23 years from Stockholm
Operator notes · From the Stockholm desk

Deliverability monitoring that catches problems before they scale

A technical editorial guide for teams evaluating infrastructure, delivery trade-offs and the operational boundary around this category.

Every serious email sender eventually has the same realization: the day you discover a deliverability problem is almost always weeks after it actually started. Somebody in customer support mentions that activation emails are missing. Marketing notices a dip in newsletter opens. By the time the signal gets to the operations team, reputation has already slipped, remediation takes longer than prevention would have, and the business has absorbed avoidable cost. Monitoring is the discipline that catches these issues while they are small and cheap to fix, and in 2020 — with pandemic-driven sending volumes up sharply and filters tightening in response — the operational margin for discovering problems late has narrowed considerably.

Key takeaways

  • Deliverability problems almost always give advance warning. The discipline that separates good programs from struggling ones is not incident response; it is monitoring that surfaces the warning signals before they become incidents.
  • Four free tools cover 80% of the monitoring surface for most senders: Google Postmaster Tools, Microsoft SNDS, DMARC aggregate reports and a handful of public blocklist monitors. Everything else is additive.
  • The metrics that matter are not opens and clicks. They are spam rate, complaint rate, domain reputation trend, IP reputation trend, authentication pass rate, and blocklist status per IP and domain.
  • Cadence matters more than sophistication. A team that reads its Postmaster and SNDS dashboards for ten minutes every morning catches things that a team with a fancier tooling stack and no routine will miss.
  • Every reputation drop has a story. Monitoring turns the detective work from "what broke in the last six weeks" into "what changed yesterday," and that speedup is the real return on the monitoring investment.

Why monitoring beats firefighting

Deliverability has an asymmetric damage curve. Reputation takes months to build and days to lose. A sender whose domain reputation has been "High" on Google Postmaster Tools for a year can slip to "Medium" in a week of bad behavior and sit at "Low" for another six weeks even after the bad behavior stops. Gmail's filter does not forget quickly. The recovery trajectory is slow precisely because the filter is trying to protect its users, and a sender who produced spam signals once will do so again unless the underlying cause is understood and fixed.

The asymmetry is why monitoring pays off disproportionately. A problem caught in its first forty-eight hours usually costs a few hours of remediation. The same problem caught after a week costs tens of thousands of impressions and days of recovery. The same problem caught after a month — which is how long it typically takes if nobody is looking — can cost the sender an entire quarter of deliverability performance while their IP and domain reputations rebuild. The underlying model for how inbox providers track sender reputation in the first place, which is what all of these dashboards reflect, is covered in sender reputation fundamentals.

What makes this especially important in 2020 is that filters have become more reactive to recent behavior than they used to be. The era when an established sending reputation could insulate you from a few weeks of drift has quietly ended. Gmail's domain reputation signal in particular responds to bad days fairly quickly; Microsoft's filters have likewise become sensitive to recent complaint rate shifts. Monitoring is no longer optional for senders who care about reliable inbox placement; it has become the foundation that everything else rests on.

The cost of monitoring is linear in time. The cost of not monitoring is exponential in damage. The pattern holds across every sender we have worked with, and it is the single most reliable predictor of which programs will have a quiet year versus a chaotic one. — The economic argument for daily cadence

The signals that matter, in order

Not every metric is worth watching with equal attention. The monitoring surface that actually catches problems is smaller than most operators assume, and the ranking of what to watch matters as much as whether you watch anything at all.

Deliverability signals ranked by what they actually catch
SignalWhat it tells youHow quickly it movesPriority
User-reported spam rateRecipients are clicking "mark as spam"Same dayCritical — the dominant filtering signal
Domain reputation trendProviders' overall trust in your domainDays to weeksCritical — governs inbox placement
IP reputation trendProviders' trust in your sending IPDays to weeksCritical — drives envelope-level filtering
Authentication pass rate (SPF/DKIM/DMARC)Your mail is consistently signed and alignedImmediate when brokenCritical — failures make everything else worse
Hard bounce rateList quality and validationPer-sendHigh — sustained >2% is a reputation hit
Blocklist appearancesYou have hit a public blocklistWithin hours of hittingHigh when it happens; variable impact by list
Inbox placement (seed test)Where test sends actually land across providersPer-testMedium — supplementary to reputation signals
Soft bounce / deferral rateProviders are throttling or flagging your sendsPer-sendMedium — early indicator of reputation drift
Open rateHistorically a deliverability proxyPer-sendLow — noisy, indirect, easy to misread
Click rateEngagement qualityPer-sendLow — content metric, not deliverability metric

The ranking matters because operations teams have finite attention. A dashboard that puts opens and clicks at the top and blocklist status at the bottom has its priorities inverted relative to what actually drives inbox placement. Reorganize the surface so the signals that move filter decisions sit where you see them first.

Google Postmaster Tools done right

Google Postmaster Tools has been free since 2015 and remains the single most useful deliverability monitoring surface for any sender who reaches Gmail at volume. If you are not using it, that is the first thing to fix; everything else in this article assumes GPT is in place.

The six dashboards and what each one tells you

Google Postmaster Tools dashboards and their operational meaning
DashboardWhat it showsWhat to watch for
Domain ReputationBad / Low / Medium / High rating for your verified domainAny movement downward; "High" → "Medium" is a significant event
IP ReputationSame four-bucket rating for each sending IPIndividual IPs dropping while others hold steady — suggests localized issue
Spam RatePercentage of your mail that Gmail users marked as spamTrend above 0.1% is worth investigating; sustained >0.3% is urgent
Feedback LoopComplaint data tagged with your feedback ID headerCorrelate complaints back to specific campaigns or templates
AuthenticationSPF, DKIM and DMARC pass rates over timeAny rate below 99% indicates broken authentication somewhere
EncryptionPercentage of your mail sent over TLSShould be essentially 100%; anything else is infrastructure misconfiguration
Delivery ErrorsReasons Gmail rejected or deferred your mailNew error reasons appearing is an early warning; spikes indicate policy changes

The most common GPT mistake

Most teams add their primary domain to GPT and stop there. This is the wrong pattern for any serious program. You should verify every sending domain — primary, outreach, newsletter subdomains, transactional subdomains — as a separate entity. Each one has its own reputation, and the reputation signals for your newsletter subdomain tell you different things than the signals for your transactional subdomain. A single combined view would average them together and hide useful distinctions.

There is also a volume threshold. Google Postmaster only shows data when the domain sends enough to Gmail for the signals to be statistically meaningful — typically a few hundred messages a day sustained. Low-volume sending domains will show sparse data, and that is expected. The fix is not to force more volume through those domains for monitoring purposes; it is to understand that low-volume domains need to be evaluated via other signals.

Microsoft SNDS and JMRP

Microsoft's equivalent to Postmaster Tools is actually two separate programs: Smart Network Data Services (SNDS) for IP-level reputation data, and the Junk Mail Reporting Program (JMRP) for feedback loop complaints from Outlook and Hotmail users. Both are free, both are worth enrolling in, and both have a slightly dated interface that can obscure their value.

What SNDS tells you per IP

Filter Result (Green / Yellow / Red)
Microsoft's overall verdict on the IP. Green means traffic is mostly reaching the inbox. Yellow means mixed placement. Red is a strong filtering signal — most mail is going to Junk or being rejected.
Complaint Rate
Percentage of mail from the IP that recipients marked as junk. This is the single most predictive signal SNDS provides.
Trap Hit Count
How many of Microsoft's spam traps your mail hit. Non-zero values indicate list quality problems; trap hits have outsized negative impact.
Sample HELO / RCPT
Microsoft shows a sample of the HELO strings and recipient addresses they saw. Useful for catching misconfigurations.
Messages Received / Percentage to Junk
Volume received by Microsoft from the IP and the fraction that went to the junk folder at delivery time.

Enrolling takes longer than it should

SNDS enrollment is a form-based process with a few-day review cycle. You submit your sending IP ranges, Microsoft verifies that you actually control them, and you get access to data within a week or two. This lead time is worth building into any new sending IP provisioning process. JMRP is a separate enrollment with the same pattern; submit early, wait patiently, and integrate the feedback stream into your suppression pipeline once approved. The wider mechanics of feedback loops across providers — how to enroll, how to parse, how to integrate results into suppression — are covered in feedback loops and complaint handling for bulk senders.

One detail that catches people: SNDS does not support IPv6 at present. If you send over IPv6, you will need to rely on other signals for those streams. Most senders in 2020 are still primarily IPv4 for exactly this reason.

SNDS is not a full filtering proxy SNDS shows you IP-level reputation as tracked by Microsoft, but it does not directly govern inbox placement at every Microsoft endpoint. A "Green" status does not guarantee inbox placement, and sometimes a "Yellow" status corresponds to surprisingly good performance. Use SNDS as one signal among several, not as a definitive verdict. When SNDS and your seed tests disagree, the seed tests usually tell you more about actual placement.

Blocklist monitoring without the panic

Public blocklists are the most dramatic and most overrated signal in the deliverability toolkit. Dramatic because a blocklist appearance feels like a crisis. Overrated because not every blocklist matters equally, and some of them are used by so few receivers that an appearance has negligible actual impact on delivery.

Major blocklists in 2020 and their practical impact
BlocklistWho uses itImpact of appearanceDelisting difficulty
Spamhaus SBLMost major providersHigh — widespread filteringRequires resolving underlying issue and submitting delisting request
Spamhaus CSSMost major providersHigh — automated listing for compromised/snowshoeUsually auto-expires once behavior stops
Spamhaus PBLMany receivers for residential IPsMedium — only relevant if you're on a residential IP inappropriatelyStraightforward if your IP is legitimately business-grade
SpamCopSome receivers; weighted signalMedium — not a full block but contributes to filtering decisionsTypically auto-expires in 24 hours if complaint stream stops
Barracuda Reputation Block ListBarracuda-protected environments (corporate, some enterprise)Medium — affects subset of B2B receiversDelisting form; typically resolved within 12-48 hours
SORBSSmaller receivers, some corporateLow to mediumCan be bureaucratic; delisting process is manual
UCEPROTECT L1/L2/L3A smaller group of receivers; level 2 and 3 are controversialLow — most reputable receivers ignore L2/L3Level 1 is achievable; L2/L3 require whole-netblock cleanup
InvaluementTargeted at snowshoe spammers; used by specific filtersMedium — relevant for B2B deliveryRequires contacting Invaluement with context

The practical implication: monitor the top-tier blocklists daily (Spamhaus family at minimum), monitor the mid-tier lists weekly, and do not panic about UCEPROTECT L2/L3 appearances unless they correlate with actual delivery problems. Free tools like MXToolbox give you daily blocklist snapshots against the major lists; the commercial monitoring tools extend coverage but add limited value over the free baseline for most senders.

When a blocklist appearance is actually a signal

A Spamhaus SBL listing almost always means something is wrong in your sending. Either your list quality has drifted (spam traps hit), your authentication has broken (someone else is spoofing you), or your content patterns have changed enough to trigger automated detection. Treat an SBL listing as a forcing function to investigate, not just an event to get delisted from.

A SpamCop listing is more often noise. SpamCop reports are user-generated, and a handful of aggressive users hitting "report spam" can trigger a listing that does not reflect a real pattern of abuse. Investigate if the listing repeats; otherwise note it, let the 24-hour auto-expiration clear it, and move on.

DMARC aggregate reports as an early warning

DMARC is primarily known as an authentication enforcement mechanism, but its reporting side-effect is one of the most underused monitoring surfaces available. When you publish a DMARC record with an rua= tag, participating receivers send you daily XML reports summarizing the authentication results of your mail from their perspective. Those reports, read regularly, catch problems that no other signal will surface. The broader history of how DMARC adoption unfolded and what early adopters learned is worth reading in DMARC in practice: early lessons from the first wave of adopters.

DNS# DMARC record with aggregate reporting enabled
_dmarc.example.com.  IN  TXT  "v=DMARC1; p=none; rua=mailto:dmarc-agg@example.com; ri=86400; adkim=s; aspf=s"

# The 'rua' tag specifies where aggregate reports go
# The 'ri' (report interval) is typically 86400 seconds = 1 day
# 'adkim=s' and 'aspf=s' mean strict alignment; 'r' means relaxed

Raw DMARC XML reports are unreadable by hand. The standard pattern is to use a DMARC processing service — Dmarcian, Valimail, Postmark's DMARC monitoring, or a self-hosted parser — that ingests the XML and produces readable summaries. Commercial services start free for low volumes and become inexpensive at higher volumes.

What DMARC reports actually catch

  1. Unauthorized senders on your domain. If you see authentication results from IPs you do not recognize sending mail claiming to be from your domain, that is either a spoofer (common) or a forgotten legitimate service you lost track of (also common). Both need investigation.
  2. Broken alignment between SPF and DKIM. A sender can pass SPF or DKIM but fail DMARC because neither aligns with the From domain. DMARC reports make this visible immediately.
  3. Newly added sending sources. When a new SaaS integration starts sending on behalf of your domain, it appears in your DMARC reports. This lets you catch sending you didn't explicitly approve and either authorize or disable it.
  4. Forwarded mail breaking SPF. Forwarders break SPF in ways that DMARC reports show clearly. This is less actionable but helps you understand your alignment baseline.
  5. Progression readiness. When DMARC reports show all legitimate sources are aligned cleanly for a few weeks, that is the signal to move from p=none to p=quarantine. The broader alignment and policy progression framework for senders with multiple domains is covered in authentication alignment and policy review for multi-domain senders.
Start DMARC reporting before you need it Even if you are nowhere near ready to move DMARC policy past p=none, publish the rua= tag and start collecting reports. The historical baseline you build up in the first sixty days will make future policy decisions much easier, and the reports will surface issues you did not know you had.

Seed lists and inbox placement testing

Reputation signals from Postmaster Tools and SNDS tell you how providers view you. They do not directly tell you where your mail is landing — inbox, promotions tab, spam folder, missing. Seed testing fills that gap by sending sample campaigns to a curated list of real mailboxes across different providers and reporting where each test message actually landed.

The commercial tools in this space in 2020 include GlockApps, 250ok (now part of Validity after the 2020 acquisition), Inbox Monster, and Everest by Validity. They differ in mailbox coverage, reporting depth, and integration with sending infrastructure, but the core methodology is similar: you send to their seed list, they log where each message landed, you get a dashboard showing per-provider placement.

The monitoring layers a serious program runs together Four monitoring layers, each catching different failure modes No layer catches everything; no layer is redundant Reputation Google Postmaster Microsoft SNDS JMRP Daily read catches drift Authentication DMARC reports SPF/DKIM checks TLS monitoring Weekly review catches breakage Placement Seed testing Inbox snapshots Per-ISP data Per-campaign catches filter changes Operations Bounce rate Blocklist checks Queue/log review Real-time catches incidents Reputation drift → Authentication breakage → Placement shifts → Operational fires. Each catches a different failure mode.
Monitoring is a stack, not a single tool. The four layers catch different classes of problem, and a program that covers all four loses to almost no deliverability failure mode.

When seed testing is worth the cost

Seed testing is most valuable for high-volume programs where per-campaign placement variation matters and for programs that have just made significant changes (new IPs, new authentication setup, major content changes). It is less useful as a daily routine for most senders — the reputation signals from Postmaster Tools and SNDS update daily and cover most providers, while seed tests consume a send slot and report on a limited mailbox set.

A sensible pattern is to run seed tests against major campaign sends and against milestone events (IP warmup completions, DMARC policy progressions) rather than constantly. This controls cost and surfaces real signal when it matters.

Building the cadence: daily, weekly, monthly

Monitoring is only useful if someone actually does it on a schedule. Teams that try to "check the dashboard when something seems wrong" inevitably miss things because the noticing step requires a baseline that only daily review provides.

A working monitoring cadence for a mid-sized program
CadenceWhat to checkTime budgetWhat it catches
Daily (ten minutes)GPT spam rate, GPT domain reputation, SNDS filter result for primary IPs, blocklist status for primary IPs10 min morningImmediate drift; fresh blocklist hits; overnight complaint spikes
Weekly (forty-five minutes)Full GPT dashboard review, SNDS per-IP detail, DMARC weekly summary, bounce class distribution, authentication pass rates45 min, MondaysWeekly trends, authentication drift, new sending sources in DMARC
Monthly (two hours)Volume and rate trends, complaint driver analysis, blocklist history review, seed test scheduling, list hygiene audit2 hours, first Mon of monthSlow drift; list quality erosion; content-driven complaint patterns
Quarterly (half day)Authentication audit, sending domain inventory, DNS hygiene, DMARC policy progression review, vendor SLA review4 hours per quarterAccumulated configuration drift; readiness for policy tightening

The daily cadence is the most important and the most commonly skipped. Ten minutes a day is less than a commuting delay, and the compound value over a year is enormous. A team that builds this habit will catch every significant reputation event in its first forty-eight hours. A team without the habit will discover most of those events weeks later through unrelated channels.

The dashboard that actually catches things

Most teams eventually build or buy a unified dashboard that brings signals from Postmaster, SNDS, DMARC processors, blocklist monitors and their ESP into one surface. The design of that dashboard matters more than the tooling choice beneath it. A unified dashboard with the wrong signals at the top is worse than a raw GPT tab with the operator's attention on the right things.

What belongs above the fold

  1. Spam rate (7-day rolling) for primary sending domains. The single most important number. Display as a graph with the 0.1% and 0.3% thresholds marked.
  2. Domain reputation for each primary sending domain. Current value and 30-day trend. Color-coded: High green, Medium yellow, Low/Bad red.
  3. IP reputation heatmap across your sending IPs. One square per IP per day for the last thirty days, color-coded by reputation bucket. Spotting a specific IP dropping is much easier visually than from a table.
  4. Blocklist status for primary IPs and domains. Any current listing, with last-check timestamp. Clean state is green; any listing shows in red.
  5. Authentication pass rate (SPF/DKIM/DMARC). Should hover at 99%+ if everything is configured right. Anything below 99% deserves investigation.
  6. Recent reputation events. Timeline of notable things that happened: blocklist listings and delistings, reputation tier changes, DMARC alignment shifts.

What belongs below the fold (or elsewhere)

Opens and clicks are engagement metrics, not deliverability metrics. They belong in campaign analytics, not on the monitoring dashboard. Bounce rate belongs below the reputation section because it is derived from the same behaviors but less predictive. Delivery volume belongs in the dashboard footer as context — how much mail you sent last week frames everything else — but does not need to be above the fold unless you are monitoring for unexpected volume dips.

How complaints become incidents if ignored

The most expensive deliverability incidents we have investigated all share a structure: a complaint signal appeared early, nobody was watching, the signal amplified, and by the time operations noticed, reputation had already slipped materially. The pattern is worth naming because its early stages are preventable.

  1. Day 0: content change or list change. Something in the program shifts. A new campaign template goes out, a segment reactivation happens, a list import occurs. The change is routine; nothing looks wrong.
  2. Days 1-3: complaint rate ticks up. Recipients start marking mail as spam at an elevated rate. GPT shows a modest rise in spam rate; SNDS shows complaint rate creeping up. Neither has crossed a threshold yet.
  3. Days 4-7: reputation signals begin to drift. Gmail domain reputation wobbles; Microsoft filter result shifts from Green to Yellow on some IPs. Still below the radar of teams not monitoring.
  4. Week 2: inbox placement degrades. Opens dip. Reply rates fall. Customer support starts fielding "I didn't get the email" tickets. Some observant operator notices something feels off.
  5. Week 3: the team discovers the problem. They investigate, identify the root cause, and stop the bleeding. But by now reputation has slipped materially, and the three weeks of degraded reputation need six to eight weeks to fully recover.
  6. Weeks 4-10: recovery. Careful sending, list hygiene, complaint rate discipline. Slowly the signals return to baseline.

Compare to the alternate path where daily monitoring is in place: the complaint rate tick in days 1-3 is visible on Tuesday morning's dashboard review. The team investigates, finds the cause, remediates, and moves on. Total cost: a few hours. Total duration of reputation impact: negligible. The only difference is the monitoring cadence, and the cost differential runs to thousands of dollars and weeks of lost deliverability.

Frequently asked questions

Do we need a commercial deliverability tool if we have GPT and SNDS?

For most programs, no. The free tools plus a DMARC processor plus a blocklist monitor cover the core surface. Commercial tools add value when you have complex multi-domain programs, need per-campaign seed testing, or require managed deliverability consulting that the commercial vendor bundles. Start with the free stack and add commercial tooling when you can articulate what it adds.

How do we set up monitoring for a new sending domain that hasn't been used yet?

Verify the domain in Google Postmaster Tools immediately at setup, even before significant sending starts. GPT will begin collecting data as soon as volume reaches its threshold. Pre-publish DMARC with rua= so aggregate reports flow from day one. Pre-enroll IPs in SNDS before warmup begins. Monitoring works better when it is in place before it is needed, not added reactively.

What's a reasonable spam rate target?

Under 0.1% is the industry comfortable threshold. Gmail's guidance indicates anything sustained above 0.3% triggers filtering pressure; between 0.1% and 0.3% is a warning zone. Under 0.05% is excellent and indicates well-managed list hygiene plus good recipient engagement.

How do we handle a Spamhaus listing?

First, investigate the cause. Spamhaus publishes reasons for SBL listings, and those reasons almost always point to a real issue — bad list quality, compromised sending infrastructure, snowshoe pattern. Fix the underlying cause before requesting delisting. Spamhaus evaluates delisting requests based on the fix, not the submission; an unfixed listing will just re-list.

Can we automate incident response?

Partially. Blocklist hits can trigger automated Slack or PagerDuty alerts. Spam rate threshold breaches can trigger automated investigation tasks. But the actual remediation requires human judgment — choosing which sends to pause, which segments to hold, which content to review. Automation helps catch signals; humans make the calls.

How often should we audit DNS records?

Quarterly at minimum. SPF includes drift over time as services are added and forgotten. DKIM selectors accumulate and some go unused. DMARC records sometimes get modified without full understanding. A quarterly review catches each of these before they become failures.

Closing perspective

The difference between a deliverability program that runs smoothly and one that lurches from incident to incident is not technical sophistication. It is monitoring discipline. The tools are free or cheap; the signals are well-understood; the thresholds are documented. What separates the two outcomes is whether someone actually reads the signals on a cadence and acts on them before they become problems.

This is a frustrating realization for teams that want to believe deliverability is a black box solved by the right vendor. The vendors can help; the tools can improve; the tooling stack can get more sophisticated. But the core loop is humans looking at dashboards with priorities in the right order and investigating anomalies while they are small. No amount of tooling substitutes for that loop, and no absence of tooling prevents the loop from working with just GPT, SNDS, and ten minutes a day.

For teams starting from nothing, the path is simple. Verify every sending domain in Google Postmaster Tools today. Enroll every sending IP in Microsoft SNDS today. Publish DMARC records with aggregate reporting for every domain today. Set up a daily blocklist check against Spamhaus for every sending IP today. Schedule ten minutes in the morning for the daily review. Schedule forty-five minutes on Monday for the weekly review. The whole setup takes less than a week and provides monitoring coverage that catches the vast majority of deliverability failures before they scale.

For teams that already have monitoring but feel like things still slip through, the answer is almost always cadence rather than tooling. Audit the monitoring surface: is the spam rate actually at the top of the dashboard, or are opens and clicks there? Is someone actually looking every morning, or does the review happen "when there's time"? Are blocklist alerts going to a channel that someone reads, or to a mailbox that fills with noise? These questions matter more than the exact mix of tools underneath, and fixing them is usually cheaper than replacing the stack.

The goal of monitoring is not dashboards that look impressive. The goal is catching the weekly complaint spike on Tuesday morning instead of discovering it three weeks later from a customer support escalation. Programs that get this right have boring, uneventful weeks most of the year. Programs that get this wrong have exciting weeks, usually at the worst possible times. Boring is the objective.