Best Practices for Sending Marketing Emails

Quick links:

We strongly recommend following this checklist before sending your first emails with MailPoet:

1. Make sure you have your subscribers' permission to send them emails

Not sure if you have your subscriber's permission to send them emails? The best solution is to simply reconfirm subscribers to your list before sending emails to them. This way, you'll make sure you're sending to people that will be happy to hear from you and will reduce the chances of spam reports.

We also have a complete checklist before importing that we would like you to read carefully.

Do not send to a purchased list or someone else's list. If you purchased an email list, you’re probably getting low open rates and high bounce rates (invalid addresses), which may get your account suspended. Read more about the importance of asking subscribers for consent.

2. List hygiene

When you send emails to invalid emails they  bounce. It means you'll get low open and click rates, and conversion rates, and also will have your reputation as a sender hurt.

The MailPoet Sending Service has automated bounce management, which removes invalid addresses. However, this is not a cleaning service! If you're sending with MailPoet Sending Service, your account may be downgraded and even suspended if our Bounce Management system detects a high number of bounces coming from your lists.

We expect you to have a clean list when importing your subscribers to our plugin. When you have an old list or if you haven't sent any emails to your subscribers in more than 1 year, it is very likely that over 10% of the email addresses no longer exist because people change jobs. These addresses will bounce and your account may be downgraded or even suspended if you're using the MailPoet Sending Service.

To prevent this from happening, we strongly suggest that you clean your subscribers' lists using one of the services below before sending for the first time:

These services will help you detect emails with invalid syntax and/or can’t be accurately validated. By doing this, you'll increase the sender reputation, deliverability and conversion rate of your emails by sending them only to real people. However, they won't find or solve ongoing audience issues, like spam complaints, spam traps, or blacklists. There's no guarantee your list will be 100% clear.

Important: list cleaning services will not remove email addresses that are no longer used, which makes them useful but not entirely reliable.
Also, they won't remove the invalid addresses for you. They'll validate the list, and expect that you remove those addresses in the plugin yourself.

If you already have a MailPoet subscribers list, here's what you'd need to do:

Export all your subscribes and run that list through a  list cleaning service;

Delete all your existing MailPoet subscribers;

Re-import only emails verified as valid by the list cleaning service you have used, back into your MailPoet.

3. Authenticate your domain

SPF, DKIM and DMARC authentication issues can affect your deliverability and prevent some emails from receiving, resulting in low open rates and engagement. 

By setting these DNS records properly, you'll reduce the chances of having your emails marked as spam and increase their deliverability rate.

You can use this tool to check if you already have SPF and DKIM keys and what needs to be improved.

4. Secure your forms

MailPoet implements preventive measures by default to prevent bots from subscribing to MailPoet's forms repeatedly. When multiple signups occur quickly, MailPoet's forms enforce a delay in seconds between each signup using the same IP address. The message " You have to wait xxx seconds before you can sign up again." will be displayed.

The more signups occur, the longer the delay in seconds will be enforced. This option cannot be turned off.

Protect forms with CAPTCHA

Bots tend to attack various online forms, e.g. guessing login credentials, trying to send spam or creating fraudulent accounts and subscriptions, so it is important to ensure your forms are resistant to such attacks. Please take a look at this article on securing the Mailpoet and other 3rd-party forms by adding a CAPTCHA.

WordPress and WooCommerce spam/fake signups

If your website is open to registration, it's common to see bots register fake WordPress users and WooCommerce accounts. Any confirmation and transactional emails will be sent to these fake signups from your website, so protecting your registration from bots is very important.

To avoid fake signups, we strongly recommend adding reCaptcha to the WooCommerce registration form:

If you enable sign-ups in the registration form (MailPoet > Settings > Basics): ensure you have protection set or disable this option.

You should also search and remove fake users from your WordPress Users list:

  1. Check your WordPress users for any suspicious users, possibly with the same email addresses;
  2. Check in your database, with phpMyAdmin, if there are no hidden WordPress users (common hack);
  3. Check in your database, in the table "..._mailpoet_subscribers" if there are any suspicious email addresses.

Read more: 

If you don't know where these fake signups are coming from, please go to  MailPoet Settings > Advanced > Send all site's emails with... and select the "default WordPress sending method" option.


If you enable sign-ups in the comments (MailPoet > Settings > Basics), enable Akismet or similar anti-spam for comments or disable this option.

You can check if you have too many comments on your website marked as Spam. Sometimes spammy comments add blacklisted domains as their names, so the notification emails sent through our servers contain these URLs. Spammy URLs are usually related to making profits, bets, and illegal services.

Check the  WordPress Settings > Discussion if you have selected to send an email to the admin whenever anyone posts a comment and/or a comment is held for moderation:

5. Secure your website

Having a secure site is important, as most online sites these days experience ongoing attack attempts. If your site is breached, it may not be obvious if it happened, and your site may end up being abused, leading to reduced deliverability.

While it is a lengthy guide, the official Hardening WordPress security guide offers the most complete overview of WordPress security. You may not be able to take every precaution but try to cover as many as possible.

You can also set up security products like Jetpack Security, WordFence or Sucuri as all-in-one security solutions for your WordPress site to provide more formidable defence, including active vulnerability and malware scanning.

Make sure to update the site's software. It is crucial to keep your site updated to the latest WordPress, plugin and theme versions available to ensure known vulnerabilities cannot be exploited to breach your site.

Of course, site security is not limited just to WordPress. Consult with your host to ensure your site uses the latest secure PHP, MySQL, and web server versions.

6. Ensure your admin email address for transactional emails is valid

If you chose to send all the emails from your website using the MailPoet's sending method and you're sending your emails with the MailPoet Sending Service, you should be aware that our Anti-Spam banning policy will be applied to all of these emails, as our system will process them.

As it's harder to monitor every email sent from your website and any possible issues they may cause, your reputation may be affected without knowing exactly where the problem is coming from.

You may have enabled notification settings from the MailPoet plugin or any other 3rd-party plugin on your WordPress website, and all of these emails are considered transactional emails. MailPoet allows you to enable "New Subscriber Notifications" and "Stats Notifications", for example. Other plugins, such as WordFence, allows you to set up an email address to receive alert notifications.

It could be that when setting up a plugin for the first time, you or someone else responsible for your website has set up a fake email address (  e.g., or an old email address that is no longer available at the moment, and these notifications are still being sent to these addresses. This means all these emails will bounce back and affect your reputation as a sender.

If you're unsure where to check for these settings, search for "notification email" in your 3rd-party plugin's documentation and check our article on places to search for a specific email address.

7. Add a Postal Address to the Footer of Emails 

We encourage all of our users to insert a postal address in the footer of their newsletter. Spam filters look for this physical address when they evaluate your emails and determine whether they are indeed spam. In Europe and the United States, it is required by law to add your address to any commercial emails. This makes you compliant to the  CAN-SPAM Act.

To add the address, simply drag the Footer widget into your newsletter in the Newsletter editor:

Then, change the default "address" message:

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.