <https://domain.com/unsub> (links to a web page). Required for Gmail bulk sender compliance when sending more than 5,000 messages per day.
RFC 8058 (List-Unsubscribe-Post): The standard defining one-click unsubscribe via HTTP POST. Requires the List-Unsubscribe-Post: List-Unsubscribe=One-Click header in addition to a List-Unsubscribe URL header. When a recipient uses Gmail's one-click unsubscribe, Gmail sends a POST request to the URL — the sender must process this POST and suppress the subscriber within 2 business days.
Email Content and Design Terms
Preheader: The preview text that appears in the inbox list view after the subject line. Extracted by email clients from either an explicitly included preheader HTML element (recommended) or from the first readable text in the email body (auto-extracted). Affects open rates — well-crafted preheaders that extend the subject line's message improve open rates 5-15%.
Plain text alternative: A text-only version of the email sent alongside the HTML version as a MIME multipart message. Required by some ISPs as a deliverability signal — email without a plain text alternative scores lower on some content quality evaluations. Accessible to recipients who cannot render HTML or who prefer plain text email.
SVG Tiny P/S: The restricted SVG format required for BIMI logos. Prohibits external references, JavaScript, filters, and other potentially dangerous SVG features. Standard SVG files must be converted to SVG Tiny P/S before use in BIMI records.
prefers-color-scheme: A CSS media query used to detect the recipient's dark mode preference in email clients that support it. Enables email-level dark mode design that applies different colours, images, and layouts based on the recipient's device dark mode setting.
Email Marketing Terms
ESP (Email Service Provider): A service that provides email sending infrastructure on a managed basis — handling SMTP delivery, bounce processing, list management, and campaign analytics. Examples: Mailchimp, Klaviyo, Brevo, Postmark, Mailgun, SendGrid. Distinguished from a self-managed MTA by the managed service model.
MPP (Mail Privacy Protection): Apple's feature, introduced in iOS 15 (2021), that pre-fetches all remote content in emails received by Apple Mail — including tracking pixels — before the recipient opens the message. This causes tracking pixels to fire at delivery time regardless of whether the recipient views the email, generating false "opens" in email analytics. Affects 40-56% of Apple Mail users as of 2025.
Transactional email: Email sent in direct response to a user action or system event — password resets, order confirmations, account alerts, MFA codes. High delivery priority; expected by recipients; low complaint rates. Should be sent from dedicated infrastructure separate from marketing email.
Warm-up (IP warming): The process of gradually increasing sending volume from a new IP address or domain to establish positive reputation with ISPs before sending at full production volume. Typically 6-12 weeks for consumer ISPs, 10-12 weeks for B2B Microsoft-heavy audiences.
Whitelist: A list of approved senders or IP addresses that are explicitly trusted by an ISP, corporate email gateway, or individual recipient. Whitelisted senders bypass some or all spam filtering. ISP-level whitelists are rarely publicly accessible; corporate gateway whitelists are configured by IT administrators. Distinct from "allowlist" (the preferred modern term).
This glossary covers the core vocabulary of commercial email deliverability and infrastructure. As the email ecosystem evolves — new ISP requirements, emerging authentication standards, changing regulatory frameworks — new terms will enter the vocabulary. The foundational concepts documented here provide the reference framework for understanding new developments as they emerge in the email industry.