23 years from Stockholm
Operator notes · From the Stockholm desk

Planning IP reputation and deliverability for expanding sending programs

A technical editorial guide for teams evaluating infrastructure, delivery trade-offs and the operational boundary around this category.

Every sending program starts simple: one IP, one domain, enough volume to matter but not enough to force hard decisions. The moment that changes — when volume crosses a threshold, when a second IP is needed, when geographic expansion demands a separate sending region, when a new product line generates its own mail flow — is the moment reputation planning stops being theoretical and becomes urgent. Teams that planned for it from the start adjust gracefully. Teams that didn't discover, typically during their first significant blocklist incident, that the architectural decisions they made casually eighteen months ago have become the constraints they now have to work around. This article is the practical guide to designing IP reputation and deliverability for programs that will grow — the decisions that matter early, the thresholds where things change, and the operational discipline that keeps a multi-IP, multi-domain sending program healthy as volume scales.

Key takeaways

  • IP reputation is built through sustained sending behavior observed by mailbox providers. It's not a number you buy; it's a score the providers assign based on what they've seen from your IPs and domains over weeks and months.
  • The dedicated-versus-shared IP decision hinges on sustainable volume. Below roughly 100,000 messages per month per dedicated IP, you usually lack the signal density to maintain a stable reputation; shared IPs make more sense at that scale.
  • Separating transactional, marketing, and cold outreach onto different IP pools is the single highest-leverage architectural decision for multi-stream senders. One pool's problems stay in that pool rather than cascading.
  • Domain reputation is catching up to IP reputation as a deliverability signal — especially at Gmail, which has said publicly that domain reputation carries heavy weight. Planning for domain reputation means subdomain strategy, not just IP strategy.
  • Monitoring is the operational leg of reputation planning. Google Postmaster Tools (public since summer), Microsoft SNDS, Sender Score, and blocklist monitoring collectively give you the visibility to catch reputation drift before it becomes a delivery crisis.

Why reputation planning matters before volume grows

Sender reputation is a lagging indicator. The decisions you make today shape the reputation you have six weeks from now, which in turn shapes the deliverability of campaigns you run three months from now. This temporal asymmetry is why teams that encounter reputation problems feel blindsided — the behavior that caused the problem happened weeks before the symptoms appeared, and the remediation takes weeks to show results.

The asymmetry cuts the other way too. Investment in reputation infrastructure doesn't pay off immediately. Spending a week designing a clean IP pool structure, publishing proper SPF/DKIM/DMARC records, warming IPs carefully, and setting up monitoring produces no visible short-term benefit. The team can't point to a campaign that performed better because of it. What the team can point to, a year later, is the absence of the deliverability crises that afflicted peers who skipped the groundwork.

The typical moments that force reputation planning:

  • A campaign produces an unexpected spike in complaints, and the next three campaigns underperform because the shared IP pool's reputation dropped.
  • The organization acquires another company, and suddenly there are two sending programs running into each other.
  • A product launch requires sending to cold prospects, and the existing transactional reputation takes damage it wasn't designed to absorb.
  • Volume grows to the point where the existing ESP wants to move you onto dedicated IPs, and nobody has thought through the warmup plan.
  • An international market requires sending from a regional IP to satisfy local mailbox provider preferences, and the team has no playbook for standing up a new IP pool.

What IP reputation actually is

An IP address has no inherent reputation when it's first assigned. Mailbox providers start with a neutral baseline and update their assessment based on what they observe: how much mail the IP sends, what kinds of recipients, what engagement those recipients produce, how many complaints, how many bounces, whether authentication passes consistently, and what blocklists (if any) the IP appears on. The underlying model of how providers construct this assessment from observed behavior is covered in sender reputation fundamentals.

The resulting assessment is internal to each provider. Gmail, Microsoft, Yahoo, AOL, and countless smaller providers each maintain their own view of any given IP. There is no global IP reputation score — there are many reputation scores, which tend to correlate but not perfectly.

What different providers emphasize in 2016

How major mailbox providers weight reputation signals (2016)
ProviderIP vs domain emphasisKey signalsPublic tool
GmailHeavily domain-weighted; IP matters less than it used toEngagement (opens, replies, moves from spam), complaint rate, authenticationPostmaster Tools (since July 2015)
Microsoft (Outlook, Hotmail, Live)Balanced IP and domainComplaint rate (JMRP), spam trap hits, SNDS filter resultSNDS + JMRP
YahooIP-weighted historically; domain signals risingComplaint rate, engagement, bounce rateFeedback loop (CFL)
AOLIP-weightedComplaint rate, engagement, authenticationPostmaster FBL
Cisco IronPort (enterprise filters)IP-weighted; SenderBase scoreAggregate volume patterns, complaint data, blocklist statusSenderBase / Talos

The trend across all of these is a rising weight on engagement signals — opens, clicks, replies, positive folder actions — and a declining weight on raw volume and even complaint rate in isolation. A high complaint rate is still bad; a low complaint rate alone is no longer sufficient. Providers want to see active recipient engagement, not just the absence of negative signals.

The dedicated vs shared IP decision

Every sending program eventually faces the question of whether to use dedicated IPs or shared IPs. The answer depends on volume, operational maturity, and tolerance for reputation ownership. Getting the decision wrong in either direction produces predictable failure modes.

Dedicated vs shared IPs: the trade-off matrix
DimensionDedicated IPShared IP
Reputation ownershipYours alone; your sending defines itPooled with other senders; ESP manages pool health
Minimum sustainable volume~100k+ messages/month per IPNo minimum; shared infrastructure works at any scale
Upside potentialHigh — consistent clean sending builds strong reputationModerate — capped by weakest senders in the pool
Downside riskYou alone are accountable; mistakes land on your IPNeighbors' mistakes affect your deliverability
Warmup requiredYes — four to eight weeks typicallyNo — inherits the pool's existing reputation
Operational overheadHigher — monitoring, tuning, recovery if issuesLower — ESP handles pool management
Best fitLarge senders, transactional-critical, regulated industriesSmall-to-medium volume, simpler reputation needs

The minimum volume question

The threshold for dedicated IPs being viable is typically described as 100,000 sends per month, but the mechanics behind that number are worth understanding. Mailbox providers build reputation from observed sending behavior; below a certain signal density, they don't have enough data to build a confident reputation picture. The IP stays in an uncertain middle ground where filtering is conservative.

For senders below 100k/month, dedicated IPs often produce worse deliverability than shared IPs, because the shared pool has stronger cumulative signal. The counter-intuitive implication: growing a shared-IP program to dedicated volumes before migrating to dedicated is usually better than starting on dedicated at low volume.

The low-volume dedicated trap Teams sometimes insist on dedicated IPs at lower volumes because they want "full ownership of reputation." The instinct is sound; the implementation is wrong. At 20k/month on a dedicated IP, reputation is thin and filtering is aggressive. At 200k/month on the same IP, reputation is robust and deliverability is strong. Volume is the variable that changes everything; insisting on dedication without the volume to justify it produces predictably worse outcomes than using a shared pool.

Designing an IP pool structure

Once volume justifies dedicated IPs, the next design decision is how many pools to run and what goes on each. The principle that underlies everything else: different sending streams have different reputation dynamics, and putting them on the same pool means the weakest stream's problems affect the strongest stream's deliverability.

A typical IP pool structure for a growing sending program Separation by sending stream: the foundational reputation design Each pool has independent reputation; problems don't cascade Transactional pool mail.example.com Receipts, resets, alerts Highest reputation target Marketing pool news.example.com Newsletters, promos Medium-high reputation Cold outreach pool outreach.example.com Sales prospecting Isolated; volatile What this design protects against: A marketing campaign generates complaints → transactional OK A cold campaign hits a spam trap → marketing OK A transactional bug sends loop bursts → others OK
The pool separation pattern isolates different sending streams so that problems in one don't propagate to others. Each pool warms independently and maintains its own reputation signal.

The three canonical pools

  1. Transactional pool. Receipts, password resets, account notifications, receipts, and other user-triggered mail. This is the pool with the strongest inherent reputation — recipients expect these messages and engage positively with them. Protect it carefully; it's the foundation of user trust.
  2. Marketing pool. Newsletters, campaign sends, promotional mail. Higher complaint rate than transactional by nature; worth isolating so it doesn't drag down the transactional pool. Typically requires its own warmup when added.
  3. Cold outreach pool. Sales prospecting, cold email programs. Highest risk profile — recipients did not ask for the mail, and even well-targeted cold programs produce higher complaint rates than opt-in streams. Isolating cold on its own pool is non-negotiable for any serious sender; mixing cold with transactional is a specific way to destroy transactional deliverability.

Teams running multiple products sometimes add a fourth dimension: product-family isolation. A company with three distinct product lines might run three transactional pools (one per product) so that a problem in one product's sending doesn't affect the others. This is sensible at sufficient scale; below that scale, the per-pool volume drops below the dedicated-IP threshold and the isolation benefit is outweighed by the reputation-density cost. The broader story of how a sending program transitions from single-IP to multi-IP configurations, and the operational complexity that comes with it, is covered in scaling outbound when one IP is no longer enough.

Volume thresholds and the minimum-to-sustain question

Every sending pool has a minimum volume below which reputation becomes unstable. Below that threshold, providers don't see enough mail to form a confident view, and filtering becomes conservative by default. The exact numbers vary by provider but the pattern is consistent.

Approximate monthly volume thresholds for stable reputation (2016 estimates)
Volume tierMonthly sends per IPWhat works at this tier
StarterBelow 10kShared IP is correct; dedicated reputation can't form
Growing10k - 100kShared IP usually still right; consider dedicated once volume is stable above 100k
Established100k - 1MDedicated IP is viable and usually beneficial; run one or two pools
Scale1M - 10MMultiple dedicated IPs per pool; introduce separation by stream
High scale10M+Multiple pools; IP pool sharding; geographic distribution may matter

A useful heuristic: if your monthly volume divided by 100,000 is less than the number of dedicated IPs you're considering, you're probably over-fragmenting. Four dedicated IPs each sending 50k/month will typically underperform one dedicated IP sending 200k/month, because the aggregate reputation signal per IP is weaker.

The reputation signals mailbox providers watch

Understanding what mailbox providers actually measure makes reputation planning tractable. The signals are not secret — providers have published high-level descriptions — and their relative weights have shifted over the past few years in ways that matter.

The positive signals

Opens
Historically the primary engagement signal. Still useful but increasingly noisy due to prefetching by some clients. Providers are moving toward weighting opens less heavily and replies more heavily.
Clicks
Strong engagement signal; harder to forge than opens. A recipient who clicks is actively interacting with the content.
Replies
The strongest engagement signal. A recipient who replies is demonstrating that the mail is valuable to them. Providers weight this heavily.
Moving from spam to inbox
An explicit trust signal. When a recipient finds a message in spam and moves it to inbox, the provider updates its assessment significantly.
Adding sender to contacts / marking as important
Explicit positive actions. Less common than opens and clicks but weighted accordingly.
Not-spam votes
When a recipient disagrees with a spam classification and marks the message as not-spam, the provider treats this as a corrective signal.

The negative signals

Complaint rate
The most consequential single negative signal. Above 0.3%, most major providers treat a sender as abusive. Between 0.1% and 0.3%, providers warn and start filtering. Below 0.1% is the target; below 0.05% is excellent.
Hard bounces
Mail to invalid addresses. High hard-bounce rates indicate poor list hygiene and damage reputation quickly. Target below 2%; above 5% is a serious problem.
Spam trap hits
Mail to addresses specifically seeded in lists to catch spammers. Pristine traps (addresses that were never real) indicate list purchase or scraping. Recycled traps (previously valid addresses) indicate poor list hygiene. Hitting traps damages reputation severely.
Authentication failures
SPF/DKIM/DMARC failures. Each failure is a signal that the sender may not be legitimate. Authentication should pass consistently.
Blocklist appearances
Presence on Spamhaus, Barracuda, SORBS, or other major blocklists. Spamhaus in particular causes near-total delivery failure to many providers.

Monitoring: the tool stack for 2016

Reputation monitoring in 2016 is easier than it used to be. The tools have matured, most are free or reasonably priced, and the visibility is meaningfully better than what existed three years ago.

The reputation monitoring tool stack every sending program should use (2016)
ToolWhat it showsCostOperational use
Google Postmaster ToolsGmail's view: domain reputation, IP reputation, spam rate, feedback loop, authentication ratesFree (since July 2015)Gmail-specific tuning; highest priority for most senders
Microsoft SNDSOutlook/Hotmail/Live view: filter result (green/yellow/red), complaint rate, spam trap hitsFreeMicrosoft-specific tuning; second priority
Microsoft JMRPFeedback loop: individual complaint notificationsFreeSuppression list updates based on complaints
Return Path Sender ScoreAggregate reputation score 0-100 across their networkFree lookup; paid products for detailWeekly check; quick health metric
Cisco SenderBase / TalosIronPort's reputation assessment (Good/Neutral/Poor)Free lookupEnterprise-filter visibility
MXToolbox blacklist checkStatus across ~100 blocklists in one queryFree manual; paid monitoringIncident detection; periodic audit
HetrixToolsContinuous blacklist monitoring with alertsFree tier + paid24/7 blocklist surveillance
Return Path feedback loopsFBL from Yahoo, AOL, Comcast, and othersFree subscriptionComplaint-based suppression
Seed testing (multiple vendors)Where your mail actually lands across major providersVaries; $50-500/month typicalInbox placement verification

The weekly monitoring cadence

  1. Check GPT domain reputation for your sending domains. Trending up, flat, or down?
  2. Check SNDS filter result for your primary IPs. Green, yellow, or red?
  3. Check Sender Score for a quick aggregate number. Stable?
  4. Scan blocklist status via MXToolbox or continuous monitoring.
  5. Review FBL complaints from the past week. Addresses processed into suppression?
  6. Look at seed test results if you run them. Inbox placement consistent with expectations?

This is a 15-minute task done weekly by one person who owns deliverability. The investment pays off in catching drift before it becomes damage.

Blocklists: what they are, how to respond

A blocklist listing is often the first visible symptom of a reputation problem that has been developing for weeks. Understanding the major blocklists, what triggers listings, and how to respond is part of the reputation-management skillset every sending program needs.

Major blocklists in 2016 and what they respond to
BlocklistFocusTypical impactDelisting approach
Spamhaus SBLManually curated; spam sourcesSevere — blocks at most major providersFix root cause first; then document and request via spamhaus.org/lookup
Spamhaus XBLExploited/compromised hostsModerate-severeSecure the infrastructure; delisting typically fast
Spamhaus PBLPolicy list; end-user IP rangesModerate; many providers accept mail anywayRemove if IP is legitimately a sending server
Spamhaus DBLDomain-based; malicious domainsSevere for the listed domainFix underlying issues; request removal
Spamhaus ZENAggregated lookup of SBL+XBL+PBLMost-queried blocklist in the worldFix whichever component list triggered
Barracuda Reputation Block List (BRBL)Algorithmic; complaint-drivenModerate; affects Barracuda customersForm-based delisting; typically 7-10 days
SORBSSeveral sub-lists; various criteriaModerate; narrower impact than SpamhausNotoriously slow delisting; persistence required
SpamCopComplaint-driven; fast-movingModerate; transientDelistings often automatic after cessation of reports
SURBLURL-based; domains in message bodiesVariable; affects message scoringClean the referenced content; request removal

The delisting protocol

A blocklist appearance is a symptom, not a cause. Requesting delisting before fixing the underlying issue almost always results in re-listing, often with a lower trust threshold than before. The sequence that works:

  1. Stop the sending that triggered the listing. If it was a campaign, pause it. If it was a compromised account, lock it. If it was a bad list, remove it.
  2. Identify the root cause. What specifically caused the listing? Spam trap hit? Complaint spike? Compromised sending? Without knowing the cause, you can't prevent recurrence.
  3. Document the fix. Write a specific explanation: what happened, when it stopped, what changed to prevent recurrence. "We are not spammers" is not a delisting argument; "we identified that a user uploaded an unverified list on March 15, stopped the send at 2pm, removed the list segment, and implemented double opt-in for new signups" is.
  4. Submit the delisting request. Use the blocklist's standard submission process. For Spamhaus, that's spamhaus.org/lookup; for others, check their documentation.
  5. Resume sending gradually. After delisting, the IP's reputation does not return to its previous level. Restart with a reduced volume and rebuild. Full-volume resumption after delisting is how re-listings happen.
The "we're not spammers" response The most common delisting mistake is a generic protest of innocence. Blocklist operators see these by the thousand; they are not moved. What moves them is specific evidence that the sender has identified the problem, fixed it, and can articulate what changed. The quality of the delisting request meaningfully affects the speed and outcome.

Domain reputation and why it's rising in importance

For most of the history of email deliverability, IP reputation was the dominant signal and domain reputation was secondary. That balance has been shifting over the past few years, and Gmail in particular has become heavily domain-weighted. Google has said publicly that domain reputation carries significant weight in their filtering decisions, and the observable evidence is consistent: Gmail users who send from domains with good reputation reach the inbox even from IPs with middling reputation, and vice versa.

What this means operationally

  • Changing IPs doesn't escape a damaged domain reputation. If example.com's domain reputation is damaged, moving to a fresh IP doesn't restore deliverability at Gmail. The domain reputation follows the domain.
  • A new IP inherits partial benefit from an established domain reputation. A good domain reputation means Gmail gives new IPs for that domain more trust than a neutral starting point.
  • Subdomain strategy is reputation strategy. Separating transactional, marketing, and cold into different subdomains (mail.example.com, news.example.com, outreach.example.com) gives each its own domain reputation surface, with benefits that mirror IP pool separation.
  • DMARC enforcement protects the domain reputation you build. A domain without DMARC is spoofable, and spoofed mail damages domain reputation. DMARC at p=reject is a reputation-protecting control as much as a phishing-protecting one. The enforcement playbook from the first wave of DMARC adopters, which applies directly here, is covered in DMARC in practice: early lessons from the first wave of adopters.

Planning for multi-region and international sending

Programs that expand internationally face specific deliverability questions: do recipients in a region expect mail from a regionally-sourced IP, do local mailbox providers have stricter filtering, and what are the regulatory implications of sending to that region?

What actually matters regionally in 2016

Regional sending considerations
RegionKey considerationsIP sourcing guidance
North America (US, Canada)Gmail, Microsoft, Yahoo dominant; CAN-SPAM and CASL applyUS or Canadian IPs fine; CASL requires express consent for Canadian recipients
Europe (EU)EU General Data Protection Regulation enacted this year (enforcement May 2018); strong recipient privacy expectationsEuropean IPs preferred for European recipients by some ISPs; data residency matters for subject records
UK (still EU)Same as EU for now; Brexit discussions but no regulatory change yetUK-sourced IPs reasonable choice
Asia-PacificNaver (Korea) and regional providers have their own filtering quirksRegional IPs often improve deliverability; research per-market
Latin AmericaGmail-heavy recipient base; US IPs typically fineStandard IPs adequate unless specific issue identified
ChinaHighly-specific market; NetEase, Tencent (QQ), Sina dominant; many US-based senders get filtered aggressivelyConsider region-specific sending partner if China is material

The practical rule: for primary markets, source IPs in-region if volume justifies it. For secondary markets, a single US or EU origin is usually fine. Don't over-engineer IP geography for markets that aren't a large part of sending volume.

The expansion playbook: adding capacity without breaking reputation

The specific mechanics of scaling a sending program without damaging reputation are where reputation planning becomes operational discipline. The pattern that works consistently: add capacity incrementally, warm new IPs or domains carefully, and verify before committing.

Adding a new IP to an existing pool

  1. Plan the warmup schedule. Four to eight weeks, starting at 50-100 sends/day, ramping to full volume. Weekend sending at lower volume keeps the pattern natural. The detailed warmup-schedule mechanics, including daily volumes and engagement targets, are covered in designing an IP warmup schedule.
  2. Send to the most-engaged segment first. Your best recipients — frequent openers, clickers, replyers — produce the positive signals that build reputation fastest. Don't warm with a broad list.
  3. Monitor daily in the first two weeks. GPT, SNDS, bounce rate, complaint rate. Any negative signal pauses the ramp until understood.
  4. Increase volume only when signals are clean. The default ramp schedule is a starting point; slow down if the signals warrant, speed up if they're consistently green.
  5. Reach steady state. After six to eight weeks, the IP is warmed. Integrate it into normal rotation within the pool.

Standing up a new pool entirely

Much like adding an IP, but with more complexity because the pool needs its own warm-up across multiple IPs. Typical approach: bring up one IP at full warmup cadence, then add a second IP after the first is stable, then a third, and so on. Standing up five IPs simultaneously for a new pool produces worse outcomes than standing them up one at a time — each IP gets less signal density during its critical warmup window.

Retiring an IP or pool

Less dramatic than adding but worth doing deliberately. Ramp volume down over a few weeks rather than stopping abruptly; abrupt cessation can look unusual to providers, though the effect is minor. The real consideration is what happens to recipients who were previously getting mail through that IP — they should either continue receiving mail from another IP in the pool or be notified of the change.

Frequently asked questions

How long does it take to build a good reputation?

For a new IP with steady volume and clean signals, six to eight weeks gets to "warmed" status. Building reputation to the point where deliverability is predictable through occasional rough patches takes longer — usually three to six months of sustained good behavior. There is no shortcut.

What's the fastest way to damage reputation?

Sending to a purchased list, especially one with spam traps in it. A single campaign to a bad list can produce a Spamhaus SBL listing in hours and a reputation recovery timeline in months. The economics of list purchase never make sense once this cost is factored in.

Can a good reputation transfer between IPs?

IP reputation is IP-specific. Moving to a new IP means starting over on IP reputation. Domain reputation, however, is more portable — the new IP inherits some of the domain's existing reputation benefit at providers that weight domain heavily (Gmail).

How do we recover from a reputation crisis?

Stop whatever caused the problem. Reduce volume significantly. Focus remaining sending on your most-engaged segment. Monitor daily. Expect six to twelve weeks for recovery, longer if the crisis was severe. The pattern is: prove to providers through sustained good behavior that things have changed.

Is Sender Score still relevant?

Yes, as a quick health-check metric. It aggregates data from Return Path's cooperative network and produces a 0-100 score. Above 80 is healthy; 70-80 is mediocre; below 70 indicates problems. Don't rely on it alone — Gmail's view, Microsoft's view, and Sender Score are all independent data points — but it's a useful single number.

What about BIMI?

BIMI (Brand Indicators for Message Identification) is an emerging concept that will let senders display a brand logo next to authenticated messages in supporting email clients. The working group is still early; the spec isn't final. Worth tracking but not yet deployable. Expect it to mature over the next couple of years.

How does Gmail's domain emphasis change our planning?

Subdomain strategy becomes as important as IP strategy. Each sending stream on its own subdomain, each with its own reputation surface. DMARC at p=reject to protect the domain reputations you're building. Monitor GPT for domain-level signals, not just IP-level.

Closing perspective

Reputation is the quiet infrastructure that makes email deliverability possible. It is not glamorous; it is not a growth lever you can pull in a quarter; it is the accumulated evidence to mailbox providers that you are a sender worth trusting. Teams that treat it as ongoing operational work — weekly monitoring, careful expansion, disciplined response to signals — end up with the reputation they need to grow. Teams that treat it as a project to be finished encounter the predictable problems of assuming something static that is actually dynamic.

The good news: the tooling, the standards, and the operational patterns are better-established now than at any point in the history of the category. Google Postmaster Tools, live since last summer, gives Gmail visibility that didn't exist for the two decades before it. Microsoft SNDS and JMRP give Microsoft visibility. DMARC — now just over a year old as an RFC — gives the industry a standard way to coordinate authentication and protect domains. Sender Score, blocklist tooling, seed testing, and monitoring services fill in the rest. A team that uses these tools consistently will avoid the vast majority of reputation crises that afflicted sending programs five years ago.

For programs planning growth, the honest sequencing: get authentication right first (SPF, DKIM, DMARC); set up monitoring (GPT, SNDS, Sender Score); decide on your pool structure based on current and projected volume; plan subdomain strategy that supports expansion; document your warmup and expansion playbook before you need it. This is a few weeks of work that insures against years of reputation trouble. The teams we've seen succeed at scale share this pattern; the teams that struggle are the ones that deferred it until the first crisis forced them to do it anyway.

The domain reputation shift — underway at Gmail and beginning elsewhere — makes this work more consequential than it was even three years ago. A clean IP structure without a thoughtful domain strategy will carry senders partway. A clean IP structure combined with subdomain separation and DMARC enforcement is what carries senders through the scale transitions that would otherwise break them. The investment is modest. The protection is durable. The returns compound for as long as the sending program lives.