What are email industry standards?

Still have a question, spotted an error, or have a better explanation or a source we should cite?

If you've ever set up SPF, heard someone mention RFCs, or wondered why Gmail suddenly started rejecting your emails, you've bumped into email industry standards. They're the shared rules that keep billions of email systems talking to each other without chaos.

Email standards fall into two broad categories. Some are hard technical protocols that every system has to follow. Others are voluntary guidelines that good senders follow because it's the right thing to do (and because mailbox providers notice when you don't).

The hard technical standards include things like SMTP (the protocol that actually moves messages from server to server), MIME (which lets you send formatted content and attachments), and the authentication trio of SPF, DKIM, and DMARC. These are defined in documents called RFCs (Request for Comments), published by the IETF. They're not optional if you want your email to work.

The voluntary best-practice standards cover things like consent management, complaint handling, list hygiene, and how you handle unsubscribes. Organizations like M3AAWG publish these guidelines. No one forces you to follow them. But ignore them long enough and you'll find yourself on a blocklist wondering what happened.

The practical difference matters. Missing an SPF record is a protocol failure. Emailing people who never opted in is an ethics failure. Both hurt your deliverability, just through different mechanisms.

If you want to go deeper, the next question covers why these standards exist in the first place and what problem they were built to solve.

Contributors

Who worked on this answer

Every name links to their profile. Every company links to their site. Real people, real accountability.

Ask an AI · tailored to your setup

Rank the standards I need to follow

Based on my email program, help me understand which email industry standards I absolutely must follow versus which are best practices I should prioritize. Give me a ranked list covering: (1) hard technical requirements that affect delivery, (2) authentication standards I should have in place, (3) voluntary best practices with the highest impact on deliverability, and (4) common standards failures I might not know I'm making. My program details: [describe your sending volume, email type, and any deliverability issues you're seeing].

Edit the yellow boxes, then send to the AI of your choice.