Follow these best practices to ensure your emails reach the inbox and maintain a healthy sender reputation.

Domain Setup

Use Dedicated Subdomains

Benefits:

• Isolates email reputation from your main domain
• Allows different subdomains for different use cases
• Easier to troubleshoot deliverability issues

Suggested subdomain structure:

Complete All DNS Records

Ensure all authentication records are configured:

1. DKIM - All three CNAME records
2. SPF - TXT record authorizing Send.dev
3. DMARC - Policy and reporting configuration
4. Return Path - Bounce handling CNAME

See our DNS Configuration guide for details.

Progressive DMARC Policy

Start with p=none and gradually increase:

Week 1-2:  v=DMARC1; p=none; rua=mailto:dmarc@send.dev
Week 3-4:  v=DMARC1; p=quarantine; pct=25; rua=mailto:dmarc@send.dev
Week 5+:   v=DMARC1; p=quarantine; rua=mailto:dmarc@send.dev
Final:     v=DMARC1; p=reject; rua=mailto:dmarc@send.dev

Email Content

Always Include Plain Text

{
  "from": "hello@mail.yourdomain.com",
  "to": "user@example.com",
  "subject": "Welcome!",
  "html": "<h1>Welcome!</h1><p>Thanks for signing up.</p>",
  "text": "Welcome!\n\nThanks for signing up."
}

Plain text versions:

• Improve deliverability (some filters flag HTML-only emails)
• Display in clients that don't support HTML
• Are accessibility-friendly

Write Meaningful Subject Lines

Good:

• "Your order #12345 has shipped"
• "Password reset request"
• "Weekly digest for January 13"

Avoid:

• ALL CAPS or excessive punctuation!!!
• Spammy words (FREE, URGENT, ACT NOW)
• Misleading subjects
• Empty or generic subjects

Use Proper From Names

{
  "from": "Alex from Acme <support@mail.acme.com>"
}

Include a recognizable sender name to:

• Build trust with recipients
• Improve open rates
• Reduce spam complaints

Include Unsubscribe Links

For marketing emails, always include unsubscribe options:

<p>
  Don't want these emails?
  <a href="https://yourdomain.com/unsubscribe?email={{email}}">Unsubscribe</a>
</p>

This is required by:

• CAN-SPAM Act (US)
• GDPR (EU)
• CASL (Canada)

List Management

Verify Email Addresses

Validate email addresses before adding to your list:

// Basic validation
const emailRegex = /^[^\s@]+@[^\s@]+\.[^\s@]+$/;
if (!emailRegex.test(email)) {
  throw new Error('Invalid email address');
}

Consider using email verification services for:

• Syntax validation
• Domain validation
• Mailbox verification

Handle Bounces Immediately

Remove hard bounces from your list immediately:

// Webhook handler for bounce events
app.post('/webhooks/send', (req, res) => {
  const event = req.body;

  if (event.type === 'email.bounced' && event.data.bounce.type === 'hard') {
    // Remove from your list
    await removeFromList(event.data.to);
  }

  res.sendStatus(200);
});

Process Complaints

When someone marks your email as spam:

1. Remove them from all lists immediately
2. Never email them again
3. Review why they complained

Use Double Opt-In

For marketing lists, require confirmation:

1. User signs up
2. Send confirmation email with unique link
3. User clicks link to confirm
4. Only then add to marketing list

This ensures:

• Valid email addresses
• Engaged subscribers
• Compliance with regulations

Sending Practices

Warm Up New Domains

Don't send high volumes from a new domain immediately:

Send at Optimal Times

• Avoid sending everything at once
• Spread sends over time
• Consider recipient time zones
• Test different send times

Monitor Engagement

Track and act on engagement metrics:

Technical Best Practices

Use Idempotency Keys

For critical emails, use idempotency keys to prevent duplicates:

curl -X POST https://api.send.dev/v1/emails \
  -H "Authorization: Bearer sk_live_your_api_key" \
  -H "Idempotency-Key: order_123_confirmation" \
  -d '{ ... }'

Implement Retries with Backoff

async function sendWithRetry(email, maxRetries = 3) {
  for (let i = 0; i < maxRetries; i++) {
    try {
      return await send.emails.send(email);
    } catch (error) {
      if (error.code === 'rate_limited') {
        await sleep(Math.pow(2, i) * 1000);
        continue;
      }
      throw error;
    }
  }
}

Log Everything

Keep logs for debugging and compliance:

const email = await send.emails.send({
  from: 'hello@mail.yourdomain.com',
  to: 'user@example.com',
  subject: 'Welcome!',
  html: '<p>Welcome!</p>',
  metadata: {
    user_id: 'user_123',
    email_type: 'welcome',
  },
});

// Log for your records
logger.info('Email sent', {
  email_id: email.id,
  user_id: 'user_123',
  type: 'welcome',
});

Security

Protect API Keys

• Store in environment variables
• Never commit to version control
• Use domain-restricted keys
• Rotate regularly

Validate User Input

Sanitize any user-provided content:

import { sanitizeHtml } from 'your-sanitizer';

const userComment = sanitizeHtml(request.body.comment);

await send.emails.send({
  from: 'notifications@mail.yourdomain.com',
  to: 'admin@yourdomain.com',
  subject: 'New comment',
  html: `<p>New comment: ${userComment}</p>`,
});

Use HTTPS Everywhere

• All API calls over HTTPS
• All tracking links over HTTPS
• All images in emails over HTTPS

Monitoring Checklist

Regularly review:

• Delivery rates (target: above 95%)
• Open rates (benchmark against industry)
• Click rates (benchmark against industry)
• Bounce rates (target: under 2%)
• Complaint rates (target: under 0.1%)
• Domain reputation (use tools like Google Postmaster)
• Blacklist status (check periodically)
• Authentication status (DKIM/SPF passing)