The vocabulary of deliverability, defined to stand on its own
Email has accumulated an unusual amount of jargon — mostly acronyms hiding simple ideas. Each definition here is written so you can land on any term, read it, and leave understanding it, without needing the three terms above it. And where a term's practical meaning shifted when bulk-sender enforcement arrived through 2024 and 2025, the definition reflects the 2026 reality, not the textbook version.
The vocabulary of email infrastructure, defined plainly
Email deliverability has accumulated an unusual amount of jargon, much of it acronyms that hide simple ideas. This glossary defines the terms you'll meet when setting up or diagnosing a sending setup, written so that a definition stands on its own — you can land on any term, read it, and leave understanding it, without needing the three terms above it. Where a definition has changed in practical meaning recently, it reflects the 2026 reality rather than the textbook version, because the bulk-sender enforcement that arrived through 2024 and 2025 turned several of these from "good practice" into "required to reach the inbox at all."
Alignment
The requirement that the domain in the visible From: header matches the domain validated by SPF or signed by DKIM. Authentication can pass technically while still failing alignment, and DMARC only passes when at least one of SPF or DKIM both passes and aligns. Misalignment is one of the most common reasons a setup that "looks authenticated" still gets rejected.
ARC — Authenticated Received Chain
A set of headers that preserve authentication results when a message is forwarded — through a mailing list or an inbound gateway, for example. Forwarding normally breaks SPF and can break DKIM; ARC lets a forwarder vouch that the message passed authentication before it touched it, so a legitimately forwarded message isn't treated as unauthenticated at the final destination.
BIMI — Brand Indicators for Message Identification
A standard that displays your verified logo next to your messages in supporting inboxes. It depends on DNS records and requires DMARC at p=quarantine or p=reject as a precondition, plus, for the major providers, a Verified Mark Certificate proving you own the trademark on the logo. BIMI is the visible reward for getting authentication fully right.
Blocklist (DNSBL / RBL)
A published list of IP addresses or domains believed to send spam, queried in real time by receiving servers over DNS. Landing on a significant blocklist can sharply cut delivery. Lists differ in influence and in how they handle delisting, so the first diagnostic step when delivery drops is identifying which list, which the blocklist lookup does across the major ones at once.
Bounce (hard vs soft)
A bounce is a delivery failure returned by the receiving server. A hard bounce is permanent — the address doesn't exist — and the address should be suppressed. A soft bounce is temporary — a full mailbox, a transient server problem — and is worth retrying. Misclassifying a soft bounce as hard suppresses a recoverable address, which is a quiet way to shrink a list you didn't mean to.
Bulk sender
Under the Gmail and Yahoo rules, a sender of roughly more than 5,000 messages per day to their users. Bulk senders face the full authentication, spam-rate and one-click-unsubscribe requirements. The threshold matters because crossing it changes your obligations overnight, and a growing sender can cross it without noticing.
DANE — DNS-based Authentication of Named Entities
A mechanism that uses DNSSEC-signed TLSA records to tell a sending server which TLS certificate to expect, removing the trust assumption in the certificate authority entirely. It's an alternative or complement to MTA-STS for enforcing encrypted transport, favoured particularly in German, Dutch and other DNSSEC-heavy networks.
Dedicated IP
A sending IP address used by one customer only, as opposed to a shared pool. The reputation of a dedicated IP is yours alone — a neighbour's spam run can't blocklist you — but it carries the responsibility of warming, since a new dedicated IP starts with no reputation at all.
DKIM — DomainKeys Identified Mail
A cryptographic signature added to each message, verified by the receiver against a public key published in your DNS. It proves the message wasn't altered in transit and genuinely came from a sender authorised for the domain. Modern practice is a 2048-bit key; 1024-bit is now considered weak. Check any domain's setup with the DKIM tester.
DMARC — Domain-based Message Authentication, Reporting and Conformance
The policy layer that sits on top of SPF and DKIM. It tells receivers what to do with messages that fail authentication (p=none monitors, p=quarantine sends to spam, p=reject blocks) and produces aggregate reports showing who is sending as your domain. Since the 2024 bulk-sender rules, a published DMARC record is a baseline requirement, not an enhancement. The DMARC checker reads any domain's policy in plain language.
DNSSEC
A set of DNS extensions that cryptographically sign DNS records so a resolver can verify they weren't tampered with. It's the foundation DANE depends on, and its presence on a receiving network is what makes DANE-based transport security possible.
Inbox placement
Whether a delivered message reaches the inbox rather than the spam folder. Distinct from delivery, which only means the receiving server accepted the message. Inbox placement is the metric that actually determines whether email does its job, and across industries in 2026 it ranges from roughly 86% to 92% for disciplined senders — a spread driven by reputation and authentication, not server uptime.
IP warming
The practice of starting a new sending IP at low volume to engaged recipients and ramping up gradually over weeks, so the receiving providers build a positive reputation before high volume arrives. Skipping warming is among the fastest ways to land a new IP in spam, regardless of how clean the underlying list is.
MTA — Mail Transfer Agent
The software that routes and transmits email between servers. PowerMTA is a high-performance commercial MTA used for large-scale sending; Postfix and Exim are common open-source ones. The MTA is the engine of a sending platform — the thing that actually moves the mail.
MTA-STS — Mail Transfer Agent Strict Transport Security
A policy, published over HTTPS, that tells sending servers TLS is mandatory for your domain and delivery should fail rather than fall back to plaintext. It closes the downgrade-attack hole in opportunistic STARTTLS, where an attacker strips the encryption upgrade and forces plaintext. Run in enforce mode, it prevents the silent interception that STARTTLS alone allows.
One-click unsubscribe (RFC 8058)
A List-Unsubscribe header that lets the mailbox provider show a native unsubscribe button, so a recipient can opt out without hitting "report spam." Required for bulk senders under the Gmail and Yahoo rules, exempt for genuinely transactional mail. Every automated unsubscribe that replaces a spam complaint protects your sender reputation.
PTR record / reverse DNS / FCrDNS
A PTR record maps a sending IP back to a hostname — the reverse of normal DNS. Receiving servers check that this reverse lookup exists and that it forward-confirms (the hostname resolves back to the same IP), known as FCrDNS. A missing or mismatched PTR is a basic red flag that depresses deliverability before content is even considered.
SPF — Sender Policy Framework
A DNS record listing which servers are authorised to send mail for your domain. It has a hard limit of ten DNS lookups; chaining too many include: statements blows past it and can fail the whole record. Flattening — resolving includes to their IP ranges — is the fix, handled by the SPF flattener.
Spam rate
The proportion of your delivered mail that recipients mark as spam, as reported by Google Postmaster Tools. Above 0.1% deserves attention; above 0.3% is enforcement territory where delivery problems are expected. It is the single number the major providers watch most closely.
STARTTLS
The SMTP command that upgrades a plaintext connection to TLS encryption. About 90% of email traffic uses it, but because it's opportunistic, it's vulnerable to a downgrade attack — which is the problem MTA-STS and DANE exist to solve.
Suppression list
The record of addresses you must not send to — hard bounces, spam complaints, and unsubscribes. Maintaining it is both a deliverability necessity and a compliance one, and it must carry across a provider migration so that someone who unsubscribed doesn't start receiving mail again because you changed infrastructure.
TLS-RPT
A reporting standard, paired with MTA-STS, that delivers reports on TLS connection failures to an endpoint you publish. It turns transport-security problems from invisible into something you can actually see and act on. The TLS report decoder parses these reports into readable form.
421 vs 550 (SMTP response codes)
Two error families that matter for authentication. A 421 is a temporary deferral — the receiver is rate-limiting or asking you to retry, often because of a soft authentication problem. A 550 is a permanent rejection — the mail is blocked outright, typically for unauthenticated or badly misconfigured sending. The shift many senders felt in late 2025 was Gmail moving certain failures from 421 to 550, turning "your mail is slow" into "your mail is blocked."
From definition to working setup
A glossary tells you what a term means; the free tools on this site tell you whether yours is configured correctly. Run your domain through the DMARC, SPF and DKIM checks, and if a term here describes a problem you're actually seeing, the operator team can help you fix it rather than just define it.
A note on why these definitions keep changing
Several terms here meant something softer two years ago. SPF, DKIM and DMARC were "recommended" before the major providers made them mandatory for bulk senders; the shift from temporary deferral to permanent rejection turned authentication from a deliverability optimisation into a condition of entry to the inbox. A glossary in this field has to be dated to be honest, which is why this one reflects the 2026 enforcement reality rather than the more forgiving world that preceded it.