Your SaaS team spends weeks crafting the perfect onboarding sequence, the ideal win-back campaign, that one re-engagement email everyone fought over in Slack. Then it lands in spam. Open rates crater from 40% to 12%, and nobody can figure out why. The uncomfortable truth is that most deliverability problems are self-inflicted—not by a single catastrophic mistake, but by a pile of small operational habits that silently erode sender reputation over weeks or months. This article breaks down the specific decisions, overlooked configurations, and volume patterns that push SaaS emails into the junk folder. You'll learn which actions most teams take without thinking that mailbox providers treat as red flags, and what to change before your domain reputation becomes expensive to repair.
Mixing Transactional and Marketing Emails on the Same Sending Domain
Most early-stage SaaS teams send everything—password resets, billing receipts, product updates, and promotional campaigns—through a single domain. This feels efficient until a marketing blast with a 2% spam complaint rate poisons the reputation of the same IP and domain that carries your login links and invoice confirmations. Mailbox providers like Gmail and Outlook assign reputation at the domain level first, then the IP. Once your domain reputation drops, even your most critical transactional emails start landing in spam or getting throttled.
The fix is domain separation. Use your primary domain (e.g., yourapp.com) exclusively for transactional email and a dedicated subdomain (e.g., mail.yourapp.com or go.yourapp.com) for marketing sends. This isolates reputation so a poorly performing campaign can't take down your password reset flow overnight.
Micro-example: A B2B SaaS running a re-engagement campaign to 50,000 dormant users saw their Stripe invoice emails start bouncing two days later—all because both email types shared the same sending domain and the re-engagement list had a 4% complaint rate.
Decision rule: Before sending any bulk email, verify that your marketing and transactional streams use separate subdomains with independent DNS authentication records.
Neglecting List Hygiene Until Bounce Rates Become a Crisis
SaaS teams love watching their subscriber list grow. What they rarely do is prune it. Every email address that hard bounces, every inbox that's been abandoned, every role-based address (info@, support@) that marks your message as spam—these degrade your sender score incrementally. By the time your bounce rate crosses 3%, you've already trained mailbox providers to distrust your domain. The damage compounds with every send.
Healthy lists require ongoing maintenance, not annual cleanup. Run a verification pass on your entire list at least quarterly using a service like ZeroBounce or NeverBounce. Remove hard bounces immediately after the first occurrence. Sunset subscribers who haven't opened or clicked in 90 days by moving them to a re-permission flow rather than continuing to mail them at full cadence.
Micro-example: A project management SaaS grew its newsletter to 120,000 subscribers over two years without a single hygiene pass. After their open rate dropped from 34% to 11%, a full verification revealed 28,000 invalid addresses—nearly a quarter of the list was actively hurting deliverability.
Decision rule: If your bounce rate exceeds 2% on any single campaign, pause further sends to that segment and verify the affected addresses before continuing.
Skipping or Misconfiguring Email Authentication (SPF, DKIM, DMARC)
SPF, DKIM, and DMARC are not optional technical niceties—they're the baseline signals mailbox providers use to determine whether you're a legitimate sender or a phishing operation. Yet a surprising number of SaaS teams either skip these records entirely, copy-paste outdated SPF entries from a tutorial written three years ago, or set their DMARC policy to "none" and never revisit it.
A misconfigured SPF record is particularly dangerous. SPF has a hard limit of 10 DNS lookups. Every email service you authorize (your ESP, your CRM, your support desk, your billing platform) adds lookups. Exceed 10, and the SPF check fails silently—mailbox providers see an invalid record and treat your email with suspicion. Meanwhile, a DMARC policy set to "none" means you've told providers to deliver everything, even messages that fail authentication, which defeats the entire purpose.
Micro-example: A SaaS team using HubSpot, Intercom, Stripe, and Zendesk collectively triggered 14 SPF DNS lookups. Their SPF record was technically "too long," and every email sent through their marketing platform failed SPF validation for six weeks before anyone noticed the deliverability dip.
Decision rule: Audit your SPF lookup count after every new tool integration. Move to a DMARC policy of "quarantine" or "reject" once you've confirmed legitimate traffic passes authentication consistently.
Building Onboarding Sequences That Train Spam Filters
SaaS teams love aggressive onboarding flows: a welcome email, a tips email, a feature highlight, a case study, a check-in, a survey—all within the first seven days. The problem isn't the content. It's the volume pattern. Sending five or six emails to a brand-new subscriber within a week, especially when most recipients haven't opened the first one, signals to mailbox providers that you're blasting contacts who didn't ask for this frequency.
Google's sender requirements (enforced since February 2024) explicitly monitor spam complaint rates per sender. If more than 0.3% of your recipients mark a message as spam, your domain reputation takes a hit. Aggressive onboarding sequences are the fastest way to hit that threshold because new users often don't remember signing up, especially if they were part of a team invite or a free trial that auto-enrolled them.
Micro-example: A developer tools SaaS sent a six-email onboarding series over five days. Their spam complaint rate hit 0.5% on email number three—the "did you try this feature yet?" message. Gmail began throttling all subsequent sends from that domain within 48 hours.
Decision rule: Cap your first-week emails at two to three messages. Trigger subsequent emails based on behavioral signals (login, feature usage) rather than time-based intervals alone.
Ignoring Sender Reputation Signals Until It's Too Late
Sender reputation is not a mystery metric. Tools like Google Postmaster Tools, Microsoft SNDS, and Sender Score give you direct visibility into how mailbox providers perceive your domain and IP. Yet most SaaS teams never check these dashboards until deliverability has already collapsed. By then, recovery takes weeks—sometimes months—of careful sending at reduced volume to rebuilt trust.
The warning signs appear early: a gradual drop in inbox placement rates, an uptick in "landed in spam" feedback from users, increasing soft bounces from major providers, or a rising spam complaint rate that nobody's monitoring. These signals show up weeks before a catastrophic deliverability failure, but only if someone is actually looking.
Micro-example: A SaaS company's monthly newsletter had a spam complaint rate that crept from 0.1% to 0.4% over three months. Nobody noticed because absolute open rates remained stable—they were only seeing opens from recipients whose providers still trusted the domain. The fourth month, Gmail routed 60% of the newsletter to spam, and open rates halved overnight.
Decision rule: Check Google Postmaster Tools weekly. Set an internal alert for any spam complaint rate above 0.2% and investigate immediately rather than waiting for the next campaign cycle.
Conclusion
Email deliverability doesn't collapse from one bad send. It degrades through a dozen small habits that SaaS teams adopt early and never revisit: a single domain for every email type, a growing list nobody cleans, authentication records set once and forgotten, onboarding sequences designed for engagement without considering filter tolerance, and reputation dashboards that nobody monitors. Each of these is individually easy to fix. The cost of ignoring them is a domain reputation that takes months to rebuild and a gap in your transactional and marketing communication that directly impacts revenue. Start with the audit—check your DNS records, separate your sending domains, and open Google Postmaster Tools today. The data is already there telling you what's coming.