• Features
  • Pricing
  • Migration
  • Integrations
  • Resources

The new email deliverability rules: Jimmy Kim interview

Quick sign up | No credit card required

Drive sales on autopilot with ecommerce-focused features

See Features

Email deliverability is no longer only about avoiding the spam folder. AI-generated inbox summaries, stricter authentication requirements, privacy tools, security filters, and changing subscriber behavior now influence whether an email is delivered, understood, and trusted.

To unpack these changes, we spoke with Jimmy Kim about the latest email deliverability challenges facing ecommerce brands. He shares practical advice on designing emails for Apple Intelligence, protecting sender reputation, improving list hygiene, using transactional emails safely, and deciding when a message belongs in email or SMS.

Q&A with Jimmy Kim

On Apple Intelligence and inbox privacy

Q: Let’s talk about the recent iOS updates. Apple Intelligence is really shaking up that first impression in the inbox — those AI-generated summaries are essentially replacing our carefully crafted pre-header text. Since we know these AI models rely heavily on text and often struggle to understand image-heavy designs, what advice do you have for brands? Do they need to rethink their email code — maybe leaning more into semantic HTML — just to make sure the AI actually gets their core message right?

A: Yeah, look, this one’s a wake-up call. For years, the preheader was kind of an afterthought, right? Like, “ehhh, throw something in there.” Now it’s not even yours. Apple’s AI will write it for you.

So here’s what I am recommending to folks who have asked: Take your email, screenshot it, and load it into Google’s Gemini and ask it to give you a summary of that email. 

This is the easiest way to get a good grasp of what it is reading from the image, the words, and context.

That’s what the AI sees too. And it’s going to summarize… nothing. That’s your first impression now.

The fix isn’t complicated. Put real text in the email: semantic HTML, actual headlines, actual paragraphs, a clear CTA. Stop burying your whole value prop inside a hero image. The AI is still learning how to read pixels. It reads text very clearly.

Q: Sticking with Apple for a second — features like ‘Hide My Email’ make it incredibly easy for users to spin up and delete anonymous addresses. Over time, that naturally leads to a creeping risk of hard bounces. We all talk about Google and Yahoo’s strict 0.3% spam complaint limit, but high bounce rates can silently tank a domain’s reputation in the background. In your view, how aggressive do ecommerce brands need to be right now with automating their list hygiene and scrubbing those bouncing addresses?

A: Way more aggressive than they are. And I get why they’re not… they spent money getting those emails; it feels bad to delete them. But a dead email isn’t an asset. It’s a liability.

Remember, Hide My Email runs on the iCloud servers, not Google or Yahoo, so this is an independent stream of email, and it’s important to look at the breakdown by TLD (top-level domain)

Try this. Pull everyone who hasn’t opened in 90 days. For most brands, that’s like 30–40% of the file. Now look at the bounce rate from that group versus your active openers. It’s not close. You’re literally paying to send to people who will never see it, and the mailbox providers are watching the whole time.

Everyone freaks out about the 0.3% spam threshold. Fair. But bounces are the silent killer. Nobody sends you an email saying “hey, we throttled you.” You just watch revenue drop and go “what’s happening?”

So sunset flow at 60 days, hard suppression at 120, run a verification tool every quarter. Done. The brands with the cleanest lists land in the inbox — every single time.

On the value of transactional emails

Q: You’ve mentioned before that marketers often leave serious money on the table by ignoring transactional emails. But here’s the technical dilemma: deliverability best practices usually recommend separating transactional and promotional emails into completely different subdomains to protect our reputation. How do you handle this architecture? Does the sky-high engagement of transactional emails actually help the overall root domain, or is it better to keep them totally isolated?

A: Separate subdomains, same root domain. That’s it. That’s the answer for almost everybody and has been for years. 

Think about it. Transactional emails open at 70, 80%. Promotional at 25 if you’re crushing it. If you completely isolate transactional onto some different root domain, you’re wasting all that engagement signal. Inbox providers see those opens and go “oh, people love this sender.” That halo helps your promotional too — same root, different subdomain.

What you don’t want is everything on one main sending domain, especially your root email. That’s where you get in trouble. Shipping notifications and Black Friday blasts sending from the same place? No. Split them. send.brand.com for marketing, notify.brand.com for transactional, both under brand.com. Easy.

Q: Say an ecommerce brand wants to start adding some revenue-generating elements into a standard order confirmation email. How can they do that safely without crossing the line? How do you balance making sales while still passing the ‘primary purpose’ test so the email doesn’t get flagged as just another promotional blast?

A: Okay, so the rule is simple… the primary purpose has to be the receipt still. Order number, what they bought, when it’s shipping. That’s the email. Everything else is dessert.

But you’ve got real estate down there nobody’s using. After the order details, drop in a “you might also like” based on what they just bought. Or a “join our text list for shipping updates,” which is also a list-building play, by the way. Or a referral code.

What you don’t do is slap a 20% off banner at the top with “BIGGEST SALE EVER.” Now it’s a promotional email wearing a receipt costume. Filters catch that. Customers catch that. Don’t do it.

Receipt first, soft cross-sell second. That’s the whole game.

Looking ahead: DKIM2 and zero-trust security

Q: Looking a bit into the future, the industry is keeping an eye on the DKIM2 draft at the IETF. It addresses long-standing issues by adding a ‘chain of custody’ for forwarded emails and stronger defenses against replay attacks. We know it’s still just a draft and not a mature standard yet, but from a strategic standpoint, how do you see this eventually changing the way ecommerce brands protect their sender reputation?

A: Honestly? Most brands shouldn’t be thinking about it yet. It’s a draft. It’ll be a draft for a while. By the time it actually matters, your ESP will handle the implementation for you, same as DMARC, same as BIMI.

But the direction it’s pointing is what’s interesting. Email is moving toward “prove who You’re at every step.” Forwarded mail used to break authentication, and nobody could do much about it. DKIM2 is trying to fix that with a chain of custody.

The takeaway for brands right now is: get your fundamentals locked in. SPF, DKIM, DMARC at enforcement, not p=none, actual quarantine or reject. If those are solid, you’ll just inherit the benefits when the next standard ships. If they’re not, no future protocol will save you.

Q: We’re also seeing Zero-Trust architecture popping up more and more in email security, where systems are aggressively scanning third-party redirects and attachments. This puts marketers in a tough spot. How can brands still collect the attribution and click data they need without accidentally tripping these paranoid security filters and landing in the spam folder?

A: Yeah, this one is getting real. The redirect-through-a-tracking-domain trick that worked for 10 years is starting to look sketchy to many of these scanners.

Couple things. One: use a branded tracking domain. Not bs.sendgrid.net or whatever. links.yourbrand.com. Filters are way more forgiving when the redirect chain stays inside your brand.

Two. Stop tracking everything. You don’t need a click event on the unsubscribe link. You don’t need it on the footer social icons. Every tracked link is a redirect; every redirect is a chance to get flagged. Track what matters – the main CTA and let the rest go.

And three. First-party data is the future anyway. Build flows that get people to your site, identify them there, and stop trying to attribute every single click inside the email itself. That war is kind of already lost.

The metrics that matter and the Promotions tab

Q: Let’s talk about metrics. When you look at the Yahoo Sender Hub Insights, there’s a really interesting detail: they calculate the spam complaint rate based only on emails that actually reach the inbox. So, a brand could be looking at a deceptively low complaint rate while hiding the fact that half their emails never even got delivered. When you audit a brand’s deliverability, what other ‘hidden’ red flags or nuanced metrics are you looking for?

A: First thing I look at? Open rate by domain. Not overall. By domain. Gmail, Yahoo, Apple, Outlook separately. If you’re at 35% on Apple and 12% on Gmail, you don’t have an open rate problem. You have a Gmail problem. That’s a totally different fix.

The Yahoo thing you mentioned is huge. They calculate complaints only on delivered mail. So a brand can look at their dashboard, see a 0.1% complaint rate, feel great about themselves, and meanwhile half their stuff isn’t even getting delivered. The complaint rate looks clean because the worst inboxes never saw it.

Other stuff I dig into: inbox placement testing with a tool like GlockApps or similar, time-to-open distribution are people opening within an hour or three days later because it landed in spam and they fished it out and reply rates. Replies are the strongest positive signal you can send to a mailbox provider. Brands that get replies rarely have deliverability issues.

Oh, and look at engagement decay across send frequency. If you went from 3 sends a week to 5, and your revenue per send dropped 40%, you’re not making more money. You’re burning the list and the data’s right there.

Q: We want to get your take on the endless panic over the Gmail Promotions tab. We know that a large share of users — around 41% — specifically check their email for brand discounts. Instead of fighting tooth and nail to get into the Primary inbox, some experts say we should just try to dominate the Promotions tab using things like Gmail Annotations and verified BIMI logos. But getting those set up requires strict DMARC enforcement and careful navigation of quality filters. In your experience, is the ROI of leaning into the Promotions tab worth jumping through those technical hoops?

A: For most brands? Yes. And here’s why nobody wants to admit it.

People keep treating Promotions like the worst thing. It’s not. It’s the mall. 41% of users go there on purpose looking for deals. That’s your audience. They opted in for deals; they’re checking the deals tab… let them find you there.

Now, the hoops. DMARC at enforcement, BIMI with a verified mark certificate, Gmail Annotations set up properly. That’s a couple weeks of work and maybe $1,500 for the VMC. For a brand doing real volume, that pays back the first time you run a promo with a verified logo and your CTR jumps.

Where I’d push back on Primary tab people. If you’re sending discount codes and you somehow muscle into Primary, Gmail’s algorithm is going to figure that out and demote you anyway. You can’t outsmart it long term. Just go where your audience is shopping and make your tile look great.

Omnichannel strategy: Email vs. SMS

Q: Finally, let’s touch on SMS. You’ve made a great point before that SMS is a totally different beast — it shouldn’t just be used for mass broadcasts the way we use email. When you’re looking at a customer’s journey, how do you draw the line? How do you decide which events warrant an email versus an instant SMS so that the two channels actually improve ROI rather than just cannibalize each other?

A: Easiest way to think about it: email is for story, SMS is for “now.”

If the message can wait until tomorrow morning, it’s an email. New collection drop, a how-to product education series, a founder note, a sale starting in two days, all email. You’ve got room to breathe, you’ve got room to design, people are going to read it when they read it.

SMS is for the moment. Cart left open right now. Back in stock on the thing they actually wanted. Sale ends in two hours. Shipping just hit a delay. Stuff where if they see it five hours later it doesn’t matter anymore.

Cannibalization occurs when brands use SMS as a second email channel. They blast the same Tuesday newsletter to SMS and wonder why unsubscribes are spiking. Because you’re in their pocket, that’s a different kind of permission. Respect it.

The way I’d lay it out. Email is your relationship channel, frequency is fine, build the story over time. SMS is your urgency channel: low-frequency, high-trigger moments only. Do that, and the two don’t compete; they compound. Email warms them up, SMS closes them.

And conversational SMS. Actual back and forth where someone replies and gets a real answer — that’s a whole other tier.

Vytautas Palubeckas
Article by

Vytautas is a Content Project Manager at Omnisend. An old soul in a strange body, trying to decipher the meaning behind the cryptic messages the unknown is sending us every minute of the day.


Subscribe and don’t miss any updates!

No fluff, no spam, no corporate filler. Just a friendly letter, twice a month.