Complaint Rate Spikes: How to Trace Them to Their Source

← Operational Notes

Complaint Rate Spikes: How to Trace Them to Their Source

March 19, 2026·12 min read·Henrik Larsen

What a spike is, and what it is not

A complaint rate spike is alarming to see on a deliverability dashboard. It is also, handled correctly, one of the more tractable problems in the discipline — because it is a diagnostic problem and nothing more. Something in a recent send carried addresses that did not want the mail, those recipients pressed the spam button, and the rate moved. The job is to find that something. It is not a mystery. It is not a verdict on the sender. And it is not, in the great majority of cases, a fault in the sending infrastructure or the message content.

The word spike matters. A complaint rate is never perfectly flat; it has a baseline and noise around that baseline. A sender that normally runs at five complaints per ten thousand delivered messages will see that figure drift between four and seven from one send to the next, and none of that drift is a spike. A spike is a clear, sudden departure from the established baseline — the rate jumping to three or four times its normal level, or crossing from a comfortable band into an uncomfortable one. Defining the spike against the sender's own baseline, not against an absolute number, is the first discipline: 0.12% is alarming for a sender who normally runs at 0.04% and unremarkable for one who normally runs at 0.11%.

This note is the procedure for tracing a spike to its source. It covers the numbers that bound the problem, the data lag that constrains how fast you can see it, why the list is almost always the culprit, the three sources that account for most spikes, and the step-by-step method for isolating the offending segment before the next send repeats the mistake.

The numbers that define the problem

Tracing a spike is urgent because of where the major receivers have drawn their lines, and those lines are worth stating precisely. As of 2026 the picture is consistent across Gmail, Yahoo, and the Microsoft family.

FigureMeaningPosture
0.30%Hard enforcement thresholdFiltering or rejection begins; never operate here
0.10%Recommended working ceilingTreat as a warning line, not a passing grade
~0.08%Safe operating figureLeaves headroom to absorb a minor spike
Your baselineWhatever the sender normally runsThe reference a spike is measured against

Two details of how that 0.30% is calculated change how a spike behaves. The first is the denominator. The complaint rate is complaints divided by messages delivered to the inbox — not messages sent. Mail that a receiver already routes to spam is excluded, because a recipient who never saw the message in the inbox cannot report it. This means a sender whose deliverability is already degrading can see a complaint rate that looks deceptively stable, because the denominator is shrinking alongside the numerator.

The second detail is that the threshold applies per campaign, not as a monthly average. A single send to a bad segment can spike the rate and trigger filtering on its own, without any help from a rolling average to smooth it out. This is precisely why a spike must be traced to a specific send and a specific segment: the receivers are not averaging the damage away, and neither can you.

The data lag you are working against

Before the procedure, one constraint has to be understood, because it shapes everything about how a spike is handled: the data is late. Complaint signals reach the sender through two channels — the receivers' postmaster and reputation dashboards, and the feedback loops that forward individual complaints — and both channels lag the send, typically by twenty-four to forty-eight hours.

The practical consequence is uncomfortable. By the time a spike is visible on a dashboard, the campaign that caused it has almost always finished sending — you are never tracing a problem in progress, only doing forensics on a send that is already complete. This is not a reason for despair but a reason for a specific kind of urgency. The goal of tracing is not to stop the offending campaign, which is over. It is to identify the source and suppress it before the next scheduled send repeats the mistake, and before a few days of elevated complaints harden into a reputation problem that outlives the campaign that started it.

By the time you see it, it has already sent

Postmaster and feedback-loop data lag the send by a day or two. Do not wait for a spike to confirm itself before investigating — the moment a dashboard turns from green toward yellow, begin tracing. Waiting for red means the next send may already be queued against the same bad segment.

Why the cause is almost always the list

An operator tracing a spike for the first time often starts by suspecting the infrastructure or the content. Both suspicions are usually wrong, and ruling them out quickly is part of an efficient trace.

Infrastructure problems do degrade deliverability. Authentication failures, IP reputation collapse, blacklisting — all real, all damaging. But they do not, as a rule, produce a complaint spike. They produce bounces, deferrals, and spam-folder placement, and a recipient cannot complain about a message that bounced or never arrived. So a sharp rise specifically in the complaint metric, with bounce and deferral metrics holding roughly steady, points away from infrastructure rather than toward it. That single observation rules out a whole branch of the investigation in about a minute.

Content can influence complaints — a misleading subject line, an unexpected sender name, a sudden change in frequency — but content effects tend to be diffuse, raising the rate modestly across a whole campaign rather than producing a sharp, localised jump. A genuine spike, concentrated and sudden, almost always means a specific set of addresses received mail they did not want. And a specific set of unwanted addresses is, by definition, a list problem. The list is where the trace should start, and in most incidents it is also where the trace ends.

The three usual sources

List-driven spikes cluster into three recognisable causes. Knowing them turns an open-ended investigation into a short checklist.

A new import. A segment of addresses was added to the sending list — purchased, scraped, transferred from another system, or collected through a channel with weak consent. These recipients never genuinely opted in to this sender, do not recognise the mail when it arrives, and report it as spam at a far higher rate than the established list. A spike that begins with the first send to a newly imported segment is the single most common pattern.

A reactivation segment. A win-back or re-engagement campaign was sent to recipients who once opted in but have been dormant for a long time. They may have forgotten the sender entirely, changed their interests, or simply moved on. Mail from a half-remembered source lands as an intrusion, and the complaint rate on a deep reactivation segment can be several times the rate on the active list. The opt-in was genuine once; it has gone stale, and stale consent behaves like no consent.

A suppression list failure. The suppression list — the record of addresses that have unsubscribed or previously complained — failed to apply, and addresses that had explicitly removed themselves received mail again. This is the most serious of the three. These recipients did not merely fail to want the mail. They had actively told the sender to stop, and the sender mailed them anyway. Their complaint rate is extreme, and a suppression failure carries a compliance dimension — a record of consent withdrawn and then overridden — that the other two sources do not.

SourceSignatureSeverity
New importSpike begins with first send to a new segmentHigh; recipients never opted in
Reactivation segmentSpike on a dormant win-back sendModerate to high; consent gone stale
Suppression failureSpike includes addresses that had unsubscribedSevere; compliance exposure

The tracing procedure

With the three sources in mind, the trace itself is a short, ordered procedure. The aim is to move from a number on a dashboard to a named segment as quickly as the data allows.

Step one — confirm it is a spike. Compare the current rate against the sender's own baseline over recent sends. Confirm it is a genuine departure, not noise, and note when it began.

Step two — rule out infrastructure and content. Check that bounce and deferral metrics are roughly steady; if they are, infrastructure is unlikely. Confirm no campaign-wide content or frequency change coincides with the spike. This narrows the trace to the list in a few minutes.

Step three — locate the send. Identify which campaign or campaigns went out in the window the spike began, accounting for the data lag — the offending send is typically the one that completed a day or two before the spike appeared.

Step four — isolate the segment. Within that send, identify which segment carried the complaints. This is the core of the trace and is covered in detail below.

Step five — classify the source. Match the segment against the three sources: is it a new import, a reactivation segment, or a segment that should have been suppressed? The classification determines the fix.

Step six — act. Suppress the offending segment, correct the process that admitted it, and confirm the next scheduled send is clean before it goes out.

Isolating the segment

Step four is where a trace succeeds or stalls, and how cleanly it goes depends almost entirely on how well the sending system records its own sends.

The complaints arriving through feedback loops identify individual addresses. The question is which segment those addresses belong to — and that question is answerable only if each address can be traced back to how it entered the list and which send carried it. A sending operation with good record-keeping can cross-reference the complaining addresses against import batches, campaign segments, and the suppression list, and the offending segment falls out of that cross-reference quickly. A sending operation that treats its list as one undifferentiated pool cannot do this at all, and is reduced to guessing.

The accounting side of the MTA helps here. PowerMTA's accounting logs record each message with its recipient and the virtual-MTA and job it belonged to, so the delivery side of the picture is recoverable per send. The piece the MTA cannot supply is list provenance — when an address was added and through which channel — and that has to come from the sending application or the list management system. A trace is fast when those two records, the MTA's delivery log and the application's list provenance, can be joined. It is slow or impossible when they cannot.

The spike that took an afternoon instead of a week

A sender we worked with caught a complaint rate climbing toward three times baseline. Because every address in their list carried a tag for its import batch and acquisition date, and every send recorded its segment, they cross-referenced the feedback-loop complaints in a single afternoon. The complaints traced cleanly to one import batch loaded the previous week from a partner's list. They suppressed that batch, and the next send was back to baseline. The record-keeping did not prevent the bad import — but it turned a week of guesswork into an afternoon of lookup.

Acting on the finding

Once the segment is identified and classified, the action follows directly from the classification, and it has two parts that should not be confused: stopping the bleeding, and closing the wound.

Stopping the bleeding is immediate. The offending segment is suppressed so it cannot receive mail again, and any scheduled send that would include it is held until it has been cleaned. For a new import, that means removing the imported batch from active sending. For a reactivation segment, it means halting the win-back campaign to the dormant tier. For a suppression failure, it means restoring the suppression list to correct operation and confirming the previously removed addresses are out.

The complaint rate itself will not recover instantly even after the source is suppressed, and that is expected. The data lag works in both directions: complaints from the offending send will keep arriving for a day or two after the segment is stopped, and the rate will settle back toward baseline only once that tail has passed. The thing to watch is the trend on sends that went out after the suppression. If those are at baseline, the source was correctly identified and the bleeding has stopped.

Closing the gap that let it happen

Closing the wound is the part that prevents the next spike, and each of the three sources points to a specific gap in process.

A new import that spiked means the intake process let an unvetted segment into active sending. The fix is a quarantine step: new imports are validated and, where appropriate, warmed on a small sample before the full segment is mailed, so a bad list reveals itself on a few hundred addresses rather than on the whole import.

A reactivation segment that spiked means the win-back was too ambitious — it reached too far back into dormancy. The fix is to bound reactivation by recency, sending only to recipients whose last engagement is recent enough that consent is plausibly still live, and to treat the deep-dormant tier as suppressed rather than reactivatable.

A suppression failure means the suppression list is not reliably applied on every send, and that is the most urgent gap of the three to close. The suppression list must be enforced as a hard, non-optional filter on every outbound campaign, with a verification step that confirms it was applied before the send is released. A suppression list that is sometimes skipped is, in practice, not a suppression list at all.

Traced and closed this way, a complaint spike becomes what it should be in a well-run operation. Not a recurring crisis. A single incident that produced a permanent improvement in the process that allowed it — an import quarantine that did not exist before, a recency bound on reactivation, a suppression check that now runs on every send. The spike itself is unwelcome. The diagnosis it forces, and the gap it closes, are not.

Frequently asked questions

What complaint rate is too high?

The major receivers treat 0.30% as the hard enforcement threshold — exceed it and Gmail, Yahoo, and Microsoft begin filtering or rejecting mail. But 0.30% is the cliff edge, not a target. The recommended working ceiling is 0.10%, and a safe operating figure is around 0.08%. A spike is best defined against your own baseline: if a sender that normally runs at 0.05% suddenly reports 0.18%, that is worth tracing immediately, even though 0.18% is still below the hard threshold.

Where do complaint rate spikes usually come from?

Almost always from the list, not the infrastructure or the content. The three most common sources are a newly imported segment of addresses that never genuinely opted in, a reactivation campaign sent to long-dormant recipients who no longer recognise the sender, and a suppression list failure that let previously unsubscribed or complained addresses back into a send. Tracing a spike is therefore mostly a question of identifying which segment of which campaign carried the bad addresses.

How fast do you need to react to a complaint spike?

Fast — but you are already working with a delay. Postmaster and feedback-loop data typically lag the send by 24 to 48 hours, so by the time a spike is visible the campaign that caused it has usually finished. The practical goal is to trace the source and suppress the offending segment before the next scheduled send repeats the mistake, and before a sustained elevated rate hardens into a reputation problem that outlives the original campaign.

HL
Henrik Larsen

Deliverability operations engineer at Cloud Server for Email. Works on complaint and bounce diagnosis, feedback-loop processing, and incident response for high-volume senders. Related: Building a Deliverability Runbook, The Cost of Poor Bounce Handling, Building Observable Email Infrastructure.