myagentmail2026-03-22 · deliverability email dns spf dkim dmarc domain-warming
Email Deliverability for AI Agents: SPF, DKIM, DMARC, and Domain Warming
You've built an agent that sends email. It works in development. Then you deploy to production and discover that half your emails land in spam. The other half bounce.
Deliverability is the unsexy infrastructure problem that determines whether your agent's emails actually reach the inbox. Here's what you need to know.
The Three Authentication Protocols
Modern email authentication rests on three DNS-based protocols. All three need to be configured correctly, or major providers (Gmail, Outlook, Yahoo) will either reject your mail or send it to spam.
SPF (Sender Policy Framework)
SPF tells receiving mail servers which IP addresses are authorized to send email on behalf of your domain. It's a DNS TXT record that lists your allowed senders.
v=spf1 include:_spf.myagentmail.com ~all
This says: "Emails from my domain should come from myagentmail's infrastructure. If they come from anywhere else, treat them as suspicious."
Common mistake: Including too many SPF lookups. The spec limits you to 10 DNS lookups per SPF record. If you're using multiple email services (transactional + agent + marketing), you can hit this limit fast. Consolidate where possible.
DKIM (DomainKeys Identified Mail)
DKIM adds a cryptographic signature to every outgoing email. The receiving server checks this signature against a public key published in your DNS. If the signature is valid, the server knows the email wasn't tampered with in transit and actually came from an authorized sender.
myagentmail._domainkey.yourdomain.com CNAME myagentmail._domainkey.myagentmail.com
DKIM is non-negotiable. Without it, Gmail will almost certainly flag your mail as spam regardless of content.
DMARC (Domain-based Message Authentication, Reporting & Conformance)
DMARC ties SPF and DKIM together and tells receiving servers what to do when authentication fails. It also enables reporting — you get XML reports showing who's sending email from your domain and whether it's passing authentication.
v=DMARC1; p=quarantine; rua=mailto:dmarc@yourdomain.com; pct=100
Start with p=none (monitoring only), move to p=quarantine once you're confident in your setup, and eventually move to p=reject for maximum protection.
Recommended progression:
- Week 1-2:
p=none— collect reports, identify issues - Week 3-4:
p=quarantine— suspicious mail goes to spam - Month 2+:
p=reject— unauthenticated mail is blocked entirely
Domain Warming
A brand new domain has no sender reputation. Email providers treat unknown senders with suspicion. Domain warming is the process of gradually building that reputation.
The Warming Schedule
Here's a practical warming schedule for an agent domain:
| Day | Emails per day | Target |
|---|---|---|
| 1-3 | 5-10 | Known contacts who will open and reply |
| 4-7 | 15-25 | Engaged recipients likely to interact |
| 8-14 | 30-50 | Broader audience, still targeted |
| 15-21 | 50-100 | Normal operational volume |
| 22-30 | 100-200 | Scale toward target volume |
| 30+ | Target volume | Full operation |
The key metric during warming isn't send volume — it's engagement. Opens, replies, and "not spam" actions all build positive reputation. Bounces, spam reports, and ignored emails damage it.
Tips for Faster Warming
- Start with people who will reply. Internal team members, existing contacts, anyone who will open and engage with the email. Replies are the strongest positive signal.
- Keep content short and personal. Long, templated emails look like marketing. Short, conversational emails look like real communication — which is exactly what agents should be sending anyway.
- Avoid links in early emails. Links increase spam scoring. During the first week, send plain text with no URLs.
- Don't use a brand new domain. If possible, use a domain that's been registered for at least 30 days before you start sending. Age alone doesn't build reputation, but very new domains are flagged.
Why Agent Email Has a Deliverability Advantage
Here's the counterintuitive insight: email sent by well-built AI agents can have better deliverability than traditional marketing email.
Marketing email patterns (bad for deliverability):
- Blasted to large lists
- Heavy HTML with images and tracking pixels
- Low reply rates
- High unsubscribe rates
- Identical content to thousands of recipients
Agent email patterns (good for deliverability):
- Sent one-to-one
- Plain text or minimal formatting
- Personalized content per recipient
- Expects and receives replies
- Natural conversation threading
Email providers' spam filters are optimized to catch marketing blasts. An agent sending a personalized, plain-text email to a specific person and receiving a reply looks exactly like legitimate human communication — because functionally, it is.
Common Pitfalls
Pitfall 1: Sending from a Shared Domain
If you're using a shared domain (like the default @myagentmail.com addresses), your deliverability is tied to every other sender on that domain. One bad actor can tank the domain's reputation. For production workloads, always use a custom domain.
Pitfall 2: No Reverse DNS (PTR Record)
If you're running your own mail infrastructure, make sure your sending IP has a valid PTR record that resolves back to your domain. This is handled automatically by email API providers, but worth verifying.
Pitfall 3: Missing Unsubscribe Headers
If your agent sends anything that could be considered commercial (outreach, newsletters, marketing), include List-Unsubscribe headers. Gmail and Yahoo now require them for bulk senders.
curl -X POST https://myagentmail.com/v1/inboxes/{inbox_id}/messages \
-H "X-API-Key: your-api-key" \
-H "Content-Type: application/json" \
-d '{
"to": "recipient@example.com",
"subject": "Quick question",
"text": "Hi — saw your post about scaling ML pipelines...",
"headers": {
"List-Unsubscribe": "<mailto:unsubscribe@yourdomain.com>"
}
}'
Pitfall 4: Ignoring Bounces
Hard bounces (invalid addresses) damage your reputation fast. Your agent should track bounces and never retry a hard-bounced address. myagentmail surfaces bounce events through the API and WebSocket, so your agent can react immediately.
Monitoring Deliverability
Set up DMARC reporting from day one. Tools like dmarcian or Postmark's DMARC tool parse the XML reports into readable dashboards.
Watch these metrics:
- Bounce rate: Should stay below 2%. Above 5% is a red flag.
- Spam complaint rate: Should stay below 0.1%. Gmail's threshold is 0.3% — above that and you'll see deliverability problems.
- DMARC pass rate: Should be 100% for mail you're sending. Anything less means misconfiguration.
Deliverability isn't a set-and-forget problem. It's an ongoing practice. But the payoff is clear: an agent whose emails consistently reach the inbox is dramatically more effective than one whose messages disappear into spam folders.