Deliverability & Abuse Detection

How we keep your email landing in inboxes, not spam folders.

The single most important thing an email forwarding service can do is actually deliver your email. Gmail, Outlook, Yahoo and every other mailbox provider decide whether an email lands in the inbox, the spam folder, or nowhere at all — and they judge us on two things: how well we follow the rules, and how clean our traffic is.

Following the rules: SPF, DKIM, DMARC & friends

The first half of deliverability is protocol hygiene. Every email we forward or send follows email authentication best practices:

  • SPF: our sending IPs are properly authorized for the domains we send from.
  • DKIM: messages are cryptographically signed so receiving servers can verify they weren't tampered with.
  • DMARC: we respect sender policies when forwarding, and rewrite envelopes (SRS) so forwarded email doesn't break SPF.
  • ARC: we sign forwarded email with Authenticated Received Chain headers, so receiving servers can trust the original authentication results even after the message passes through us.
  • TLS, FCrDNS, one-click unsubscribe headers and the rest of the ever-growing checklist that Gmail, Outlook and Yahoo expect from bulk senders.

Getting the protocols right is table stakes. Plenty of spammers have perfect SPF and DKIM. Which brings us to the second half.

Clean traffic: the part you can't fake

Mailbox providers track the reputation of every IP address and domain that sends them email. If abusive email flows through our infrastructure — spam forwarded through an alias, phishing sent via our SMTP servers — providers start blocking our IP addresses and our sending domain. When that happens, it's not just the abuser's email that gets blocked. It's everyone's.

One bad actor can hurt deliverability for thousands of honest customers. That's why we take abuse detection extremely seriously.

How we detect abuse

We fight abuse at every layer of the pipeline:

  • SpamAssassin: every email is scored by the battle-tested open source Apache SpamAssassin filter.
  • Public blocklists: all incoming mail is checked against Spamhaus, SpamCop, and other public IP and domain blacklists.
  • Feedback loops: we subscribe to the Microsoft, Google, and Yahoo feedback loops, so when recipients mark a message as spam, we hear about it and act on it.
  • Proprietary detection: we run our own abuse detection algorithms on top, tuned to the patterns we see as an email forwarding provider. We won't spell out exactly how they work — spammers read websites too.

All of this runs continuously 24/7/365. But furthermore, a fully staffed team tackles abuse constantly, watching for changing tactics from spammers and updating our tactics to stay ahead.

We own our IP addresses — literally

Most email services rent IP addresses from a cloud provider and inherit whatever reputation the previous tenant left behind. We went further: we acquired our own block of IPv4 addresses — a significant investment for a single email provider.

Owning our IPs means we fully own our reputation. Nobody else has ever sent from these addresses, nobody else ever will, and every bit of sending history on them is ours. Combined with aggressive abuse detection, this gives us direct, long-term control over the thing that matters most: whether your email gets delivered.

Our commitment

Deliverability is a reputation game, and reputation is earned one clean email at a time. If you spot abuse coming from our infrastructure, see our abuse policy or reach out to me personally at .

Matthew Tse,

ImprovMX owner

Matthew Tse signature