§8 · Deliverability
The deliverability fundamentals every self-hosted sender owns.
Mailbox providers — Gmail, Outlook, Yahoo, Apple Mail — score every incoming message against a stack of authentication and reputation signals before deciding inbox vs. spam vs. reject. On SaaS the platform abstracts these signals; self-hosted you tune them yourself. The good news: the standards are public and stable.
SPF — Sender Policy Framework (RFC 7208)
A TXT record on your sending domain that lists the IPs allowed to send mail "as" that domain. Mailbox providers check the envelope-from against the SPF record; mismatches degrade reputation. With SES the record is one line: v=spf1 include:amazonses.com -all. For multi-relay setups, chain includes: v=spf1 include:amazonses.com include:mailgun.org -all. The -all tail says "anything not listed should be rejected"; for the first month use ~all (soft-fail) until you're confident the record is exhaustive.
DKIM — DomainKeys Identified Mail (RFC 6376)
A cryptographic signature on every outgoing message, signed by a key whose public half is published as a DNS TXT record at {selector}._domainkey.{domain}. The receiver fetches the public key and verifies the signature; tamper-evident header + body chain. SES generates three CNAMEs for you to add — done. Self-hosted MTAs need OpenDKIM or rspamd configured. DKIM failures don't usually trigger immediate rejection, but they erode the domain reputation score that drives placement.
DMARC — alignment + reporting (RFC 7489)
The policy on top of SPF + DKIM. DMARC says "the From-header domain must align with the SPF or DKIM domain, and here's what to do if alignment fails: monitor (p=none), quarantine (p=quarantine), or reject (p=reject)." Plus an rua address that gets daily aggregate reports of who's sending mail "as" you. Start at p=none for a month, read the reports, fix any forgotten subdomains, then move to p=quarantine, then p=reject. As of February 2024, Google and Yahoo require DMARC for bulk senders (5K+ sends/day) — not optional.
List hygiene — the suppression habit
Hard bounces (5xx codes — invalid mailbox, domain doesn't exist) must be suppressed permanently after the first occurrence; otherwise mailbox providers treat your list as poorly maintained. Soft bounces (4xx — full mailbox, temporary failure) are retried with exponential backoff and suppressed after 3–5 retries. Complaints — recipient hit "spam" — suppress immediately and forever. Re-engagement campaigns should target the engaged half of your list every 90 days; non-openers in 180+ days come off entirely. Every self-hosted platform exposes this; AcelleMail's per-list suppression model integrates with the bounce-handler webhook hooked up at step 4 above.
Engagement signals + IP reputation
Mailbox providers increasingly weight recipient engagement: opens, clicks, "not spam" gestures, replies. Sending the same message to your most-engaged 10% drives reputation up; sending to your dead 50% drags it down. Self-hosted means you have raw access to engagement data — segment campaigns to the engaged half, suppress the long-cold half, and watch the bounce + complaint rates. Tools to monitor: Google Postmaster Tools (free), Microsoft SNDS (free), the relay's own dashboard. Acelle's automation flows can branch on engagement-score custom fields, which is the cleanest place to encode the rule.
