Summary
After changing NS records and delegating from SFMC to AWS, low email deliverability stems from a combination of factors: DNS propagation delays, misconfigured email authentication (SPF, DKIM, DMARC), poor IP reputation of AWS sending servers, strict DMARC policies, spam triggers in content, low engagement, blocklisting, and needing to rebuild sender reputation. Experts and documentation emphasize checking bounce messages, verifying DNS records with tools like MXToolbox, warming up IPs, ensuring correct SPF/DKIM/DMARC setup, and reviewing content for spam triggers, while marketers advise monitoring feedback loops, engagement metrics, and blocklists.
Key findings
- DNS Propagation: DNS record changes, including NS, can take up to 48 hours to propagate, causing inconsistent deliverability.
- Authentication Errors: Incorrect SPF, DKIM, or DMARC configurations after NS changes are common causes of low deliverability.
- IP Reputation: AWS sending server IP's reputation, especially for shared IPs, significantly impacts deliverability.
- DMARC Policies: Overly strict DMARC policies combined with authentication errors can lead to rejected emails.
- Spam Triggers: Email content containing spam triggers (words, HTML coding) negatively affects deliverability.
- Engagement Rates: Low engagement (opens, clicks) worsens sender reputation and deliverability.
- Blocklisting Issues: Domains or IPs may be mistakenly added to blocklists post-NS change.
- Sender Reputation Rebuild: A new sending infrastructure (AWS) requires rebuilding sender reputation.
- Bounce Message Analysis: Analyzing bounce messages is vital for troubleshooting specific delivery issues.
Key considerations
- Verify DNS: Use tools like MXToolbox or Whatsmydns.net to verify SPF, DKIM, DMARC and other DNS records have correctly propagated.
- IP Warmup: Gradually increase sending volume to warm up the AWS sending IP.
- Authentication Check: Ensure SPF includes AWS servers, DKIM is properly configured, and DMARC policy is appropriate.
- Content Review: Review email content for spam triggers and improve HTML coding.
- Engagement Boost: Improve email content, segmentation, and sending frequency to increase engagement.
- Blocklist Monitoring: Check if the domain or IP is on any blocklists and take delisting actions if necessary.
- Feedback Loops: Set up feedback loops with ISPs to receive spam complaints.
- TTL Management: Consider lowering TTL before making DNS changes to speed up propagation.
- SFMC DNS verification: Ensure all DNS records related to SFMC Sender Authentication Package are correctly configured.
What email marketers say
9 marketer opinions
After changing NS records and delegating from SFMC to AWS, email deliverability can be negatively impacted due to several factors. Key issues include DNS propagation delays and misconfigurations (SPF, DKIM, DMARC), poor IP reputation of the AWS sending server, strict DMARC policies, spam triggers in email content, low engagement rates, blocklisting, and the need to rebuild sender reputation on the new infrastructure. Troubleshooting involves verifying DNS records, warming up the IP, adjusting DMARC policies, improving email content and engagement, monitoring blocklists, setting up feedback loops, and ensuring proper email authentication.
Key opinions
- DNS Configuration: Incorrect or incomplete DNS records (SPF, DKIM, DMARC) after NS changes are a primary cause of deliverability issues.
- IP Reputation: The AWS sending IP's reputation can significantly impact deliverability, especially if it's a shared IP.
- Email Authentication: Ensuring proper email authentication (SPF, DKIM, DMARC) is crucial for establishing trust with recipient servers.
- Content Issues: Spam triggers in email content (words, HTML, image ratio) can negatively affect deliverability.
- Engagement Rates: Low engagement rates (opens, clicks) can signal poor sender reputation and reduce deliverability.
- Blocklisting: Domain or IP may be mistakenly added to email blocklists after NS changes.
- Sender Reputation Rebuild: Switching to a new infrastructure requires rebuilding sender reputation from the ground up.
Key considerations
- Verify DNS Records: Use tools like MXToolbox or Whatsmydns.net to confirm correct propagation of all DNS records (A, MX, SPF, DKIM, DMARC) to the new AWS name servers.
- IP Warmup: Gradually increase sending volume to warm up the AWS IP address and establish a positive sending reputation.
- DMARC Policy Review: Assess DMARC policy (p=reject, p=quarantine) to ensure it is not overly strict and causing email rejections due to misconfigured SPF/DKIM.
- Content Optimization: Review email content for spam triggers, optimize HTML code, and maintain a balanced image-to-text ratio.
- Engagement Improvement: Improve email content, segmentation, and sending frequency to boost engagement rates (opens, clicks).
- Blocklist Monitoring: Check blocklist status and take steps to delist domain or IP if necessary.
- Feedback Loops Setup: Set up feedback loops (FBLs) with major ISPs (Gmail, Yahoo, etc.) to receive spam complaints and address deliverability issues proactively.
- Email Authentication Implementation: Ensure SPF, DKIM, and DMARC are correctly configured and validated post-migration.
Marketer view
Email marketer from Reddit shares that using online tools like MXToolbox or Whatsmydns.net to verify that all DNS records (A, MX, SPF, DKIM, DMARC) have been correctly propagated to the new AWS name servers is essential. Inconsistent or missing records can cause deliverability issues.
12 Apr 2023 - Reddit
Marketer view
Email marketer from Stack Overflow explains that low engagement rates (opens, clicks) can negatively impact sender reputation and deliverability. Improving email content, segmentation, and sending frequency can help increase engagement and improve deliverability. Segment lists and remove unengaged users.
9 Apr 2022 - Stack Overflow
What the experts say
6 expert opinions
After changing NS records and delegating from SFMC to AWS, low email deliverability is often linked to DNS configuration issues, particularly with DKIM. Experts recommend examining bounce messages for clues, ensuring DKIM is correctly configured (and fixing it if broken), and verifying that all DNS records related to the SFMC Sender Authentication Package are accurately transferred. The sending IP's reputation and general DNS record accuracy (including SPF) are also crucial considerations.
Key opinions
- DKIM Issue: A broken or incomplete DKIM record is a common problem after NS changes.
- DNS Record Errors: Missing or incorrectly transferred DNS records, especially those related to SFMC Sender Authentication Package, cause deliverability problems.
- Bounce Messages Importance: Analyzing bounce messages is critical for diagnosing the root cause of delivery failures.
- IP Reputation: The sending IP address reputation influences deliverability.
Key considerations
- Check Bounce Messages: Review bounce messages to identify specific issues affecting delivery.
- Fix DKIM: Prioritize fixing the DKIM record to meet Yahoo standards and ensure proper email authentication.
- Verify All DNS Records: Confirm all SFMC Sender Authentication Package-related DNS records are correctly transferred and configured, not only DKIM.
- Monitor Sending IP: Consider the sending IP and its reputation as a factor affecting deliverability.
Expert view
Expert from Email Geeks suggests that after fixing the DKIM issue, if delivery problems persist, to keep looking for other DNS records that may have been missed during the NS change.
4 Sep 2023 - Email Geeks
Expert view
Expert from Word to the Wise explains that issues after DNS changes are very common. She discusses that the main thing to look at is the DNS records themselves. Ensure all the records were transferred correctly, especially SPF and DKIM. Also consider checking the reputation of your sending IP address.
3 Oct 2023 - Word to the Wise
What the documentation says
5 technical articles
After changing NS records and delegating from SFMC to AWS, low email deliverability is frequently attributed to DNS propagation delays and misconfiguration of email authentication records. Documentation emphasizes the importance of allowing sufficient time for DNS changes to propagate, updating SPF records to authorize AWS sending servers, properly configuring DKIM on the new AWS DNS server, and verifying domain identity within AWS SES. Also, TTL values influence DNS record caching and propagation speed.
Key findings
- DNS Propagation Delays: Changes to NS records can take up to 48 hours to fully propagate across the internet, causing inconsistent deliverability during this period.
- SPF Record Update: Failing to update the SPF record to include AWS servers results in recipient servers rejecting emails from unauthorized sources.
- DKIM Configuration: Incorrect DKIM settings on the new AWS DNS server lead to authentication failures and reduced deliverability.
- SES Configuration: Proper setup of SPF, DKIM, and DMARC within AWS SES is vital.
- TTL Impact: TTL values influence DNS record caching and propagation speed; lowering TTL before changes can accelerate propagation, but should be raised again afterward.
Key considerations
- Allow Propagation Time: Allow sufficient time (up to 48 hours) for DNS changes to propagate fully.
- Update SPF Record: Update the SPF record to include AWS's servers as authorized senders.
- Configure DKIM: Properly configure DKIM on the AWS DNS server and ensure the corresponding TXT record is added.
- Verify SES Settings: Verify domain identity and set up SPF, DKIM, and DMARC records correctly within AWS SES.
- Manage TTL Values: Use a low TTL value before DNS changes to speed up propagation, but reset to a higher value afterwards to reduce DNS lookup times.
Technical article
Documentation from Cloudflare explains that the TTL (Time To Live) value on DNS records affects how long DNS resolvers cache the records. Setting a low TTL value before making DNS changes can help speed up propagation, but it's important to reset it to a higher value afterward to reduce DNS lookup times.
11 May 2025 - Cloudflare
Technical article
Documentation from Amazon describes how to properly configure Amazon Simple Email Service (SES) after delegating from SFMC. Verify domain identity, set up SPF, DKIM, and DMARC records correctly, and monitor sending limits and bounce rates to maintain good sender reputation.
29 Mar 2022 - Amazon Web Services
Are there email sending issues with AWS?
Besides Spamhaus, what blocklists are important for email marketers to monitor?
Do I need a Yahoo Sender Hub account for email deliverability?
How can I improve email deliverability and open rates for a client with a bad domain reputation, especially with Gmail, and what strategies should I use for unengaged users?
How can I improve my email and domain reputation and overall deliverability?
How do I warm up new IP addresses for email sending?
