Deliverability Guardrails

Launch clean. Stay clean.

ForgeSend checks DNS, inbox warmup, list verification, and bounce rates before every campaign launch. If a guardrail fails, the campaign is blocked — not warned. No competitor does this proactively.

Start free trial →See pricing →

See it in action

Campaign PreflightBLOCKED

✓SPF record foundpass

✓DKIM signature configuredpass

✗DMARC policy missingfail

✓Inbox warmed (14 days)pass

✓List verified (96.1%)pass

✗Bounce rate unsafe (8.4%)fail

2 blockers must be resolved before launch

Domain DNS Status

DomainSPFDKIMDMARC

outreach.acmecorp.io

hello.pivotal.dev

send.meridian.co

Checked live before every campaign

How it works

01

Live DNS probing

Before any campaign starts, ForgeSend queries your sending domain's DNS records live. SPF, DKIM, DMARC, and MX are all checked. Results come back in seconds. Missing or misconfigured records become a hard blocker — not an advisory warning.

SPFv=spf1 include:_spf.google.com ~allpass

DKIMselector1._domainkey → foundpass

DMARCNo DMARC policy foundfail

MX10 aspmx.l.google.compass

02

Pre-send guardrail checklist

Six readiness checks run automatically when you attempt to launch a campaign. DNS configured. Inbox warmed. List verified. Bounce rate within safe limits. Domain age sufficient. Reply rate healthy. Every check has a status — PASS, WARNING, or FAIL. The campaign remains BLOCKED until all FAIL items are resolved.

✓DNS configurationpass

✓Inbox warmedpass

!List verifiedwarn

✗Bounce rate safefail

03

Backend launch enforcement

The campaign BLOCKED verdict is enforced server-side, not just in the UI. A POST to /sending/campaigns/:id/start returns 403 if any guardrail check is failing. There is no way to bypass the checklist by calling the API directly — the backend evaluates the preflight independently before starting the scheduler.

POST /sending/campaigns/start

HTTP 403 Forbidden

{ "error": "Campaign is BLOCKED. Resolve all failing guardrail checks." }

04

Inbox health monitoring

ForgeSend tracks send failures per inbox in real time. If the recent failure rate spikes above the safe threshold, the inbox is automatically flagged as ERROR and removed from the rotation. Pending send jobs for that inbox are skipped. The scheduler checks this before dispatching every batch.

[email protected]ACTIVE

[email protected]ERROR

[email protected]ACTIVE

outreach-02 auto-paused after 3 failures

DNS checks per domain

MX, SPF, DKIM, DMARC — every time

Guardrail checks before launch

DNS, warmup, verification, bounce rate, and more

Campaigns launched with blockers

Backend enforcement, not just a UI warning

Common questions

Which DNS records does ForgeSend check?

SPF, DKIM, DMARC, and MX. All four are checked live against DNS on every preflight request. Results are not cached — you always see the current state of your domain.

What happens when a campaign is BLOCKED?

The campaign cannot be started. The backend returns 403. The UI surfaces the specific failing checks with suggested fix actions. Once all failing checks are resolved, the campaign moves to READY and can be launched.

Can I override a BLOCKED verdict?

No. The enforcement is backend-side. There is no bypass flag or override mechanism. This is intentional — the guardrail exists to prevent domain burns, not to provide a warning you can click past.

What triggers an inbox to be auto-paused?

If recent send failures for an inbox exceed the configured threshold (default: 3 failures in the last 10 sends), the inbox status is set to ERROR and removed from the rotation automatically.

Does deliverability checking work for all inbox types?

DNS checks run against the sending domain for all inbox types — Gmail OAuth, Microsoft OAuth, and SMTP/IMAP. Inbox warmup and health checks apply per-inbox regardless of provider.

Related features

Stop burning domains. Start clean.

Pre-send guardrails. Live DNS checks. Backend enforcement. All included.

Start free trial →Explore all features →