Why Email Deliverability Depends on Trust and Identity

Email remains one of the most direct and effective channels in digital marketing. And yet, despite significant investments in content, design, and audience segmentation, many companies struggle due to a fundamental problem: their emails do not reliably reach the inbox. The reason rarely lies in the content itself. More often than not, it’s a lack of trust – trust that is expected not only from the recipient but from the entire email ecosystem.

At the DDV event “Intelligent Customer Dialogue 2030” in Cologne in January 2026, we addressed precisely this question: How do senders, email service providers, and mailbox providers build the trust that leads to consistent, reliable delivery – and what concrete steps can marketers take now to improve their situation?

The trust triangle: Three parties, one goal

Every email that lands in an inbox is the result of trust between three parties: the sender (the brand), the email service provider (ESP), and the mailbox provider (MBP) – that is, services like Gmail, GMX, or Outlook.

All three have different interests, but a shared need: they do not want to be associated with spam or fraud. The sender wants their messages to be noticed and read. The ESP must be regarded as a trustworthy sending infrastructure to avoid delivery issues. And the mailbox provider protects its users – it wants to offer them a good inbox experience while safeguarding them from spam and phishing.

The domain is the common denominator for all three parties. It serves as an anchor of trust: for the ESP and the brand, it’s the sender’s ID; for the mailbox provider, it’s the signal for assessing security and reputation; and for the end user, it’s the element that creates recognition. In a world where IP addresses change and infrastructures evolve, the domain is the only constant thread that holds a sender’s identity together.

Why identity consistency is crucial – and where it falls short

A strong sender identity requires consistency. In practice, however, many companies undermine their own identity through fragmented domain usage – often without realizing it.

The most common pattern involves so-called cousin domains: separate domains that belong to the same brand family but are not structurally linked. A company that communicates via firma.de and uses firma-news.de for its newsletter appears to outsiders as two independent senders. Similarly problematic, a company that operates bar.de and bar.fr instead of using de.bar.com and fr.bar.com forfeits the reputation inheritance provided by subdomains. Subdomains belong to the parent domain – separate domains do not.

The causes of this fragmentation are usually trivial: a complicated internal coordination process, a change of provider that led to a new sending domain, a “burned” domain that was abandoned instead of repaired – or simply a conflict between IT and marketing over DNS control. The result is the same: a diluted identity, inconsistent reputation signals, and avoidable delivery risks.

Technical safeguards: The indispensable foundation

Once the domain strategy is in place, authentication follows. Many companies have made progress in this area in recent years – driven by requirements from major email providers like Google and Yahoo. However, the quality of implementation varies significantly.

SPF (Sender Policy Framework) specifies which servers are authorized to send emails on behalf of a domain. SPF operates at the level of the MAIL FROM (Return Path) address and protects against simple spoofing at the infrastructure level.

DKIM (DomainKeys Identified Mail) adds a cryptographic signature to each message, verifying its integrity and linking it to the signing domain. A 2048-bit key is recommended; 1024 bits should be considered the absolute minimum.

DMARC (Domain-based Message Authentication, Reporting, and Conformance) combines both mechanisms. Importantly, DMARC does not authenticate on its own – it checks whether SPF or DKIM passes and whether the authenticated domain matches the visible sender domain in the FROM header (domain alignment). If both fail, DMARC can instruct the receiving server to move the message to the spam folder or reject it.

Common DMARC errors in practice

DMARC is the area where most companies still have room for improvement. The most common problems:

• No DMARC record – the domain is unprotected and invisible for reporting.
• Permanent p=none – useful as a starting point, but insufficient as a permanent state.
• p=reject without reporting – enforcement without a feedback loop, blind to blocked legitimate traffic.
• A reporting address that cannot receive emails – the report feed is interrupted from the start.

The correct approach is a phased rollout. Start with p=none and aggregate reporting enabled, monitor for one to two weeks, then enforce p=quarantine, and finally p=reject. After that, monitoring should continue indefinitely – at least once a week.

Domain Alignment: More Than Just DMARC

An often-overlooked aspect: A single email contains many domains. Header-FROM, Mail-FROM (for SPF), DKIM-Signing-Domain, Reply-To address, link domains, and image domains can all be different. DMARC requires alignment between the authenticated domain and the Header-FROM. Furthermore, it’s good practice to consistently trace all visible domains in an email back to the primary sender domain – this strengthens identity, enables clean monitoring, and signals to both filtering systems and recipients: This sender has nothing to hide.

BIMI: Making trust visible

BIMI (Brand Indicators for Message Identification) is the visual layer built on this technical foundation. Any sender who enforces DMARC with p=reject, has a good sending reputation, and holds a verified logo certificate – either a VMC (for registered figurative marks) or a CMC (for logos that have been in use for at least one year) – will have the brand logo displayed directly in the inbox by supporting email providers, even before the email is opened.

This matters for marketers: BIMI translates authentication and reputation into brand visibility. It’s the direct, measurable return on investment in a clean technical infrastructure.

Transparency before sending: The human side of trust

Authentication governs trust between machines. At least as important – and often underestimated – is the trust between the sender and the human recipient.

A common misconception: Opt-in means guaranteed delivery to the inbox. In fact, that is not the case. Opt-in is a legal requirement, not a technical or reputation-related one. Mailbox providers and spam filters evaluate user behavior, not the sender’s intent. Anyone who does not open emails, deletes them unread, or marks them as spam – even for messages they’ve technically subscribed to – damages the sender’s reputation.

The cause is almost always the same: unmet expectations. Anyone who signs up for a weekly newsletter and receives promotional emails daily may disengage, ignore future messages or, even worse, complain about spam. 

Anyone who signed up two years ago and has since forgotten the context will perceive a legitimate email as unfamiliar or unwanted. Two simple measures help in practice:

Manage expectations during the sign-up process: Be specific. What will subscribers receive? How often? What value does it offer? “Sign up for our newsletter” sets hardly any expectations. “Receive our industry news every Tuesday – concise and practical” does.

Subscription reminder in the email footer: A simple sentence – “You’re receiving this email because you signed up for it on our website on [DD/MM/YYYY]” – reduces complaints, provides context for subscribers whose memory has faded, and stabilizes engagement signals. A small change with a disproportionately large impact.

What good monitoring means

Trust isn’t a one-time setup. It requires continuous measurement – at every level.

At the ESP level, this means ensuring that every send uses SPF, DKIM, and DMARC, and that DMARC reports are actually analyzed. Mapp, for example, monitors DMARC data globally on a daily basis and conducts engagement audits to identify reputation risks before they become delivery issues.

At the certification level, organizations like the CSA provide certified senders with real data feedback from mailbox providers. This creates a positive cycle: trust promotes transparency, transparency generates data, and data enables quality control. As traditional metrics like open rates become increasingly unreliable due to client-side pre-fetching and privacy features, these real-data feeds from MBPs are becoming significantly more important.

Practical checklist for senders

1. Review domain strategy. Are cousin domains being used? Can the structure be consolidated into consistent subdomains under the main domain?
2. Check authentication. Are SPF, DKIM (2,048 bits recommended), and DMARC fully configured? Is the DMARC policy enforced, or is it still set to p=none?
3. Enable and evaluate DMARC reporting. Set up a functional rua= address and analyze the reports weekly.
4. Ensure domain alignment in all emails. The FROM header, DKIM signature, and ideally link and image domains should consistently point to the primary sender domain.
5. Review the sign-up process. Are clear expectations set? Does the email footer include a subscription reminder?
6. Actively monitor engagement. Segment or unsubscribe contacts who have not responded in 6 - 12 months. Lower volume with high engagement performs better than high volume with low engagement.
7. Check BIMI. If you’ve implemented p=reject and have a stable reputation, you should check whether the logo qualifies for a CMC or VMC. Inbox visibility is a real advantage.

Conclusion

Email deliverability is not a technical problem with a one-time solution. It is a matter of trust that requires continuous investment in infrastructure, identity, transparency, and monitoring. The good news: the path to achieving this is clearly laid out. Those who set up their domain strategy correctly, consistently implement DMARC, communicate honestly with their subscribers, and continuously monitor their reputation will be rewarded – with inbox placement, engagement, and, in the long term, with the brand visibility that BIMI enables.

Trust is built gradually in email marketing – and quickly lost. The technical tools for this are more accessible than ever. The question is whether companies are willing to use them consistently.

Florian Vierke has been working in the email deliverability space for the past 15 years. He is responsible for Mapp’s global deliverability services and is an active member of various related associations, including the Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG), the Certified Senders Alliance (CSA), the German Direct Marketing Association (DDV), The Competence Group (TCG), and Signal Spam, to name a few. With a background in computer science, Florian specializes in data security, trust, and authentication within the email ecosystem. In his current role, his work increasingly focuses on building and automating internal tooling using AI and workflow automation to scale deliverability services, improve data workflows, and support the adoption of emerging email technologies.

Sandra Schubert is an experienced email marketing and customer service professional. As an email marketing consultant at Validity/Return Path in France, she worked with brands to address deliverability issues and refine email strategies. Prior to that, she supported her clients in various roles in an international environment, including client success and channel support at Return Path and export management at Carl Zeiss. Since August 2023, she has returned to customer support in her home country Germany, where she combines her expertise and passion for helping others as Customer Support Manager at CSA.

Sebastian Kluth is a passionate email expert with a focus on email deliverability and email marketing and has been leading the technical team of the Certified Senders Alliance since 2019. As a team leader and consultant at Return Path, netnomics GmbH and Emailvision GmbH, among others, he has been supporting and advising leading companies in improving email deliverability and email marketing for more than 15 years. As an IT professional, he brings the necessary core competencies for his passion from other positions in the e-commerce and publishing environment.