✦ Deliverability

    How we keep your emails out of spam.

    Sending well is mostly about not sending stupidly. Here's the warm-up schedule, throttling, bounce handling, and the compliance backbone (GDPR, CAN-SPAM, CASL) we run on every mailbox by default — no toggles required.

    01 — Warm-up

    Warm-up schedule

    New mailboxes start with a low daily cap and ramp gradually as engagement signals accumulate. We progress to the next stage automatically only if bounce rate stays under 2% and no spam complaints land in the prior window.

    StageDaily capCondition
    Week 120/dayEstablish baseline. Real recipients only.
    Week 250/dayRamp if bounce rate < 2% and no spam complaints.
    Week 3100/dayEngagement signals (opens, replies) start to compound.
    Week 4+200/daySteady-state. Raise per-mailbox cap manually if reputation holds.

    You can plug in third-party warm-up tools (Mailwarm, Lemwarm, Warmbox) at any stage — we don't lock you in. Custom SMTP servers follow the same schedule by default.

    02 — Throttling

    Four layers between you and a burnt mailbox

    Every send passes through four checks. Any one of them can pause delivery without operator intervention.

    Recipient

    queued

    Daily cap

    check

    Send window

    check

    Health gate

    check

    Send

    with jitter

    Per-mailbox daily cap

    Hard ceiling per connected inbox. Default 50/day on new mailboxes, ramps with warm-up.

    Send window

    Configurable per campaign — e.g. 9am–5pm in the recipient's timezone, weekdays only.

    Randomized delay

    30–180 second jitter between each send within a window so bursts don't look automated.

    Health-based pause

    Mailbox auto-pauses if SMTP health check fails or bounce rate spikes above 5%.

    03 — Bounces & suppression

    Bounce handling

    Every send is logged. When a recipient bounces, complains, or unsubscribes, we update the suppression list immediately so the same mistake never repeats — on this campaign or any future one from your account.

    Hard bounce

    Address doesn't exist or domain rejects permanently.

    Recipient added to suppression list. Never retried, on any campaign.

    Soft bounce

    Mailbox full, server temporarily unavailable, greylisting.

    Retried up to 3 times with exponential backoff (1h → 6h → 24h).

    Spam complaint

    Recipient marked the email as spam.

    Recipient suppressed immediately. Domain-level alert if rate exceeds 0.1%.

    Unsubscribe

    Recipient clicked the unsubscribe link or replied STOP.

    Recipient suppressed across all your campaigns. Logged for compliance.

    04 — Compliance

    Built compliant, by jurisdiction

    Cold email is legal in most of the world — if you do it right. EmailSneak bakes the requirements of the three major regimes (GDPR, CAN-SPAM, CASL) directly into the product so you don't have to remember which clause applies to which recipient.

    RegimeApplies toCore requirement
    GDPREU / UK recipientsLawful basis (legitimate interest), Article 14 disclosure, easy opt-out
    CAN-SPAMUS recipientsTruthful header + subject, physical address, working unsubscribe in 10 days
    CASLCanadian recipientsImplied or express consent, sender ID, unsubscribe honored in 10 days

    EU / UK — GDPR

    GDPR-aligned by default

    The GDPR doesn't ban cold email — Recital 47 explicitly recognises direct marketing as a possible legitimate interest. What it requires is transparency, proportionality, and a way out. EmailSneak's default behaviour maps to each obligation:

    • Lawful basis. Legitimate interest under Article 6(1)(f) — only B2B, only for relevant business propositions, never to consumer (B2C) addresses.
    • Article 14 disclosure. Every contact stores the public source URL we found it at, so first-touch emails can disclose where the data came from in the footer.
    • Right to object. One-click unsubscribe in every send. Click is honoured instantly across all your campaigns and stored in a domain-wide suppression list.
    • Right to erasure. Email a request to support and we delete the contact and its history within 30 days, per Article 17.
    • Data minimisation. We only collect business-relevant fields (name, role, company, public email). No private DMs, no scraped logged-in sessions, no special-category data.

    Reference: GDPR Recital 47, Article 14, Article 21.

    US — CAN-SPAM Act

    CAN-SPAM compliant out of the box

    Unlike GDPR, CAN-SPAM is opt-out, not opt-in — but it's strict about how that opt-out works, and the FTC has fined senders up to $51,744 per non-compliant message. EmailSneak enforces all seven requirements at the send layer:

    • No false or misleading headers. From, To, Reply-To, and routing info match the connected mailbox — we never spoof.
    • No deceptive subject lines. Subject must reflect the message body. Our subject-line generator flags clickbait patterns.
    • Identify the message as an ad. Optional ad disclosure footer for purely promotional sequences (toggle per campaign).
    • Tell recipients where you're located. Every send includes a valid physical postal address, pulled from your account profile.
    • Tell recipients how to opt out. One-click unsubscribe link in every email — clear, conspicuous, no login required.
    • Honor opt-outs promptly. Unsubscribes are processed instantly — well inside the 10-business-day FTC requirement.
    • Monitor what others do on your behalf. If you're a marketer sending for a client, you're jointly liable. Add the client as a team member so the audit log is shared.

    Reference: FTC CAN-SPAM Compliance Guide.

    Canada — CASL

    CASL — the strictest of the three

    Canada's Anti-Spam Legislation is the toughest regime that touches our users — it requires some form of consent (express or implied) before you send commercial electronic messages. EmailSneak is built so a normal B2B cold email flow can stay inside the implied-consent lane:

    • Implied consent — published business addresses. CASL allows messages to a business email that has been conspicuously published with no statement against unsolicited messages. Our discovery only surfaces those addresses, and we log the source URL for proof.
    • Implied consent — relevant business proposition. The message must relate to the recipient's role or business. EmailSneak's targeting (role + industry filters) keeps your sequences inside this scope.
    • Sender identification. Every message includes the sender's name, business name, and contact info — pulled from your account profile and rendered in the footer.
    • Unsubscribe mechanism. Functional unsubscribe link readily available, valid for at least 60 days. Honoured within 10 business days as CASL requires.
    • No purchased lists. Buying lists is the fastest way to break CASL. We don't import them and we won't help you.

    Reference: CRTC — Canada's Anti-Spam Legislation.

    Not legal advice. This page describes how EmailSneak is built. Your specific compliance posture depends on your jurisdiction, recipients, and use case — when in doubt, talk to a lawyer in your region.

    What we don't do for you

    Deliverability isn't all software. A few things are still on you:

    • SPF, DKIM, DMARC. We surface warnings if any are missing, but you set them at your domain registrar.
    • Writing emails people want. The best throttling in the world won't save copy nobody opens.
    • List hygiene. We verify addresses for free, but if you import a 5-year-old purchased list, you'll burn the mailbox no matter what we do.

    See it running on your own inbox.

    Connect a mailbox, send your first sequence, and watch the health dashboard.